host/shared: move tor-browser to the container
This commit is contained in:
parent
d7a8402507
commit
5ae4c7f83a
3 changed files with 72 additions and 4 deletions
|
@ -71,10 +71,6 @@
|
|||
bind.dnsutils
|
||||
kubo # ipfs
|
||||
|
||||
# browsers
|
||||
# ungoogled-chromium
|
||||
tor-browser-bundle-bin
|
||||
|
||||
woodpecker-cli
|
||||
|
||||
# games
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
../../shared/garbage-collector.nix
|
||||
../../shared/networking.secret.nix
|
||||
../../shared/encrypted-dns.nix
|
||||
../../shared/tor-browser.nix
|
||||
];
|
||||
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [
|
||||
|
|
71
nixos/shared/tor-browser.nix
Normal file
71
nixos/shared/tor-browser.nix
Normal file
|
@ -0,0 +1,71 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
data = import ../../data.nix;
|
||||
|
||||
torBrowser = pkgs.tor-browser-bundle-bin.override {
|
||||
mediaSupport = true;
|
||||
pulseaudioSupport = true;
|
||||
};
|
||||
|
||||
hostRunTorBrowser = pkgs.writeScriptBin "run-tor-browser" ''
|
||||
set -x
|
||||
${pkgs.socat}/bin/socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 &
|
||||
${pkgs.xorg.xhost}/bin/xhost +
|
||||
ssh -X browser@192.168.7.11 run-tor-browser
|
||||
'';
|
||||
|
||||
clientRunTorBrowser = pkgs.writeScriptBin "run-tor-browser" ''
|
||||
set -x
|
||||
PULSE_SERVER=tcp:192.168.7.10:4713 \
|
||||
XAUTHORITY="/home/browser/.Xauthority" \
|
||||
DBUS_SESSION_BUS_ADDRESS="" \
|
||||
DISPLAY=192.168.7.10:0.0 \
|
||||
${pkgs.apulse}/bin/apulse tor-browser $@
|
||||
'';
|
||||
in
|
||||
{
|
||||
environment.systemPackages = [ hostRunTorBrowser ];
|
||||
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
support32Bit = true;
|
||||
tcp = {
|
||||
enable = true;
|
||||
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [ 4713 6000 ];
|
||||
nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-browser" ];
|
||||
externalInterface = "wg0";
|
||||
};
|
||||
};
|
||||
|
||||
containers.browser = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.7.10";
|
||||
localAddress = "192.168.7.11";
|
||||
|
||||
config = { config, pkgs, ... }: {
|
||||
system.stateVersion = "23.11";
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.X11Forwarding = true;
|
||||
};
|
||||
|
||||
users.extraUsers.browser = {
|
||||
isNormalUser = true;
|
||||
home = "/home/browser";
|
||||
openssh.authorizedKeys.keys = data.publicKeys.users.jan;
|
||||
extraGroups = [ "audio" "video" ];
|
||||
packages = [ clientRunTorBrowser torBrowser ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue