modules/communications: move skype and telegram to the containers

This commit is contained in:
Dmitriy Pleshevskiy 2024-09-05 18:45:09 +03:00
parent 53f0af6bc8
commit f6c855fe8a
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2
7 changed files with 274 additions and 19 deletions

View file

@ -49,6 +49,13 @@
[ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true
'';
local.programs.communication = {
telegram = {
enable = true;
package = pkgs.unstable.tdesktop;
};
};
containers.games = {
autoStart = true;
bindMounts = {

View file

@ -4,15 +4,22 @@
let cfg = config.local.programs.communication; in
{
options.local.programs.communication = with lib; {
simplex-chat.enable = mkEnableOption "SimplexChat";
telegram.enable = mkEnableOption "tdesktop. telegram client";
matrix.enable = mkEnableOption "nheko. matrix client";
skype.enable = mkEnableOption "skype";
simplex-chat = {
enable = mkEnableOption "SimplexChat";
package = mkPackageOption pkgs "simplex-chat-desktop" { };
};
matrix = {
enable = mkEnableOption "nheko. matrix client";
package = mkPackageOption pkgs "nheko" { };
};
tox = {
enable = mkEnableOption "tox";
package = mkPackageOption pkgs "qTox" { };
};
};
config.home.packages = with pkgs.unstable;
lib.optional cfg.simplex-chat.enable simplex-chat-desktop
++ lib.optional cfg.telegram.enable tdesktop
++ lib.optional cfg.matrix.enable nheko
++ lib.optional cfg.skype.enable skypeforlinux;
config.home.packages =
lib.optional cfg.simplex-chat.enable cfg.simplex-chat.package
++ lib.optional cfg.matrix.enable cfg.matrix.package
++ lib.optional cfg.tox.enable cfg.tox.package;
}

View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./skype.nix
./telegram.nix
];
}

View file

@ -0,0 +1,118 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.communication.skype;
hostAddress = "192.168.7.10";
localAddress = "192.168.7.20";
hostRunPackage = pkgs.writeScript "cont-run" ''
host=skype.containers
if [ -z "$(ssh-keygen -F $host)" ]; then
ssh-keyscan -H $host >> ~/.ssh/known_hosts
fi
ssh -o PubkeyAuthentication=no kira@$host $@
'';
hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
${hostRunPackage} ${cfg.package.meta.mainProgram} $@
'';
hostSkype = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
mkdir $out
cp -r ${hostPackageScript}/bin $out/bin
cp -r ${cfg.package}/share $out/share
'';
in
{
options.local.programs.communication.skype = with lib; {
enable = mkEnableOption "skype";
package = mkPackageOption pkgs "skypeforlinux" { };
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ hostSkype ];
hardware.pulseaudio = {
systemWide = true;
support32Bit = true;
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
};
};
networking = {
firewall = {
allowedTCPPorts = [ 4713 ];
trustedInterfaces = [ "ve-*" ];
};
nat = {
enable = true;
internalInterfaces = [ "ve-skype" ];
externalInterface = "wg0";
};
};
containers.skype = {
autoStart = true;
ephemeral = true;
privateNetwork = true;
inherit hostAddress localAddress;
bindMounts = {
"/tmp/.X11-unix" = { };
"/etc/ssh/keys" = {
isReadOnly = false;
hostPath = "/persistence/per-machine/skype/etc/ssh/keys";
};
"/run/opengl-driver/lib" = { };
"/run/opengl-driver-32/lib" = { };
};
config = { pkgs, ... }: {
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
fonts = {
inherit (config.fonts) enableDefaultPackages packages;
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = true;
MaxAuthTries = 2;
};
hostKeys = [
{
bits = 4096;
path = "/etc/ssh/keys/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/etc/ssh/keys/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
users.users.kira = {
isNormalUser = true;
home = "/home/kira";
password = "hello";
extraGroups = [ "pulse-access" ];
packages = [cfg.package];
};
environment.sessionVariables = {
DISPLAY = ":0";
PULSE_SERVER = "tcp:${hostAddress}:4713";
};
};
};
};
}

View file

@ -0,0 +1,117 @@
{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.communication.telegram;
hostAddress = "192.168.7.10";
localAddress = "192.168.7.21";
hostRunPackage = pkgs.writeScript "cont-run" ''
host=telegram.containers
if [ -z "$(ssh-keygen -F $host)" ]; then
ssh-keyscan -H $host >> ~/.ssh/known_hosts
fi
ssh -o PubkeyAuthentication=no kira@$host $@
'';
hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
${hostRunPackage} ${cfg.package.meta.mainProgram} $@
'';
hostTelegram = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
mkdir $out
cp -r ${hostPackageScript}/bin $out/bin
cp -r ${cfg.package}/share $out/share
'';
in
{
options.local.programs.communication.telegram = with lib; {
enable = mkEnableOption "tdesktop. telegram client";
package = mkPackageOption pkgs "tdesktop" { };
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ hostTelegram ];
hardware.pulseaudio = {
systemWide = true;
support32Bit = true;
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
};
};
networking = {
firewall = {
allowedTCPPorts = [ 4713 ];
trustedInterfaces = [ "ve-*" ];
};
nat = {
enable = true;
internalInterfaces = [ "ve-telegram" ];
externalInterface = "wg0";
};
};
containers.telegram = {
autoStart = true;
ephemeral = true;
privateNetwork = true;
inherit hostAddress localAddress;
bindMounts = {
"/tmp/.X11-unix" = { };
"/etc/ssh/keys" = {
isReadOnly = false;
hostPath = "/persistence/per-machine/telegram/etc/ssh/keys";
};
"/run/opengl-driver/lib" = { };
"/run/opengl-driver-32/lib" = { };
};
config = { pkgs, ... }: {
system.stateVersion = "23.11";
fonts = {
inherit (config.fonts) enableDefaultPackages packages;
fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = true;
MaxAuthTries = 2;
};
hostKeys = [
{
bits = 4096;
path = "/etc/ssh/keys/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/etc/ssh/keys/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
users.users.kira = {
isNormalUser = true;
home = "/home/kira";
password = "hello";
extraGroups = [ "pulse-access" ];
packages = [cfg.package];
};
environment.sessionVariables = {
DISPLAY = ":0";
PULSE_SERVER = "tcp:${hostAddress}:4713";
};
};
};
};
}

View file

@ -99,9 +99,14 @@
local.programs.aerc.enable = lib.mkDefault true;
local.programs.communication = {
telegram.enable = lib.mkDefault true;
matrix.enable = lib.mkDefault true;
simplex-chat.enable = lib.mkDefault (config.local.system.kernel != "hardened");
matrix = {
enable = lib.mkDefault false;
package = pkgs.unstable.nheko;
};
tox = {
enable = lib.mkDefault true;
package = pkgs.unstable.qTox;
};
};
local.programs.dev-tools = {

View file

@ -5,8 +5,6 @@
inputs.wired.overlays.default
];
local.nix.allowUnfreePackages = [ "skypeforlinux" ];
programs.zsh.enable = true;
age.secrets.users-nas-passfile.file = ./users-nas-passfile.age;
@ -44,11 +42,6 @@
local.programs.file-managers.nautilus.enable = lib.mkDefault true;
local.programs.communication = {
telegram.enable = lib.mkDefault true;
skype.enable = lib.mkDefault true;
};
local.programs.share-files.croc.enable = lib.mkDefault true;
local.programs.flameshot.enable = lib.mkDefault true;