{ lib, config, pkgs, ... }: { krebs.build.host = config.krebs.hosts.vbob; makefu.awesome.modkey = "Mod1"; imports = [ { imports = [ ]; boot.loader.grub.device = "/dev/sda"; virtualisation.virtualbox.guest.enable = true; } # { # imports = [ # # ]; # virtualbox.baseImageSize = 35 * 1024; # fileSystems."/media/share" = { # fsType = "vboxsf"; # device = "share"; # options = [ "rw" "uid=9001" "gid=9001" ]; # }; # } # { # imports = [ # # ]; # fileSystems."/nix" = { # device ="/dev/disk/by-label/nixstore"; # fsType = "ext4"; # }; # } # base gui # # # security # Tools # # # environment (let gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr; Gateway = "10.0.2.2"; in { networking.localCommands = '' ip route add ${gum-ip} via ${Gateway} ''; systemd.network.networks.enp0s3.routes = [{ inherit Gateway; # TODO Destination = gum-ip; }]; networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.3/24" ]; privateKeyFile = (toString ) + "/wireguard.key"; allowedIPsAsRoutes = true; # explicit route via eth0 to gum peers = [ { # gum endpoint = "${gum-ip}:51820"; # allowedIPs = [ "10.244.0.0/24" ]; allowedIPs = [ "0.0.0.0/0" ]; publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; } ]; }; }) ]; networking.extraHosts = import (toString ); nixpkgs.config.allowUnfree = true; # allow vbob to deploy self users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; }; system.activationScripts.prepare-fortclientvpnssl = '' # TODO: for forticlientsslpn mkdir -p /usr/{s,}bin ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail ''; environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get logstash # docker #devpi-web #devpi-client ansible ]; # virtualisation.docker.enable = true; networking.firewall.allowedTCPPorts = [ 25 80 8010 ]; systemd.services."serial-getty@ttyS0".enable = true; }