Remove qtbittorrent because of an RCE bug, prepare more for enable by module for server

2024-11-08 16:57:56 -05:00 · 2024-11-08 16:57:56 -05:00 · bbf0696221
commit bbf0696221
parent bbd3d080b5
17 changed files with 29 additions and 38 deletions
--- a/modules/system/services/general/default.nix
+++ b/modules/system/services/general/default.nix
@ -0,0 +1,12 @@
+{ ... }:
+{
+  imports = [
+    ./gnome-keyring
+    ./gvfs
+    ./keyd
+    ./libvirtd
+    ./mpd
+    ./ssh
+    ./sunshine
+  ];
+}
--- a/modules/system/services/general/gnome-keyring/default.nix
+++ b/modules/system/services/general/gnome-keyring/default.nix
@ -0,0 +1,4 @@
+{ config, ... }:
+{
+  services.gnome.gnome-keyring.enable = config.system.desktop.enable;
+}
--- a/modules/system/services/general/gvfs/default.nix
+++ b/modules/system/services/general/gvfs/default.nix
@ -0,0 +1,7 @@
+{ config, ... }:
+{
+  services = {
+    gvfs.enable = config.system.desktop.enable;
+    udisks2.enable = config.system.desktop.enable;
+  };
+}
--- a/modules/system/services/general/keyd/default.nix
+++ b/modules/system/services/general/keyd/default.nix
@ -0,0 +1,46 @@
+{ ... }:
+{
+  services.keyd = {
+    enable = true;
+    keyboards.default = {
+      ids = [ "*" ];
+      settings = {
+        main = {
+          capslock = "overload(control,esc)";
+          leftcontrol = "overload(ctrlmod,noop)";
+          esc = "`";
+          rightcontrol = "esc";
+          left = "noop";
+          down = "noop";
+          up = "noop";
+          right = "noop";
+        };
+
+        control = {
+          h = "left";
+          j = "down";
+          k = "up";
+          l = "right";
+          g = "macro(C-h)";
+          semicolon = "macro(C-l)";
+        };
+
+        ctrlmod = {
+          backspace = "delete";
+          "1" = "f1";
+          "2" = "f2";
+          "3" = "f3";
+          "4" = "f4";
+          "5" = "f5";
+          "6" = "f6";
+          "7" = "f7";
+          "8" = "f8";
+          "9" = "f9";
+          "0" = "f10";
+          "-" = "f11";
+          "=" = "f12";
+        };
+      };
+    };
+  };
+}
--- a/modules/system/services/general/libvirtd/default.nix
+++ b/modules/system/services/general/libvirtd/default.nix
@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+{
+  options.system.libvirtd = {
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable libvirtd and such";
+    };
+  };
+
+  config = lib.mkIf config.system.libvirtd.enable {
+    virtualisation = {
+      libvirtd = {
+        enable = true;
+        onBoot = "ignore";
+        onShutdown = "shutdown";
+        qemu = {
+          ovmf = {
+            enable = true;
+            packages = [
+              pkgs.OVMFFull.fd
+              pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd
+            ];
+          };
+          swtpm.enable = true;
+        };
+      };
+    };
+
+    environment = {
+      systemPackages = with pkgs; [
+        virt-manager
+        virtiofsd
+        dnsmasq
+        spice-vdagent
+        looking-glass-client
+      ];
+
+      persistence."/persist".directories = [
+        "/var/lib/libvirt/dnsmasq"
+        "/var/lib/libvirt/nwfilter"
+        "/var/lib/libvirt/qemu"
+        "/var/lib/libvirt/secrets"
+        "/var/lib/libvirt/storage"
+        "/var/lib/libvirt/swtpm"
+      ];
+    };
+
+    # Needed to make NAT work
+    networking.firewall.trustedInterfaces = [
+      "virbr0"
+      "virbr1"
+    ];
+
+    systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 jimbo libvirtd -" ];
+  };
+}
--- a/modules/system/services/general/mpd/default.nix
+++ b/modules/system/services/general/mpd/default.nix
@ -0,0 +1,24 @@
+{ config, lib, ... }:
+{
+  config = lib.mkIf config.system.desktop.enable {
+    services.mpd = {
+      enable = true;
+      user = "jimbo";
+      group = "users";
+      musicDirectory = "/home/jimbo/JimboNFS/Music/Synced";
+      playlistDirectory = "/home/jimbo/JimboNFS/Music/Synced/Playlists";
+      extraConfig = ''
+        audio_output {
+          type "pipewire"
+          name "Local Pipewire"
+        }
+      '';
+    };
+
+    systemd.services.mpd.environment = {
+      XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.jimbo.uid}";
+    };
+
+    environment.persistence."/persist".directories = [ "/var/lib/mpd" ];
+  };
+}
--- a/modules/system/services/general/ssh/default.nix
+++ b/modules/system/services/general/ssh/default.nix
@ -0,0 +1,21 @@
+{ ... }:
+{
+  imports = [ ./fail2ban ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PrintLastLog = "no";
+      PasswordAuthentication = false;
+      UsePAM = false;
+    };
+  };
+
+  environment.persistence."/persist".files = [
+    "/etc/ssh/ssh_host_ed25519_key"
+    "/etc/ssh/ssh_host_ed25519_key.pub"
+    "/etc/ssh/ssh_host_rsa_key"
+    "/etc/ssh/ssh_host_rsa_key.pub"
+  ];
+}
--- a/modules/system/services/general/ssh/fail2ban/default.nix
+++ b/modules/system/services/general/ssh/fail2ban/default.nix
@ -0,0 +1,10 @@
+{ ... }:
+{
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime = "5m";
+  };
+
+  environment.persistence."/persist".directories = [ "/var/lib/fail2ban" ];
+}
--- a/modules/system/services/general/sunshine/default.nix
+++ b/modules/system/services/general/sunshine/default.nix
@ -0,0 +1,7 @@
+{ config, ... }:
+{
+  services.sunshine = {
+    enable = config.system.desktop.enable;
+    autoStart = false;
+  };
+}