From f6c855fe8a7ad381ab361ff76b4f10e634382321 Mon Sep 17 00:00:00 2001 From: Dmitriy Pleshevskiy Date: Thu, 5 Sep 2024 18:45:09 +0300 Subject: [PATCH] modules/communications: move skype and telegram to the containers --- hosts/home/configuration.nix | 7 ++ .../home-manager/programs/communication.nix | 25 ++-- .../nixos/programs/communication/default.nix | 8 ++ .../nixos/programs/communication/skype.nix | 118 ++++++++++++++++++ .../nixos/programs/communication/telegram.nix | 117 +++++++++++++++++ users/jan/default.nix | 11 +- users/nas/default.nix | 7 -- 7 files changed, 274 insertions(+), 19 deletions(-) create mode 100644 modules/nixos/programs/communication/default.nix create mode 100644 modules/nixos/programs/communication/skype.nix create mode 100644 modules/nixos/programs/communication/telegram.nix diff --git a/hosts/home/configuration.nix b/hosts/home/configuration.nix index 84bdc5c..0601efb 100644 --- a/hosts/home/configuration.nix +++ b/hosts/home/configuration.nix @@ -49,6 +49,13 @@ [ -n "$DISPLAY" ] && ${pkgs.xorg.xhost}/bin/xhost +local: > /dev/null || true ''; + local.programs.communication = { + telegram = { + enable = true; + package = pkgs.unstable.tdesktop; + }; + }; + containers.games = { autoStart = true; bindMounts = { diff --git a/modules/home-manager/programs/communication.nix b/modules/home-manager/programs/communication.nix index 52a2609..a03116e 100644 --- a/modules/home-manager/programs/communication.nix +++ b/modules/home-manager/programs/communication.nix @@ -4,15 +4,22 @@ let cfg = config.local.programs.communication; in { options.local.programs.communication = with lib; { - simplex-chat.enable = mkEnableOption "SimplexChat"; - telegram.enable = mkEnableOption "tdesktop. telegram client"; - matrix.enable = mkEnableOption "nheko. matrix client"; - skype.enable = mkEnableOption "skype"; + simplex-chat = { + enable = mkEnableOption "SimplexChat"; + package = mkPackageOption pkgs "simplex-chat-desktop" { }; + }; + matrix = { + enable = mkEnableOption "nheko. matrix client"; + package = mkPackageOption pkgs "nheko" { }; + }; + tox = { + enable = mkEnableOption "tox"; + package = mkPackageOption pkgs "qTox" { }; + }; }; - config.home.packages = with pkgs.unstable; - lib.optional cfg.simplex-chat.enable simplex-chat-desktop - ++ lib.optional cfg.telegram.enable tdesktop - ++ lib.optional cfg.matrix.enable nheko - ++ lib.optional cfg.skype.enable skypeforlinux; + config.home.packages = + lib.optional cfg.simplex-chat.enable cfg.simplex-chat.package + ++ lib.optional cfg.matrix.enable cfg.matrix.package + ++ lib.optional cfg.tox.enable cfg.tox.package; } diff --git a/modules/nixos/programs/communication/default.nix b/modules/nixos/programs/communication/default.nix new file mode 100644 index 0000000..9a842b6 --- /dev/null +++ b/modules/nixos/programs/communication/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./skype.nix + ./telegram.nix + ]; +} diff --git a/modules/nixos/programs/communication/skype.nix b/modules/nixos/programs/communication/skype.nix new file mode 100644 index 0000000..da66926 --- /dev/null +++ b/modules/nixos/programs/communication/skype.nix @@ -0,0 +1,118 @@ +{ config, pkgs, lib, ... }: + + +let + cfg = config.local.programs.communication.skype; + + hostAddress = "192.168.7.10"; + localAddress = "192.168.7.20"; + + hostRunPackage = pkgs.writeScript "cont-run" '' + host=skype.containers + if [ -z "$(ssh-keygen -F $host)" ]; then + ssh-keyscan -H $host >> ~/.ssh/known_hosts + fi + ssh -o PubkeyAuthentication=no kira@$host $@ + ''; + + hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" '' + ${hostRunPackage} ${cfg.package.meta.mainProgram} $@ + ''; + + hostSkype = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } '' + mkdir $out + cp -r ${hostPackageScript}/bin $out/bin + cp -r ${cfg.package}/share $out/share + ''; +in +{ + options.local.programs.communication.skype = with lib; { + enable = mkEnableOption "skype"; + package = mkPackageOption pkgs "skypeforlinux" { }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ hostSkype ]; + + hardware.pulseaudio = { + systemWide = true; + support32Bit = true; + tcp = { + enable = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ]; + }; + }; + + networking = { + firewall = { + allowedTCPPorts = [ 4713 ]; + trustedInterfaces = [ "ve-*" ]; + }; + nat = { + enable = true; + internalInterfaces = [ "ve-skype" ]; + externalInterface = "wg0"; + }; + }; + + containers.skype = { + autoStart = true; + ephemeral = true; + + privateNetwork = true; + inherit hostAddress localAddress; + + bindMounts = { + "/tmp/.X11-unix" = { }; + "/etc/ssh/keys" = { + isReadOnly = false; + hostPath = "/persistence/per-machine/skype/etc/ssh/keys"; + }; + "/run/opengl-driver/lib" = { }; + "/run/opengl-driver-32/lib" = { }; + }; + + config = { pkgs, ... }: { + system.stateVersion = "23.11"; + nixpkgs.config.allowUnfree = true; + + fonts = { + inherit (config.fonts) enableDefaultPackages packages; + fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; }; + }; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = true; + MaxAuthTries = 2; + }; + hostKeys = [ + { + bits = 4096; + path = "/etc/ssh/keys/ssh_host_rsa_key"; + type = "rsa"; + } + { + path = "/etc/ssh/keys/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + }; + + users.users.kira = { + isNormalUser = true; + home = "/home/kira"; + password = "hello"; + extraGroups = [ "pulse-access" ]; + packages = [cfg.package]; + }; + + environment.sessionVariables = { + DISPLAY = ":0"; + PULSE_SERVER = "tcp:${hostAddress}:4713"; + }; + }; + }; + }; +} diff --git a/modules/nixos/programs/communication/telegram.nix b/modules/nixos/programs/communication/telegram.nix new file mode 100644 index 0000000..a0a9ba6 --- /dev/null +++ b/modules/nixos/programs/communication/telegram.nix @@ -0,0 +1,117 @@ +{ config, pkgs, lib, ... }: + + +let + cfg = config.local.programs.communication.telegram; + + hostAddress = "192.168.7.10"; + localAddress = "192.168.7.21"; + + hostRunPackage = pkgs.writeScript "cont-run" '' + host=telegram.containers + if [ -z "$(ssh-keygen -F $host)" ]; then + ssh-keyscan -H $host >> ~/.ssh/known_hosts + fi + ssh -o PubkeyAuthentication=no kira@$host $@ + ''; + + hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" '' + ${hostRunPackage} ${cfg.package.meta.mainProgram} $@ + ''; + + hostTelegram = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } '' + mkdir $out + cp -r ${hostPackageScript}/bin $out/bin + cp -r ${cfg.package}/share $out/share + ''; +in +{ + options.local.programs.communication.telegram = with lib; { + enable = mkEnableOption "tdesktop. telegram client"; + package = mkPackageOption pkgs "tdesktop" { }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ hostTelegram ]; + + hardware.pulseaudio = { + systemWide = true; + support32Bit = true; + tcp = { + enable = true; + anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ]; + }; + }; + + networking = { + firewall = { + allowedTCPPorts = [ 4713 ]; + trustedInterfaces = [ "ve-*" ]; + }; + nat = { + enable = true; + internalInterfaces = [ "ve-telegram" ]; + externalInterface = "wg0"; + }; + }; + + containers.telegram = { + autoStart = true; + ephemeral = true; + + privateNetwork = true; + inherit hostAddress localAddress; + + bindMounts = { + "/tmp/.X11-unix" = { }; + "/etc/ssh/keys" = { + isReadOnly = false; + hostPath = "/persistence/per-machine/telegram/etc/ssh/keys"; + }; + "/run/opengl-driver/lib" = { }; + "/run/opengl-driver-32/lib" = { }; + }; + + config = { pkgs, ... }: { + system.stateVersion = "23.11"; + + fonts = { + inherit (config.fonts) enableDefaultPackages packages; + fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; }; + }; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = true; + MaxAuthTries = 2; + }; + hostKeys = [ + { + bits = 4096; + path = "/etc/ssh/keys/ssh_host_rsa_key"; + type = "rsa"; + } + { + path = "/etc/ssh/keys/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + }; + + users.users.kira = { + isNormalUser = true; + home = "/home/kira"; + password = "hello"; + extraGroups = [ "pulse-access" ]; + packages = [cfg.package]; + }; + + environment.sessionVariables = { + DISPLAY = ":0"; + PULSE_SERVER = "tcp:${hostAddress}:4713"; + }; + }; + }; + }; +} diff --git a/users/jan/default.nix b/users/jan/default.nix index e5a718d..efe797b 100644 --- a/users/jan/default.nix +++ b/users/jan/default.nix @@ -99,9 +99,14 @@ local.programs.aerc.enable = lib.mkDefault true; local.programs.communication = { - telegram.enable = lib.mkDefault true; - matrix.enable = lib.mkDefault true; - simplex-chat.enable = lib.mkDefault (config.local.system.kernel != "hardened"); + matrix = { + enable = lib.mkDefault false; + package = pkgs.unstable.nheko; + }; + tox = { + enable = lib.mkDefault true; + package = pkgs.unstable.qTox; + }; }; local.programs.dev-tools = { diff --git a/users/nas/default.nix b/users/nas/default.nix index 0b920ff..27575ea 100644 --- a/users/nas/default.nix +++ b/users/nas/default.nix @@ -5,8 +5,6 @@ inputs.wired.overlays.default ]; - local.nix.allowUnfreePackages = [ "skypeforlinux" ]; - programs.zsh.enable = true; age.secrets.users-nas-passfile.file = ./users-nas-passfile.age; @@ -44,11 +42,6 @@ local.programs.file-managers.nautilus.enable = lib.mkDefault true; - local.programs.communication = { - telegram.enable = lib.mkDefault true; - skype.enable = lib.mkDefault true; - }; - local.programs.share-files.croc.enable = lib.mkDefault true; local.programs.flameshot.enable = lib.mkDefault true;