122 lines
3 KiB
Nix
122 lines
3 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
let
|
|
cfg = config.local.programs.browsers;
|
|
|
|
hostAddress = "192.168.7.10";
|
|
localAddress = "192.168.7.11";
|
|
|
|
hostRunBrowser = pkgs.writeScript "run-browser" ''
|
|
host=${localAddress}
|
|
if [ -z "$(ssh-keygen -F $host)" ]; then
|
|
ssh-keyscan -H $host >> ~/.ssh/known_hosts
|
|
fi
|
|
ssh -o PubkeyAuthentication=no kira@$host $@
|
|
'';
|
|
|
|
contPackages =
|
|
lib.optional cfg.tor-browser.enable cfg.tor-browser.package
|
|
++ lib.optional cfg.librewolf.enable cfg.librewolf.package
|
|
++ lib.optional cfg.mullvad-browser.enable cfg.mullvad-browser.package;
|
|
|
|
hostPackages = lib.flip map contPackages (p:
|
|
pkgs.writeScriptBin p.meta.mainProgram "${hostRunBrowser} ${p.meta.mainProgram}"
|
|
);
|
|
|
|
isEnable = cfg.tor-browser.enable or cfg.librewolf.enable;
|
|
in
|
|
{
|
|
imports = [
|
|
./tor-browser.nix
|
|
./mullvad-browser.nix
|
|
./librewolf.nix
|
|
];
|
|
|
|
config = lib.mkIf isEnable {
|
|
environment.systemPackages = hostPackages;
|
|
|
|
hardware.pulseaudio = {
|
|
systemWide = true;
|
|
support32Bit = true;
|
|
tcp = {
|
|
enable = true;
|
|
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
firewall = {
|
|
allowedTCPPorts = [ 4713 ];
|
|
trustedInterfaces = [ "ve-*" ];
|
|
};
|
|
nat = {
|
|
enable = true;
|
|
internalInterfaces = [ "ve-browsers" ];
|
|
externalInterface = "wg0";
|
|
};
|
|
};
|
|
|
|
containers.browsers = {
|
|
autoStart = true;
|
|
ephemeral = true;
|
|
|
|
privateNetwork = true;
|
|
inherit hostAddress localAddress;
|
|
|
|
bindMounts = lib.mkMerge [
|
|
{
|
|
"/tmp/.X11-unix" = { };
|
|
"/etc/ssh/keys" = {
|
|
isReadOnly = false;
|
|
hostPath = "/etc/ssh/per-machine/browsers";
|
|
};
|
|
"/home/kira/Downloads" = {
|
|
isReadOnly = false;
|
|
hostPath = "/home/jan/downloads/browser";
|
|
};
|
|
}
|
|
(lib.mkIf cfg.librewolf.enable {
|
|
"/home/kira/.librewolf" = {
|
|
isReadOnly = false;
|
|
hostPath = "/home/jan/.librewolf";
|
|
};
|
|
})
|
|
];
|
|
|
|
config = { pkgs, ... }: {
|
|
system.stateVersion = "23.11";
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = true;
|
|
hostKeys = [
|
|
{
|
|
bits = 4096;
|
|
path = "/etc/ssh/keys/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
}
|
|
{
|
|
path = "/etc/ssh/keys/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
];
|
|
};
|
|
|
|
users.users.kira = {
|
|
isNormalUser = true;
|
|
home = "/home/kira";
|
|
password = "hello";
|
|
extraGroups = [ "pulse-access" ];
|
|
packages = contPackages ++ [ pkgs.gnome.nautilus ];
|
|
};
|
|
|
|
environment.sessionVariables = {
|
|
DISPLAY = ":0";
|
|
PULSE_SERVER = "tcp:${hostAddress}:4713";
|
|
XAUTHORITY = "/home/kira/.Xauthority";
|
|
DBUS_SESSION_BUS_ADDRESS = "";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|