tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

rootfull docker, mkcert ca, bw scripts

Browse source
This commit is contained in:
Tristan 2023-04-27 16:33:37 +01:00
parent e0d717f56b
commit 6aa649eb01
4 changed files with 59 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
system/global/home.nix
View file

@ -28,6 +28,11 @@ let
fi fi
''); '');
bwotpmenu = (pkgs.writeShellScriptBin "bwotpmenu" ''
items="$(rbw list)"
echo "$items" | ${ my-deps.menu } | xargs -I_ rbw code _ | wl-copy
'');
bwmenu = (pkgs.writeShellScriptBin "bwmenu" '' bwmenu = (pkgs.writeShellScriptBin "bwmenu" ''
items="$(rbw list)" items="$(rbw list)"
echo "$items" | ${ my-deps.menu } | xargs -I_ rbw get _ | wl-copy echo "$items" | ${ my-deps.menu } | xargs -I_ rbw get _ | wl-copy
@ -73,6 +78,7 @@ in
home.packages = (with pkgs; [ home.packages = (with pkgs; [
libnotify libnotify
dig
wl-clipboard wl-clipboard
wofi wofi
du-dust du-dust
@ -176,7 +182,8 @@ in
bind = SUPER_SHIFT, V, togglegroup, bind = SUPER_SHIFT, V, togglegroup,
bind = SUPER_SHIFT, space, changegroupactive,n bind = SUPER_SHIFT, space, changegroupactive,n
bind = SUPER_SHIFT, P, exec,${ my-scripts.bwmenu }/bin/bwmenu bind = SUPER, P, exec,${ my-scripts.bwmenu }/bin/bwmenu
bind = SUPER_SHIFT, P, exec,${ my-scripts.bwotpmenu }/bin/bwotpmenu
bind = SUPER_SHIFT, S, exec,${ my-scripts.screenshot }/bin/screenshot bind = SUPER_SHIFT, S, exec,${ my-scripts.screenshot }/bin/screenshot
bind =,XF86AudioRaiseVolume, exec,${ my-deps.amixer } sset Master 5%+ && ${ my-deps.amixer } sset Master unmute bind =,XF86AudioRaiseVolume, exec,${ my-deps.amixer } sset Master 5%+ && ${ my-deps.amixer } sset Master unmute

1
system/global/system.nix
View file

@ -93,7 +93,6 @@
trash-cli trash-cli
wget wget
unzip unzip
networkmanager-openvpn
(neovim.override { (neovim.override {
vimAlias = true; vimAlias = true;
configure = { configure = {

2
system/work/home.nix
View file

@ -25,7 +25,7 @@ in
(pkgs.makeDesktopItem { (pkgs.makeDesktopItem {
name = "teams"; name = "teams";
desktopName = "Microsoft Teams"; desktopName = "Microsoft Teams";
exec = "${brave-nightly}/opt/brave.com/brave-nightly/brave-browser-nightly --app-id=cifhbcnohmdccbgoicgdjpfamggdegmo --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations"; exec = "${brave-nightly}/opt/brave.com/brave-nightly/brave-browser-nightly --app-id=cifhbcnohmdccbgoicgdjpfamggdegmo --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations,WebRTCPipeWireCapturer";
icon = "brave-cifhbcnohmdccbgoicgdjpfamggdegmo-Default"; icon = "brave-cifhbcnohmdccbgoicgdjpfamggdegmo-Default";
}) })
(pkgs.makeDesktopItem { (pkgs.makeDesktopItem {

55
system/work/system.nix
View file

@ -22,17 +22,62 @@
]; ];
networking.firewall.allowedTCPPorts = [ ]; networking = {
networkmanager = {
plugins = [ pkgs.networkmanager-openvpn ];
};
};
boot.kernel.sysctl = {
"net.ipv4.ip_unprivileged_port_start" = 53;
};
system.stateVersion = "22.11"; # do not change system.stateVersion = "22.11"; # do not change
security.pki.certificates = [
# mkcert root CA
''
-----BEGIN CERTIFICATE-----
MIIEtTCCAx2gAwIBAgIQJFzbDr6Qu0RdwlB9iBsKjjANBgkqhkiG9w0BAQsFADBz
MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJDAiBgNVBAsMG3RyaXN0
YW5ARkNTLVRyaXN0YW4tTml4Ym9vazErMCkGA1UEAwwibWtjZXJ0IHRyaXN0YW5A
RkNTLVRyaXN0YW4tTml4Ym9vazAeFw0yMzA0MjcwOTA5MDBaFw0zMzA0MjcwOTA5
MDBaMHMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEkMCIGA1UECwwb
dHJpc3RhbkBGQ1MtVHJpc3Rhbi1OaXhib29rMSswKQYDVQQDDCJta2NlcnQgdHJp
c3RhbkBGQ1MtVHJpc3Rhbi1OaXhib29rMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
MIIBigKCAYEA0rfztOVR6WnW/y/eSjVYPg9Hukegmj4JiPyYWWGwDU2WDFnZNL3h
g66YIngid/1tK/xau793oL5tSlxASCi/8v+UCu946p71iVnEM6GiI5bmLA2yV6DB
gbb6OQ5WCLfoOwOHW5jchlXpFstMsTGAyck3D8n0ndebQQc6YbOQG4RFyTftwI3g
2oy8Vl8NKyRL2V3NIPx16OkmLDhzo0bKHQAvPc+QUYfKRRn7UlUyfTy/ILwa0ezt
5KcggU/OMT68eFSp3LItUhRu1zSygCDk2zhJq8ieb5BypvSBWj/mSZtucpoasl72
txiRCN7yrGw21Z34KdqVF+mI0bWVEZESu1/93HzsEcy9SUX/tF11t/Zb5WAF3kFH
dk0UMRTayhKZuxCRmGIqjLrItUli2tDy+QTzNU0XZAaUokqk3to5GoXSij9H0MdJ
VRA8Y2Mdp+l16MMgLMG5gR9KVnCyM1bkqFJpR+xt8xyeAljI9hFVTyI4i36nUWoi
ITdpBUkaOSoVAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAG
AQH/AgEAMB0GA1UdDgQWBBQnpJfEOuRFXN0YJwf3R2EiWtApHDANBgkqhkiG9w0B
AQsFAAOCAYEAQx3kukopMjvybhbKsx/aU7CynjRCIbbONE10dX9fw7AtjQRB8Vcm
hlsW13MmM6DxroY6taWD8KLZxRNJeHoWdjN689sAbIlnaLrry7XDx5wtsBGfZh3j
vtFzSqHumxa1LjEQPUetTFp6YNgqDDyB53pU/Xfahwda8PCEOEqAsEveYyPqu0I1
MxNdPa/exE2HJxXZarWQ4pcqReykIVale+WbdOmSaT9cnA+E82hshhq3X6Aeti5s
DmIzY//L1LuNs0bXD4ECyMHA8Pgu3JyhnCIu8cxAKyOnM63P9iKZq5c9NASbvGgT
DNlxgyFqDQEI5k8Q2INM/6ZlJKcKRlIh1Nxd2PXl68IA0dWftBGydCGPPPcSdGCy
vA3XfPrgbuqdJjuPjQggMyajJsg2Y7b9YBL7XIBcwKqnSCxoDORGRQEy47sTaT8a
/BqBUuDPQbCF8MZcbsfwQP4pj8E/YyiSQCSZwQVpwVbZNBSOvcq28h0TEzDnAoHG
ey1rgb0TA5zi
-----END CERTIFICATE-----
''
];
# dangerous
users.users.tristan.extraGroups = [ "docker" ];
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
storageDriver = "btrfs"; storageDriver = "btrfs";
rootless = { # rootless = {
enable = true; # enable = true;
setSocketVariable = true; # setSocketVariable = true;
}; # };
}; };
} }