modules/communications: move skype and telegram to the containers
This commit is contained in:
parent
53f0af6bc8
commit
f6c855fe8a
7 changed files with 274 additions and 19 deletions
|
@ -49,6 +49,13 @@
|
|||
[ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true
|
||||
'';
|
||||
|
||||
local.programs.communication = {
|
||||
telegram = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.tdesktop;
|
||||
};
|
||||
};
|
||||
|
||||
containers.games = {
|
||||
autoStart = true;
|
||||
bindMounts = {
|
||||
|
|
|
@ -4,15 +4,22 @@
|
|||
let cfg = config.local.programs.communication; in
|
||||
{
|
||||
options.local.programs.communication = with lib; {
|
||||
simplex-chat.enable = mkEnableOption "SimplexChat";
|
||||
telegram.enable = mkEnableOption "tdesktop. telegram client";
|
||||
matrix.enable = mkEnableOption "nheko. matrix client";
|
||||
skype.enable = mkEnableOption "skype";
|
||||
simplex-chat = {
|
||||
enable = mkEnableOption "SimplexChat";
|
||||
package = mkPackageOption pkgs "simplex-chat-desktop" { };
|
||||
};
|
||||
matrix = {
|
||||
enable = mkEnableOption "nheko. matrix client";
|
||||
package = mkPackageOption pkgs "nheko" { };
|
||||
};
|
||||
tox = {
|
||||
enable = mkEnableOption "tox";
|
||||
package = mkPackageOption pkgs "qTox" { };
|
||||
};
|
||||
};
|
||||
|
||||
config.home.packages = with pkgs.unstable;
|
||||
lib.optional cfg.simplex-chat.enable simplex-chat-desktop
|
||||
++ lib.optional cfg.telegram.enable tdesktop
|
||||
++ lib.optional cfg.matrix.enable nheko
|
||||
++ lib.optional cfg.skype.enable skypeforlinux;
|
||||
config.home.packages =
|
||||
lib.optional cfg.simplex-chat.enable cfg.simplex-chat.package
|
||||
++ lib.optional cfg.matrix.enable cfg.matrix.package
|
||||
++ lib.optional cfg.tox.enable cfg.tox.package;
|
||||
}
|
||||
|
|
8
modules/nixos/programs/communication/default.nix
Normal file
8
modules/nixos/programs/communication/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./skype.nix
|
||||
./telegram.nix
|
||||
];
|
||||
}
|
118
modules/nixos/programs/communication/skype.nix
Normal file
118
modules/nixos/programs/communication/skype.nix
Normal file
|
@ -0,0 +1,118 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
|
||||
let
|
||||
cfg = config.local.programs.communication.skype;
|
||||
|
||||
hostAddress = "192.168.7.10";
|
||||
localAddress = "192.168.7.20";
|
||||
|
||||
hostRunPackage = pkgs.writeScript "cont-run" ''
|
||||
host=skype.containers
|
||||
if [ -z "$(ssh-keygen -F $host)" ]; then
|
||||
ssh-keyscan -H $host >> ~/.ssh/known_hosts
|
||||
fi
|
||||
ssh -o PubkeyAuthentication=no kira@$host $@
|
||||
'';
|
||||
|
||||
hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
|
||||
${hostRunPackage} ${cfg.package.meta.mainProgram} $@
|
||||
'';
|
||||
|
||||
hostSkype = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
|
||||
mkdir $out
|
||||
cp -r ${hostPackageScript}/bin $out/bin
|
||||
cp -r ${cfg.package}/share $out/share
|
||||
'';
|
||||
in
|
||||
{
|
||||
options.local.programs.communication.skype = with lib; {
|
||||
enable = mkEnableOption "skype";
|
||||
package = mkPackageOption pkgs "skypeforlinux" { };
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ hostSkype ];
|
||||
|
||||
hardware.pulseaudio = {
|
||||
systemWide = true;
|
||||
support32Bit = true;
|
||||
tcp = {
|
||||
enable = true;
|
||||
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 4713 ];
|
||||
trustedInterfaces = [ "ve-*" ];
|
||||
};
|
||||
nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-skype" ];
|
||||
externalInterface = "wg0";
|
||||
};
|
||||
};
|
||||
|
||||
containers.skype = {
|
||||
autoStart = true;
|
||||
ephemeral = true;
|
||||
|
||||
privateNetwork = true;
|
||||
inherit hostAddress localAddress;
|
||||
|
||||
bindMounts = {
|
||||
"/tmp/.X11-unix" = { };
|
||||
"/etc/ssh/keys" = {
|
||||
isReadOnly = false;
|
||||
hostPath = "/persistence/per-machine/skype/etc/ssh/keys";
|
||||
};
|
||||
"/run/opengl-driver/lib" = { };
|
||||
"/run/opengl-driver-32/lib" = { };
|
||||
};
|
||||
|
||||
config = { pkgs, ... }: {
|
||||
system.stateVersion = "23.11";
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
fonts = {
|
||||
inherit (config.fonts) enableDefaultPackages packages;
|
||||
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = true;
|
||||
MaxAuthTries = 2;
|
||||
};
|
||||
hostKeys = [
|
||||
{
|
||||
bits = 4096;
|
||||
path = "/etc/ssh/keys/ssh_host_rsa_key";
|
||||
type = "rsa";
|
||||
}
|
||||
{
|
||||
path = "/etc/ssh/keys/ssh_host_ed25519_key";
|
||||
type = "ed25519";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
users.users.kira = {
|
||||
isNormalUser = true;
|
||||
home = "/home/kira";
|
||||
password = "hello";
|
||||
extraGroups = [ "pulse-access" ];
|
||||
packages = [cfg.package];
|
||||
};
|
||||
|
||||
environment.sessionVariables = {
|
||||
DISPLAY = ":0";
|
||||
PULSE_SERVER = "tcp:${hostAddress}:4713";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
117
modules/nixos/programs/communication/telegram.nix
Normal file
117
modules/nixos/programs/communication/telegram.nix
Normal file
|
@ -0,0 +1,117 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
|
||||
let
|
||||
cfg = config.local.programs.communication.telegram;
|
||||
|
||||
hostAddress = "192.168.7.10";
|
||||
localAddress = "192.168.7.21";
|
||||
|
||||
hostRunPackage = pkgs.writeScript "cont-run" ''
|
||||
host=telegram.containers
|
||||
if [ -z "$(ssh-keygen -F $host)" ]; then
|
||||
ssh-keyscan -H $host >> ~/.ssh/known_hosts
|
||||
fi
|
||||
ssh -o PubkeyAuthentication=no kira@$host $@
|
||||
'';
|
||||
|
||||
hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
|
||||
${hostRunPackage} ${cfg.package.meta.mainProgram} $@
|
||||
'';
|
||||
|
||||
hostTelegram = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
|
||||
mkdir $out
|
||||
cp -r ${hostPackageScript}/bin $out/bin
|
||||
cp -r ${cfg.package}/share $out/share
|
||||
'';
|
||||
in
|
||||
{
|
||||
options.local.programs.communication.telegram = with lib; {
|
||||
enable = mkEnableOption "tdesktop. telegram client";
|
||||
package = mkPackageOption pkgs "tdesktop" { };
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ hostTelegram ];
|
||||
|
||||
hardware.pulseaudio = {
|
||||
systemWide = true;
|
||||
support32Bit = true;
|
||||
tcp = {
|
||||
enable = true;
|
||||
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 4713 ];
|
||||
trustedInterfaces = [ "ve-*" ];
|
||||
};
|
||||
nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-telegram" ];
|
||||
externalInterface = "wg0";
|
||||
};
|
||||
};
|
||||
|
||||
containers.telegram = {
|
||||
autoStart = true;
|
||||
ephemeral = true;
|
||||
|
||||
privateNetwork = true;
|
||||
inherit hostAddress localAddress;
|
||||
|
||||
bindMounts = {
|
||||
"/tmp/.X11-unix" = { };
|
||||
"/etc/ssh/keys" = {
|
||||
isReadOnly = false;
|
||||
hostPath = "/persistence/per-machine/telegram/etc/ssh/keys";
|
||||
};
|
||||
"/run/opengl-driver/lib" = { };
|
||||
"/run/opengl-driver-32/lib" = { };
|
||||
};
|
||||
|
||||
config = { pkgs, ... }: {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
fonts = {
|
||||
inherit (config.fonts) enableDefaultPackages packages;
|
||||
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = true;
|
||||
MaxAuthTries = 2;
|
||||
};
|
||||
hostKeys = [
|
||||
{
|
||||
bits = 4096;
|
||||
path = "/etc/ssh/keys/ssh_host_rsa_key";
|
||||
type = "rsa";
|
||||
}
|
||||
{
|
||||
path = "/etc/ssh/keys/ssh_host_ed25519_key";
|
||||
type = "ed25519";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
users.users.kira = {
|
||||
isNormalUser = true;
|
||||
home = "/home/kira";
|
||||
password = "hello";
|
||||
extraGroups = [ "pulse-access" ];
|
||||
packages = [cfg.package];
|
||||
};
|
||||
|
||||
environment.sessionVariables = {
|
||||
DISPLAY = ":0";
|
||||
PULSE_SERVER = "tcp:${hostAddress}:4713";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -99,9 +99,14 @@
|
|||
local.programs.aerc.enable = lib.mkDefault true;
|
||||
|
||||
local.programs.communication = {
|
||||
telegram.enable = lib.mkDefault true;
|
||||
matrix.enable = lib.mkDefault true;
|
||||
simplex-chat.enable = lib.mkDefault (config.local.system.kernel != "hardened");
|
||||
matrix = {
|
||||
enable = lib.mkDefault false;
|
||||
package = pkgs.unstable.nheko;
|
||||
};
|
||||
tox = {
|
||||
enable = lib.mkDefault true;
|
||||
package = pkgs.unstable.qTox;
|
||||
};
|
||||
};
|
||||
|
||||
local.programs.dev-tools = {
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
inputs.wired.overlays.default
|
||||
];
|
||||
|
||||
local.nix.allowUnfreePackages = [ "skypeforlinux" ];
|
||||
|
||||
programs.zsh.enable = true;
|
||||
|
||||
age.secrets.users-nas-passfile.file = ./users-nas-passfile.age;
|
||||
|
@ -44,11 +42,6 @@
|
|||
|
||||
local.programs.file-managers.nautilus.enable = lib.mkDefault true;
|
||||
|
||||
local.programs.communication = {
|
||||
telegram.enable = lib.mkDefault true;
|
||||
skype.enable = lib.mkDefault true;
|
||||
};
|
||||
|
||||
local.programs.share-files.croc.enable = lib.mkDefault true;
|
||||
|
||||
local.programs.flameshot.enable = lib.mkDefault true;
|
||||
|
|
Loading…
Reference in a new issue