system/modules/nixos/programs/browsers/default.nix

122 lines
3 KiB
Nix

{ config, pkgs, lib, ... }:
let
cfg = config.local.programs.browsers;
hostAddress = "192.168.7.10";
localAddress = "192.168.7.11";
hostRunBrowser = pkgs.writeScript "run-browser" ''
host=${localAddress}
if [ -z "$(ssh-keygen -F $host)" ]; then
ssh-keyscan -H $host >> ~/.ssh/known_hosts
fi
ssh -o PubkeyAuthentication=no kira@$host $@
'';
contPackages =
lib.optional cfg.tor-browser.enable cfg.tor-browser.package
++ lib.optional cfg.librewolf.enable cfg.librewolf.package
++ lib.optional cfg.mullvad-browser.enable cfg.mullvad-browser.package;
hostPackages = lib.flip map contPackages (p:
pkgs.writeScriptBin p.meta.mainProgram "${hostRunBrowser} ${p.meta.mainProgram}"
);
isEnable = cfg.tor-browser.enable or cfg.librewolf.enable;
in
{
imports = [
./tor-browser.nix
./mullvad-browser.nix
./librewolf.nix
];
config = lib.mkIf isEnable {
environment.systemPackages = hostPackages;
hardware.pulseaudio = {
systemWide = true;
support32Bit = true;
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
};
};
networking = {
firewall = {
allowedTCPPorts = [ 4713 ];
trustedInterfaces = [ "ve-*" ];
};
nat = {
enable = true;
internalInterfaces = [ "ve-browsers" ];
externalInterface = "wg0";
};
};
containers.browsers = {
autoStart = true;
ephemeral = true;
privateNetwork = true;
inherit hostAddress localAddress;
bindMounts = lib.mkMerge [
{
"/tmp/.X11-unix" = { };
"/etc/ssh/keys" = {
isReadOnly = false;
hostPath = "/etc/ssh/per-machine/browsers";
};
"/home/kira/Downloads" = {
isReadOnly = false;
hostPath = "/home/jan/downloads/browser";
};
}
(lib.mkIf cfg.librewolf.enable {
"/home/kira/.librewolf" = {
isReadOnly = false;
hostPath = "/home/jan/.librewolf";
};
})
];
config = { pkgs, ... }: {
system.stateVersion = "23.11";
services.openssh = {
enable = true;
settings.PasswordAuthentication = true;
hostKeys = [
{
bits = 4096;
path = "/etc/ssh/keys/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/etc/ssh/keys/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
users.users.kira = {
isNormalUser = true;
home = "/home/kira";
password = "hello";
extraGroups = [ "pulse-access" ];
packages = contPackages ++ [ pkgs.gnome.nautilus ];
};
environment.sessionVariables = {
DISPLAY = ":0";
PULSE_SERVER = "tcp:${hostAddress}:4713";
XAUTHORITY = "/home/kira/.Xauthority";
DBUS_SESSION_BUS_ADDRESS = "";
};
};
};
};
}