update syncthing id

2024-06-24 10:01:15 +02:00
parent ec28c29b9f
commit 3d7b43c583
8 changed files with 76 additions and 20 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -99,6 +99,7 @@
            vars = import ./systems/userdata-default.nix
              // import ./systems/laptop/userdata.nix;
            pkgsVersion = nixpkgs-unstable;
+            home-manager-version = home-manager-unstable;
            inherit nix-colors;
          };
          modules = [
--- a/modules/collections/laptop.nix
+++ b/modules/collections/laptop.nix
@@ -12,7 +12,10 @@
      ld.enable = true;
      settings.enable = true;
    };
-    misc = { podman.enable = true; };
+    misc = {
+      podman.enable = true;
+      firejail.enable = true;
+    };
    hardware = {
      firmware.enable = true;
      ssd.enable = true;
@@ -34,4 +37,9 @@
      shared.enable = true;
    };
  };
+  programs.firejail.wrappedBinaries = with pkgs;
+    let inherit (config.custom.misc.firejail) mk;
+    in lib.mkMerge [
+      (mk "Discord" { pkg = discord; })
+    ];
 }
--- a/modules/misc/default.nix
+++ b/modules/misc/default.nix
@@ -4,6 +4,7 @@
    ./packages-list.nix
    ./backup.nix
    ./btrfs.nix
+    ./firejail.nix
    ./cli-tools.nix
    ./docker.nix
    ./nftables.nix
--- a/modules/misc/firejail.nix
+++ b/modules/misc/firejail.nix
@@ -0,0 +1,28 @@
+{ lib, config, pkgs, ... }:
+
+let cfg = config.custom.misc.firejail;
+in {
+  options.custom.misc.firejail = {
+    enable = lib.mkEnableOption "Enables firejail";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.firejail;
+      description = "Firejail package used";
+      readOnly = true; # is a constant from the upstream NixOS module for now
+    };
+    mk = lib.mkOption {
+      readOnly = true;
+      description = "Utility function to make a wrappedBinaries entry";
+      default = name:
+        { pkg, profile ? name, bin ? name }: {
+          ${bin} = {
+            executable = "${lib.getBin pkg}/bin/${bin}";
+            profile =
+              "${config.custom.misc.firejail.package}/etc/firejail/${profile}.profile";
+          };
+        };
+    };
+  };
+
+  config = lib.mkIf cfg.enable { programs.firejail.enable = true; };
+}
--- a/modules/services/syncthing.nix
+++ b/modules/services/syncthing.nix
@@ -1,11 +1,8 @@
 { config, pkgs, lib, ... }:
-let
-  basePath = "/synced";
-in 
-{
-  systemd.tmpfiles.rules = [
-      "d ${basePath} 0700 ${config.mainUser.name} users -"
-  ];
+let basePath = "/synced";
+in {
+  systemd.tmpfiles.rules =
+    [ "d ${basePath} 0700 ${config.mainUser.name} users -" ];

  # check device id: syncthing cli --gui-address=/synced/gui-socket --gui-apikey=<key> show system
  environment.systemPackages = with pkgs; [ syncthing ];
@@ -27,46 +24,56 @@ in

      devices = {
        kop-pc = {
-          id = "DZKIUS7-WCGTYEV-4OKVSZU-MIVL2NC-N45AKZL-ABT3VN2-I7RXUMF-RF4CYAU";
+          id =
+            "DZKIUS7-WCGTYEV-4OKVSZU-MIVL2NC-N45AKZL-ABT3VN2-I7RXUMF-RF4CYAU";
          addresses = [ "tcp://192.168.0.11" ];
        };
        server = {
-          id = "HZUUQEQ-JOKYHTU-AVFVC3U-7KUAXVC-QY3OJTF-HGU7RZ3-5HA5TOE-VT4FNQB";
+          id =
+            "HZUUQEQ-JOKYHTU-AVFVC3U-7KUAXVC-QY3OJTF-HGU7RZ3-5HA5TOE-VT4FNQB";
          addresses = [ "tcp://192.168.0.6" "tcp://192.168.2.1" ];
        };
        mini-pc = {
-          id = "NKRWOR6-2YNLVY5-GH6TG7T-V3M4VHD-OFS4XR3-Q45CALD-JVSIBKU-JZBGRQ3";
+          id =
+            "NKRWOR6-2YNLVY5-GH6TG7T-V3M4VHD-OFS4XR3-Q45CALD-JVSIBKU-JZBGRQ3";
+          addresses = [ "tcp://192.168.0.10" "tcp://192.168.2.1" ];
+        };
+        mini-pc-proxmox = {
+          id =
+            "FK3DW4B-6Y7C25O-IDBSOMV-GOUSWZW-KQR7ELS-QUKS4UR-AFZXLZE-67QJXAX";
          addresses = [ "tcp://192.168.0.10" "tcp://192.168.2.1" ];
        };
        laptop = {
-          id = "5T6Y3WO-FOQYYFQ-5MLNDSZ-7APIDUG-6KM2ZZM-RTRXMWX-MCZKLMH-BYNDJAQ";
+          id =
+            "5T6Y3WO-FOQYYFQ-5MLNDSZ-7APIDUG-6KM2ZZM-RTRXMWX-MCZKLMH-BYNDJAQ";
          addresses = [ "tcp://192.168.2.22" ];
        };
        phone = {
-          id = "XFQ7MV6-MKBYQXH-WGYVQUB-BYJJPFJ-HJTNZEP-PXWAMYY-DMADWSU-PQOTVAI";
+          id =
+            "XFQ7MV6-MKBYQXH-WGYVQUB-BYJJPFJ-HJTNZEP-PXWAMYY-DMADWSU-PQOTVAI";
          addresses = [ "tcp://192.168.0.15" "tcp://192.168.2.20" ];
        };
      };
-
      folders."${basePath}/default" = {
        id = "default";
-        devices = [ "kop-pc" "server" "laptop" "mini-pc" "phone" ];
+        devices =
+          [ "kop-pc" "server" "laptop" "mini-pc" "mini-pc-proxmox" "phone" ];
        ignorePerms = false;
      };

      folders."${basePath}/books" = {
        id = "books";
-        devices = [ "kop-pc" "server" "laptop" "mini-pc" ];
+        devices = [ "kop-pc" "server" "laptop" "mini-pc" "mini-pc-proxmox" ];
      };

      folders."${basePath}/fh" = {
        id = "fh";
-        devices = [ "kop-pc" "server" "laptop" "mini-pc" ];
+        devices = [ "kop-pc" "server" "laptop" "mini-pc" "mini-pc-proxmox" ];
      };

      folders."${basePath}/work_drive" = {
        id = "work_drive";
-        devices = [ "kop-pc" "server" "laptop" "mini-pc" ];
+        devices = [ "kop-pc" "server" "laptop" "mini-pc" "mini-pc-proxmox" ];
      };
    };
  };
--- a/pkgs/test-docker.nix
+++ b/pkgs/test-docker.nix
@@ -0,0 +1,9 @@
+{ dockerTools, hello }:
+dockerTools.buildLayeredImage {
+  name = "hello";
+  tag = "latest";
+
+  contents = [ hello ];
+
+  config.Cmd = [ "/bin/hello" ];
+}
--- a/systems/laptop/configuration.nix
+++ b/systems/laptop/configuration.nix
@@ -10,6 +10,8 @@
 	#<home-manager/nixos>
    ];

+
+  nixpkgs.config.permittedInsecurePackages = [ "electron-27.3.11" ];
  services.blueman.enable = true;

  hardware.bluetooth.enable = true; # enables support for Bluetooth
--- a/users/kopatz/default.nix
+++ b/users/kopatz/default.nix
@@ -24,7 +24,7 @@
    shell = pkgs.zsh;
    extraGroups = [ "networkmanager" "wheel" "docker" ];
    packages = with pkgs; [
-      discord
+      #discord
      brave
    ];
    openssh.authorizedKeys.keys = [ config.mainUser.sshKey ];