Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Make the firewall managed completely on the server

Browse source
This commit is contained in:
Jimbo 2024-08-12 03:28:24 -04:00
parent 2260afc205
commit 5c1ec4d677
2 changed files with 168 additions and 203 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
PC/configuration.nix
View file

@ -39,6 +39,10 @@ in
inherit pkgs; inherit pkgs;
config.allowUnfree = true; config.allowUnfree = true;
}; };
nur = import (builtins.fetchTarball
"https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
}; };
}; };
@ -102,12 +106,12 @@ in
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Enable the Nouveau drivers # Enable the Nouveau drivers
services.xserver.videoDrivers = [ "nouveau" ]; services.xserver.videoDrivers = [ "nvidia" ];
#hardware.nvidia = { hardware.nvidia = {
# modesetting.enable = true; modesetting.enable = true;
# nvidiaSettings = false; nvidiaSettings = false;
# package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.beta;
#}; };
# Enable a permissioning system # Enable a permissioning system
security = { security = {
@ -174,8 +178,6 @@ in
enable = true; enable = true;
driSupport = true; driSupport = true;
driSupport32Bit = true; driSupport32Bit = true;
package = pkgs.unstable.mesa.drivers;
package32 = pkgs.unstable.pkgsi686Linux.mesa.drivers;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
vulkan-loader vulkan-loader
vulkan-validation-layers vulkan-validation-layers
@ -201,20 +203,12 @@ in
# Enable nftables over iptables # Enable nftables over iptables
nftables.enable = true; nftables.enable = true;
# Enable firewall passthrough # Enable firewall
firewall = { firewall = {
allowedTCPPorts = [
# Sunshine TCP
47984 47989 48010
];
allowedUDPPorts = [
# Sunshine UDP
47998 47999 48000
# Games
27005 27015 7777
];
allowPing = false; allowPing = false;
extraInputRules = ''
ip saddr 192.168.2.11 accept comment "Accept Server Connections"
'';
}; };
# Set hostnames # Set hostnames
@ -364,6 +358,7 @@ in
# Enable SSH # Enable SSH
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = false;
settings = { settings = {
LogLevel = "VERBOSE"; LogLevel = "VERBOSE";
PermitRootLogin = "no"; PermitRootLogin = "no";
@ -376,7 +371,8 @@ in
# Block SSH connections after numerous attempts # Block SSH connections after numerous attempts
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
maxretry = 10; maxretry = 5;
bantime = "5m";
}; };
# Enable AppImages # Enable AppImages
@ -385,6 +381,13 @@ in
binfmt = true; binfmt = true;
}; };
# Enable Sunshine as a service
services.sunshine = {
enable = true;
settings.port = 57989;
autoStart = false;
};
# Enable MPD # Enable MPD
services.mpd = { services.mpd = {
enable = true; enable = true;

280
PC/jimbo.nix
View file

@ -141,17 +141,6 @@ let
esac esac
} }
# Media launcher
handle_media() {
RET=$(echo -e "YouTube\nMusic\nHistory\nAnime" | bemenu ${bemenuOpts} -p "Media")
case $RET in
YouTube) ytfzf -D;;
Music) ytfzf -D -m;;
History) ytfzf -D -H;;
Anime) ${terminal} ani-cli -q 720;;
esac
}
# Resolutions # Resolutions
handle_resolutions() { handle_resolutions() {
RET=$(echo -e "Default\nWide\nGPU2" | bemenu ${bemenuOpts} -p "Resolutions") RET=$(echo -e "Default\nWide\nGPU2" | bemenu ${bemenuOpts} -p "Resolutions")
@ -1153,29 +1142,6 @@ let
s:/home/jimbo/JimboNFS/School s:/home/jimbo/JimboNFS/School
''; '';
# Sunshine apps config
sunshineApps = ''
{
"env": {
"PATH": "$(PATH):$(HOME)\/.local\/bin"
},
"apps": [{
"name": "Desktop",
"image-path": "desktop.png"
}]
}
'';
# ytfzf config
ytfzfConf = ''
external_menu () {
bemenu ${bemenuOpts} -s -l 30 -p "Search"
}
video_player () {
mpv --loop-playlist=no --keep-open=yes "$@"
}
'';
# Some sound settings use alsoft, which needs to be configured to use pipewire # Some sound settings use alsoft, which needs to be configured to use pipewire
alsoftConf = '' alsoftConf = ''
drivers=pulse drivers=pulse
@ -1187,7 +1153,7 @@ let
user_interface = "alternative" user_interface = "alternative"
''; '';
# FireFox/LibreWolf colors # FireFox colors
foxJimCol = '' foxJimCol = ''
:root { :root {
--tab-active-bg-color: #${primeCol}; --tab-active-bg-color: #${primeCol};
@ -1351,6 +1317,7 @@ let
#TabsToolbar, .tabbrowser-tab { #TabsToolbar, .tabbrowser-tab {
max-height: var(--tab-min-height) !important; max-height: var(--tab-min-height) !important;
font-size: 14px !important; font-size: 14px !important;
outline: none !important;
} }
/* Change color of normal tabs */ /* Change color of normal tabs */
@ -1470,75 +1437,6 @@ let
overflow: hidden !important; overflow: hidden !important;
} }
''; '';
foxProfiles = ''
[Profile0]
Name=Jimbo
IsRelative=1
Path=Jimbo
Default=1
[Profile1]
Name=School
IsRelative=1
Path=School
[Profile2]
Name=Variety
IsRelative=1
Path=Variety
[General]
StartWithLastProfile=1
Version=2
'';
foxUserJS = ''
// Enable Compact Mode
user_pref("browser.uidensity", 1);
// Tracking protection
user_pref("browser.contentblocking.category", "strict");
user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com");
user_pref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.twimg.com");
user_pref("network.cookie.sameSite.noneRequiresSecure", true);
user_pref("browser.helperApps.deleteTempFileOnExit", true);
user_pref("browser.uitour.enabled", false);
user_pref("privacy.globalprivacycontrol.enabled", true);
user_pref("privacy.globalprivacycontrol.functionality.enabled", true);
// Disable Telemetry
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.coverage.opt-out", true);
user_pref("toolkit.coverage.opt-out", true);
user_pref("toolkit.coverage.endpoint.base", "");
user_pref("browser.ping-centre.telemetry", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
// Disable Experiments
user_pref("app.shield.optoutstudies.enabled", false);
user_pref("app.normandy.enabled", false);
user_pref("app.normandy.api_url", "");
// Disable Crash Reports
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
// Detection
user_pref("captivedetect.canonicalURL", "");
user_pref("network.captive-portal-service.enabled", false);
user_pref("network.connectivity-service.enabled", false);
'';
in in
{ {
@ -1573,7 +1471,7 @@ in
remmina freerdp globalprotect-openconnect python3 zoom-us remmina freerdp globalprotect-openconnect python3 zoom-us
# Audio/Video tools # Audio/Video tools
yt-dlp ytfzf spotdl ani-cli playerctl ffmpeg yt-dlp spotdl ani-cli playerctl ffmpeg
# Unlimited games # Unlimited games
steam steam-run heroic mangohud prismlauncher steam steam-run heroic mangohud prismlauncher
@ -1582,7 +1480,7 @@ in
#dolphin-emu cemu ryujinx duckstation pcsx2 unstable.lime3ds #dolphin-emu cemu ryujinx duckstation pcsx2 unstable.lime3ds
# Remote desktop # Remote desktop
sunshine #moonlight-qt #moonlight-qt
# Window manager apps # Window manager apps
swaybg wdisplays wl-clipboard clipman bemenu swaybg wdisplays wl-clipboard clipman bemenu
@ -1658,14 +1556,13 @@ in
{ command = "wl-paste -t text --watch clipman store -P"; } { command = "wl-paste -t text --watch clipman store -P"; }
{ command = "wl-copy"; } { command = "wl-copy"; }
{ command = "mako"; } { command = "mako"; }
{ command = "sunshine"; }
{ command = "${pkgs.rot8}/bin/rot8"; } { command = "${pkgs.rot8}/bin/rot8"; }
# Polkit agent # Polkit agent
{ command = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; } { command = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; }
# Foreground apps # Foreground apps
{ command = "librewolf -P Variety --name=Variety"; } { command = "librewolf -P Misc --name=MiscBrowser"; }
{ command = "vesktop --ozone-platform-hint=auto"; } { command = "vesktop --ozone-platform-hint=auto"; }
{ command = "element-desktop"; } { command = "element-desktop"; }
{ command = "thunderbird"; } { command = "thunderbird"; }
@ -1788,9 +1685,9 @@ in
## Launcher keys ## Launcher keys
# LibreWolf profiles # LibreWolf profiles
"${primeMod}+F1" = ''exec librewolf -P Jimbo --name=JimBrowser | ${sendNotif} "LibreWolf Main"''; "${primeMod}+F1" = ''exec librewolf -P Jimbo --name=JimBrowser | ${sendNotif} "Main Browser"'';
"${primeMod}+F2" = ''exec librewolf -P School --name=SchoolBrowser | ${sendNotif} "LibreWolf School"''; "${primeMod}+F2" = ''exec librewolf -P School --name=SchoolBrowser | ${sendNotif} "School Browser"'';
"${primeMod}+F3" = ''exec librewolf -P Variety --name=Variety | ${sendNotif} "LibreWolf Variety"''; "${primeMod}+F3" = ''exec librewolf -P Misc --name=MiscBrowser | ${sendNotif} "Miscellaneous Browser"'';
# Discord # Discord
"${primeMod}+F4" = ''exec vesktop --ozone-platform-hint=auto | ${sendNotif} "Discord"''; "${primeMod}+F4" = ''exec vesktop --ozone-platform-hint=auto | ${sendNotif} "Discord"'';
@ -1849,13 +1746,13 @@ in
"XF86AudioStop" = ''exec mpc stop''; "XF86AudioStop" = ''exec mpc stop'';
# Play MPD, Firefox, or MPV # Play MPD, Firefox, or MPV
"XF86AudioPlay" = ''exec playerctl --player=firefox play-pause''; "XF86AudioPlay" = ''exec playerctl --player=librewolf play-pause'';
"Ctrl+XF86AudioPlay" = ''exec playerctl --player=mpv play-pause''; "Ctrl+XF86AudioPlay" = ''exec playerctl --player=mpv play-pause'';
"${altMod}+XF86AudioPlay" = ''exec mpc toggle''; "${altMod}+XF86AudioPlay" = ''exec mpc toggle'';
# Next/Previous # Next/Previous
"XF86AudioNext" = ''exec playerctl --player=firefox next''; "XF86AudioNext" = ''exec playerctl --player=librewolf next'';
"XF86AudioPrev" = ''exec playerctl --player=firefox previous''; "XF86AudioPrev" = ''exec playerctl --player=librewolf previous'';
"${altMod}+XF86AudioNext" = ''exec mpc next''; "${altMod}+XF86AudioNext" = ''exec mpc next'';
"${altMod}+XF86AudioPrev" = ''exec mpc prev''; "${altMod}+XF86AudioPrev" = ''exec mpc prev'';
@ -2038,7 +1935,7 @@ in
# Browsers # Browsers
"${w1}" = [{ app_id = "JimBrowser"; }]; "${w1}" = [{ app_id = "JimBrowser"; }];
"${w1a}" = [{ app_id = "SchoolBrowser"; }]; "${w1a}" = [{ app_id = "SchoolBrowser"; }];
"${w7}" = [{ app_id = "Variety"; }]; "${w7}" = [{ app_id = "MiscBrowser"; }];
# Communication # Communication
"${w3a}" = [{ class = "zoom"; }]; "${w3a}" = [{ class = "zoom"; }];
@ -2095,9 +1992,9 @@ in
all-outputs = true; all-outputs = true;
tooltip = false; tooltip = false;
rewrite = { rewrite = {
"(.*) LibreWolf" = " $1"; "(.*) Firefox" = " $1";
"LibreWolf" = " LibreWolf"; "Firefox" = " Firefox";
"(.*) - YouTube LibreWolf" = "󰗃 $1"; "(.*) - YouTube Firefox" = "󰗃 $1";
}; };
}; };
@ -2548,7 +2445,8 @@ in
}; };
# GTK app bookmarks # GTK app bookmarks
gtk3.bookmarks = [ gtk3 = {
bookmarks = [
# Local # Local
"file:///home/jimbo/Downloads" "file:///home/jimbo/Downloads"
"file:///home/jimbo/Documents" "file:///home/jimbo/Documents"
@ -2570,6 +2468,13 @@ in
"file:///home/jimbo/JimboNFS/School" "file:///home/jimbo/JimboNFS/School"
]; ];
# Disable shadows
extraCss = ''
* { outline-width: 0px; }
decoration { box-shadow: none; }
'';
};
# Stop gtk4 from being rounded # Stop gtk4 from being rounded
gtk4.extraCss = '' gtk4.extraCss = ''
window { window {
@ -2600,25 +2505,103 @@ in
}; };
}; };
# Install LibreWolf with settings # Enable Librewolf and extensions
programs.librewolf = { programs.firefox = let
enable = true; commonExtensions = with pkgs.nur.repos.rycee.firefox-addons; [
package = pkgs.librewolf; ublock-origin bitwarden darkreader sponsorblock return-youtube-dislikes no-pdf-download
settings = { ];
commonSearch = {
force = true;
default = "Google";
engines = {
"Google" = {
urls = [{
template = "https://www.google.com/search";
params = [
{ name = "q"; value = "{searchTerms}"; }
];
}];
definedAliases = [ "@g" ];
};
"NixPKGs" = {
urls = [{
template = "https://search.nixos.org/packages";
params = [
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@pkgs" ];
};
};
};
commonSettings = {
"font.name.serif.x-western" = "${mainFont}";
"font.name.sans-serif.x-western" = "${mainFont}";
"font.name.monospace.x-western" = "${nerdFont}";
"general.autoScroll" = true; "general.autoScroll" = true;
"browser.compactmode.show" = true; "browser.compactmode.show" = true;
"browser.uidensity" = 1;
"browser.startup.page" = 3;
"extensions.pocket.enabled" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"privacy.userContext.newTabContainerOnLeftClick.enabled" = true;
"privacy.clearOnShutdown.history" = false; "privacy.clearOnShutdown.history" = false;
"privacy.clearOnShutdown.cookies" = false; "privacy.clearOnShutdown.cookies" = false;
"network.cookie.lifetimePolicy" = 0; "browser.toolbars.bookmarks.visibility" = "never";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.toolbars.bookmarks.visibility" = "newtab";
"gnomeTheme.hideSingleTab" = true;
"svg.context-properties.content.enabled" = true;
"media.hardware-video-decoding.force-enabled" = true; "media.hardware-video-decoding.force-enabled" = true;
"svg.context-properties.content.enabled" = true;
"toolkit.tabbox.switchByScrolling" = true; "toolkit.tabbox.switchByScrolling" = true;
"device.sensors.motion.enabled" = false; "device.sensors.motion.enabled" = false;
"extensions.autoDisableScopes" = 0;
"gnomeTheme.hideSingleTab" = true;
"browser.contentblocking.category" = "strict";
"urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
"urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com";
"network.cookie.sameSite.noneRequiresSecure" = true;
"browser.helperApps.deleteTempFileOnExit" = true;
"privacy.globalprivacycontrol.enabled" = true;
"privacy.globalprivacycontrol.functionality.enabled" = true;
#"webgl.disabled" = false; #"webgl.disabled" = false;
}; };
in {
enable = true;
package = pkgs.librewolf;
profiles = {
Jimbo = {
id = 0;
extensions = commonExtensions;
search = commonSearch;
settings = commonSettings;
userChrome = ''
${foxJimCol}
${quteFoxCSS}
'';
};
School = {
id = 1;
extensions = commonExtensions;
search = commonSearch;
settings = commonSettings;
userChrome = ''
${foxWorkCol}
${quteFoxCSS}
'';
};
Misc = {
id = 2;
extensions = commonExtensions;
search = commonSearch;
settings = commonSettings;
containersForce = true;
containers = {
Google = { color = "green"; icon = "fingerprint"; id = 200; };
Seneca = { color = "red"; icon = "briefcase"; id = 201; };
Centennial = { color = "pink"; icon = "vacation"; id = 202; };
};
};
};
}; };
# Install Neovim and plugins # Install Neovim and plugins
@ -2943,42 +2926,21 @@ in
sha256 = "1r086apw20ryxylqgnbynx7mzz779v1w0m40wghmmhlzw4x15fmr"; sha256 = "1r086apw20ryxylqgnbynx7mzz779v1w0m40wghmmhlzw4x15fmr";
}}"; }}";
# Sunshine config
".config/sunshine/apps.json".text = sunshineApps;
# YTFZF config
".config/ytfzf/conf.sh".text = ytfzfConf;
# Alsoft config
".alsoftrc".text = alsoftConf;
# Ncmpcpp config # Ncmpcpp config
".config/ncmpcpp/config".text = ncmpcppConf; ".config/ncmpcpp/config".text = ncmpcppConf;
# LibreWolf profiles and theming # Gnome theme
".librewolf/profiles.ini".text = foxProfiles; ".mozilla/firefox/Misc/chrome".source = "${fetchTarball {
".librewolf/Jimbo/chrome/userChrome.css".text = "${foxJimCol}\n${quteFoxCSS}"; url = "https://github.com/rafaelmardojai/firefox-gnome-theme/archive/refs/tags/v129.zip";
".librewolf/Jimbo/user.js".text = foxUserJS; sha256 = "14x0vp66i8b14q6c9n75sa88fcwy9jd9lik8sjnab2rnwlskvq9h";
".librewolf/School/chrome/userChrome.css".text = "${foxWorkCol}\n${quteFoxCSS}";
".librewolf/School/user.js".text = foxUserJS;
".librewolf/Variety/chrome".source = "${fetchTarball {
url = "https://github.com/rafaelmardojai/firefox-gnome-theme/archive/refs/tags/v120.zip";
sha256 = "05ndzlhvw0zxxqgc9lp9w6kr764zbh5zv4aw2nk9qfyhr8j3c708";
}}"; }}";
".librewolf/Variety/user.js".text = foxUserJS;
# LibreWolf extension symlinks # Symlinks
".librewolf/School/extensions".source = ".librewolf".source = config.lib.file.mkOutOfStoreSymlink "/home/jimbo/.mozilla/firefox";
config.lib.file.mkOutOfStoreSymlink "/home/jimbo/.librewolf/Jimbo/extensions";
".librewolf/School/browser-extension-data".source =
config.lib.file.mkOutOfStoreSymlink "/home/jimbo/.librewolf/Jimbo/browser-extension-data";
".librewolf/Variety/extensions".source =
config.lib.file.mkOutOfStoreSymlink "/home/jimbo/.librewolf/Jimbo/extensions";
".librewolf/Variety/browser-extension-data".source =
config.lib.file.mkOutOfStoreSymlink "/home/jimbo/.librewolf/Jimbo/browser-extension-data";
# Outer Symlinks
"VMs".source = config.lib.file.mkOutOfStoreSymlink "/etc/libvirt/VMs"; "VMs".source = config.lib.file.mkOutOfStoreSymlink "/etc/libvirt/VMs";
# Alsoft config
".alsoftrc".text = alsoftConf;
}; };
# Define session variables # Define session variables