more net sec stuff

2024-02-26 12:19:32 +01:00 · 2024-02-26 12:19:32 +01:00 · 0629b8ec6a
parent a4dd20beb5
commit 0629b8ec6a
6 changed files with 60 additions and 52 deletions
--- a/common/desktop/default.nix
+++ b/common/desktop/default.nix
@ -7,7 +7,7 @@
      efi.canTouchEfiVariables = true;
      efi.efiSysMountPoint = "/boot/efi";
    };
-    kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; };
+    kernel.sysctl = lib.mkDefault { "fs.inotify.max_user_watches" = 524288; };
    initrd = {
      systemd.enable = true;
      verbose = false;
--- a/common/desktop/home.nix
+++ b/common/desktop/home.nix
@ -4,7 +4,7 @@ let
    inherit (pkgs.texlive) scheme-full;
    dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
  };
-  my-python-packages = ps: with ps; [ pandas requests numpy ];
+  my-python-packages = ps: with ps; [ pandas requests numpy scapy pyshark ];
 in {
  home.packages = with pkgs; [
    (python3.withPackages my-python-packages)
--- a/common/users/default.nix
+++ b/common/users/default.nix
@ -66,6 +66,4 @@
      setw -g mouse on
    '';
  };
-
-
 }
--- a/flake.lock
+++ b/flake.lock
@ -674,11 +674,11 @@
        "systems": "systems_7"
      },
      "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
@ -837,11 +837,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1708294481,
-        "narHash": "sha256-DZtxmeb4OR7iCaKUUuq05ADV2rX8WReZEF7Tq//W0+Y=",
+        "lastModified": 1708806879,
+        "narHash": "sha256-MSbxtF3RThI8ANs/G4o1zIqF5/XlShHvwjl9Ws0QAbI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "a54e05bc12d88ff2df941d0dc1183cb5235fa438",
+        "rev": "4ee704cb13a5a7645436f400b9acc89a67b9c08a",
        "type": "github"
      },
      "original": {
@ -858,11 +858,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1707919853,
-        "narHash": "sha256-qxmBGDzutuJ/tsX4gp+Mr7fjxOZBbeT9ixhS5o4iFOw=",
+        "lastModified": 1708558280,
+        "narHash": "sha256-w1ns8evB6N9VTrAojcdXLWenROtd77g3vyClrqeFdG8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "043ba285c6dc20f36441d48525402bcb9743c498",
+        "rev": "0b69d574162cfa6eb7919d5614a48d0185550891",
        "type": "github"
      },
      "original": {
@ -960,11 +960,11 @@
        "spectrum": "spectrum"
      },
      "locked": {
-        "lastModified": 1708421045,
-        "narHash": "sha256-xoN9rB7Uyoj+fIjMvHN1l3dGyQff7hV4KIVCYDocn4U=",
+        "lastModified": 1708906061,
+        "narHash": "sha256-8WlGYMCtggvybPdzQschOoC9r3dl0d3lnGmlTZB6pAw=",
        "owner": "astro",
        "repo": "microvm.nix",
-        "rev": "c3f2eb54f96f56ec93fcccc7f14808f10a61e6ca",
+        "rev": "4583e2394e1e5723746fb55dbb912385c6c6bda1",
        "type": "github"
      },
      "original": {
@ -1043,11 +1043,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1707707289,
-        "narHash": "sha256-YuDt/eSTXMEHv8jS8BEZJgqCcG8Tr3cyqaZjJFXZHsw=",
+        "lastModified": 1708231718,
+        "narHash": "sha256-IZdieFWvhBkxoOFMDejqLUYqD94WN6k0YSpw0DFy+4g=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "44f50a5ecaab72a61d5fd8e5c5717bc4bf9c25dd",
+        "rev": "0e6857fa1d632637488666c08e7b02c08e3178f8",
        "type": "github"
      },
      "original": {
@ -1074,11 +1074,11 @@
    },
    "nixlib": {
      "locked": {
-        "lastModified": 1708217146,
-        "narHash": "sha256-nGfEv7k78slqIR5E0zzWSx214d/4/ZPKDkObLJqVLVw=",
+        "lastModified": 1708821942,
+        "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "e623008d8a46517470e6365505f1a3ce171fa46a",
+        "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b",
        "type": "github"
      },
      "original": {
@ -1095,11 +1095,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1708402276,
-        "narHash": "sha256-7ZTUHdMwy8o6d8ela6H7H3UcS7cyns4D1zuWbmU1dCI=",
+        "lastModified": 1708940320,
+        "narHash": "sha256-QOWRJlqT5FRESiaO42/QV/GbSRNKSa4XUDs3cNQsoWI=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "fa146e1a156c83b009b398213c661d6b46d71421",
+        "rev": "5b7772406956f95e8a0e1f27218b1e7cf6e9164a",
        "type": "github"
      },
      "original": {
@ -1110,11 +1110,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1708091350,
-        "narHash": "sha256-o28BJYi68qqvHipT7V2jkWxDiMS1LF9nxUsou+eFUPQ=",
+        "lastModified": 1708594753,
+        "narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "106d3fec43bcea19cb2e061ca02531d54b542ce3",
+        "rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958",
        "type": "github"
      },
      "original": {
@ -1396,11 +1396,11 @@
    },
    "nixpkgs_7": {
      "locked": {
-        "lastModified": 1702312524,
-        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
+        "lastModified": 1708475490,
+        "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
+        "rev": "0e74ca98a74bc7270d28838369593635a5db3260",
        "type": "github"
      },
      "original": {
@ -1412,11 +1412,11 @@
    },
    "nixpkgs_8": {
      "locked": {
-        "lastModified": 1708405701,
-        "narHash": "sha256-E78TXiZiR9irWdYAVltRxZPJ+pMxXPU5PjHwqq6XLtI=",
+        "lastModified": 1708847675,
+        "narHash": "sha256-RUZ7KEs/a4EzRELYDGnRB6i7M1Izii3JD/LyzH0c6Tg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "fa15b53dbea5028db38d6e09b4cef6eba42aeebb",
+        "rev": "2a34566b67bef34c551f204063faeecc444ae9da",
        "type": "github"
      },
      "original": {
@ -1427,11 +1427,11 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1708296515,
-        "narHash": "sha256-FyF489fYNAUy7b6dkYV6rGPyzp+4tThhr80KNAaF/yY=",
+        "lastModified": 1708475490,
+        "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b98a4e1746acceb92c509bc496ef3d0e5ad8d4aa",
+        "rev": "0e74ca98a74bc7270d28838369593635a5db3260",
        "type": "github"
      },
      "original": {
@ -1451,11 +1451,11 @@
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
-        "lastModified": 1708419783,
-        "narHash": "sha256-Ro2X1i01wGUo4ggtutwd3yEgCGRphYMBvzzdaQZuBb8=",
+        "lastModified": 1708614940,
+        "narHash": "sha256-36muWApzetaV4WAEeqKsWxW4k2l0u3E841RI4sHPiz0=",
        "owner": "pta2002",
        "repo": "nixvim",
-        "rev": "9d30e87455b2bdb18f5c55ec30ec0268c1f29f98",
+        "rev": "060a05138ca1a46fc0a0f79ef27f080cac57a59e",
        "type": "github"
      },
      "original": {
@ -1466,11 +1466,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1708417678,
-        "narHash": "sha256-NKp/3NkfPV0IjjrhT4xN1k/rRNyiDLSWI1FbGT3er8s=",
+        "lastModified": 1708938863,
+        "narHash": "sha256-RwqyijFuO+O6T4IX3eQk64j3zHQHBjNWlP57Mc2wyvY=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "37e2a5836ece4dd373530656ec7d41c0aeee3ff1",
+        "rev": "3612172937c01525cc14646aea107cc764ed5cb2",
        "type": "github"
      },
      "original": {
@ -1511,11 +1511,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1707297608,
-        "narHash": "sha256-ADjo/5VySGlvtCW3qR+vdFF4xM9kJFlRDqcC9ZGI8EA=",
+        "lastModified": 1708018599,
+        "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "0db2e67ee49910adfa13010e7f012149660af7f0",
+        "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431",
        "type": "github"
      },
      "original": {
@ -1688,11 +1688,11 @@
    "spectrum": {
      "flake": false,
      "locked": {
-        "lastModified": 1703273931,
-        "narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=",
+        "lastModified": 1708358594,
+        "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
        "ref": "refs/heads/main",
-        "rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691",
-        "revCount": 597,
+        "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
+        "revCount": 614,
        "type": "git",
        "url": "https://spectrum-os.org/git/spectrum"
      },
--- a/hosts/thalassa/aoife/default.nix
+++ b/hosts/thalassa/aoife/default.nix
@ -16,6 +16,10 @@
    isLaptop = true;
  };

+  users.users.vivian.extraGroups = [ "adbusers" ];
+
+
+
  # Bootloader.
  boot = {
    bootspec.enable = true;
--- a/hosts/thalassa/aoife/uni.nix
+++ b/hosts/thalassa/aoife/uni.nix
@ -2,14 +2,20 @@
 # * Wireless IoT and Local Area Networks
 # * Network Security
 { pkgs, ... }: {
-  environment.systemPackages = with pkgs; [ docker-compose ];
+  environment.systemPackages = with pkgs; [
+    docker-compose
+    bridge-utils
+    nettools
+    wget
+  ];

  programs.wireshark.enable = true;
  programs.wireshark.package = pkgs.wireshark;
-  users.extraUsers.vivian.extraGroups = [ "wireshark" "docker" ];

  virtualisation.lxc.enable = true;
  virtualisation.podman.enable = false;
  virtualisation.docker.enable = true;
  virtualisation.docker.storageDriver = "btrfs";
+
+  users.extraUsers.vivian.extraGroups = [ "wireshark" "docker" "lxd" ];
 }