From 4416a21e47f02bcb72ac58719ea9019f66cf4494 Mon Sep 17 00:00:00 2001 From: Vivian Date: Mon, 26 Feb 2024 12:19:32 +0100 Subject: [PATCH] more net sec stuff --- common/desktop/default.nix | 2 +- common/desktop/home.nix | 2 +- common/users/default.nix | 2 - flake.lock | 92 ++++++++++++++++---------------- hosts/thalassa/aoife/default.nix | 4 ++ hosts/thalassa/aoife/uni.nix | 10 +++- 6 files changed, 60 insertions(+), 52 deletions(-) diff --git a/common/desktop/default.nix b/common/desktop/default.nix index d6e00e1f..976f7b2d 100644 --- a/common/desktop/default.nix +++ b/common/desktop/default.nix @@ -7,7 +7,7 @@ efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot/efi"; }; - kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; }; + kernel.sysctl = lib.mkDefault { "fs.inotify.max_user_watches" = 524288; }; initrd = { systemd.enable = true; verbose = false; diff --git a/common/desktop/home.nix b/common/desktop/home.nix index 8734620a..16751cc0 100644 --- a/common/desktop/home.nix +++ b/common/desktop/home.nix @@ -4,7 +4,7 @@ let inherit (pkgs.texlive) scheme-full; dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; }; - my-python-packages = ps: with ps; [ pandas requests numpy ]; + my-python-packages = ps: with ps; [ pandas requests numpy scapy pyshark ]; in { home.packages = with pkgs; [ (python3.withPackages my-python-packages) diff --git a/common/users/default.nix b/common/users/default.nix index 95cc7f30..47c487a0 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -66,6 +66,4 @@ setw -g mouse on ''; }; - - } diff --git a/flake.lock b/flake.lock index fede0dfa..2f396887 100644 --- a/flake.lock +++ b/flake.lock @@ -674,11 +674,11 @@ "systems": "systems_7" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -837,11 +837,11 @@ ] }, "locked": { - "lastModified": 1708294481, - "narHash": "sha256-DZtxmeb4OR7iCaKUUuq05ADV2rX8WReZEF7Tq//W0+Y=", + "lastModified": 1708806879, + "narHash": "sha256-MSbxtF3RThI8ANs/G4o1zIqF5/XlShHvwjl9Ws0QAbI=", "owner": "nix-community", "repo": "home-manager", - "rev": "a54e05bc12d88ff2df941d0dc1183cb5235fa438", + "rev": "4ee704cb13a5a7645436f400b9acc89a67b9c08a", "type": "github" }, "original": { @@ -858,11 +858,11 @@ ] }, "locked": { - "lastModified": 1707919853, - "narHash": "sha256-qxmBGDzutuJ/tsX4gp+Mr7fjxOZBbeT9ixhS5o4iFOw=", + "lastModified": 1708558280, + "narHash": "sha256-w1ns8evB6N9VTrAojcdXLWenROtd77g3vyClrqeFdG8=", "owner": "nix-community", "repo": "home-manager", - "rev": "043ba285c6dc20f36441d48525402bcb9743c498", + "rev": "0b69d574162cfa6eb7919d5614a48d0185550891", "type": "github" }, "original": { @@ -960,11 +960,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1708421045, - "narHash": "sha256-xoN9rB7Uyoj+fIjMvHN1l3dGyQff7hV4KIVCYDocn4U=", + "lastModified": 1708906061, + "narHash": "sha256-8WlGYMCtggvybPdzQschOoC9r3dl0d3lnGmlTZB6pAw=", "owner": "astro", "repo": "microvm.nix", - "rev": "c3f2eb54f96f56ec93fcccc7f14808f10a61e6ca", + "rev": "4583e2394e1e5723746fb55dbb912385c6c6bda1", "type": "github" }, "original": { @@ -1043,11 +1043,11 @@ ] }, "locked": { - "lastModified": 1707707289, - "narHash": "sha256-YuDt/eSTXMEHv8jS8BEZJgqCcG8Tr3cyqaZjJFXZHsw=", + "lastModified": 1708231718, + "narHash": "sha256-IZdieFWvhBkxoOFMDejqLUYqD94WN6k0YSpw0DFy+4g=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "44f50a5ecaab72a61d5fd8e5c5717bc4bf9c25dd", + "rev": "0e6857fa1d632637488666c08e7b02c08e3178f8", "type": "github" }, "original": { @@ -1074,11 +1074,11 @@ }, "nixlib": { "locked": { - "lastModified": 1708217146, - "narHash": "sha256-nGfEv7k78slqIR5E0zzWSx214d/4/ZPKDkObLJqVLVw=", + "lastModified": 1708821942, + "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e623008d8a46517470e6365505f1a3ce171fa46a", + "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b", "type": "github" }, "original": { @@ -1095,11 +1095,11 @@ ] }, "locked": { - "lastModified": 1708402276, - "narHash": "sha256-7ZTUHdMwy8o6d8ela6H7H3UcS7cyns4D1zuWbmU1dCI=", + "lastModified": 1708940320, + "narHash": "sha256-QOWRJlqT5FRESiaO42/QV/GbSRNKSa4XUDs3cNQsoWI=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "fa146e1a156c83b009b398213c661d6b46d71421", + "rev": "5b7772406956f95e8a0e1f27218b1e7cf6e9164a", "type": "github" }, "original": { @@ -1110,11 +1110,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1708091350, - "narHash": "sha256-o28BJYi68qqvHipT7V2jkWxDiMS1LF9nxUsou+eFUPQ=", + "lastModified": 1708594753, + "narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "106d3fec43bcea19cb2e061ca02531d54b542ce3", + "rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958", "type": "github" }, "original": { @@ -1396,11 +1396,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1702312524, - "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", + "lastModified": 1708475490, + "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "rev": "0e74ca98a74bc7270d28838369593635a5db3260", "type": "github" }, "original": { @@ -1412,11 +1412,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1708405701, - "narHash": "sha256-E78TXiZiR9irWdYAVltRxZPJ+pMxXPU5PjHwqq6XLtI=", + "lastModified": 1708847675, + "narHash": "sha256-RUZ7KEs/a4EzRELYDGnRB6i7M1Izii3JD/LyzH0c6Tg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fa15b53dbea5028db38d6e09b4cef6eba42aeebb", + "rev": "2a34566b67bef34c551f204063faeecc444ae9da", "type": "github" }, "original": { @@ -1427,11 +1427,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1708296515, - "narHash": "sha256-FyF489fYNAUy7b6dkYV6rGPyzp+4tThhr80KNAaF/yY=", + "lastModified": 1708475490, + "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b98a4e1746acceb92c509bc496ef3d0e5ad8d4aa", + "rev": "0e74ca98a74bc7270d28838369593635a5db3260", "type": "github" }, "original": { @@ -1451,11 +1451,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1708419783, - "narHash": "sha256-Ro2X1i01wGUo4ggtutwd3yEgCGRphYMBvzzdaQZuBb8=", + "lastModified": 1708614940, + "narHash": "sha256-36muWApzetaV4WAEeqKsWxW4k2l0u3E841RI4sHPiz0=", "owner": "pta2002", "repo": "nixvim", - "rev": "9d30e87455b2bdb18f5c55ec30ec0268c1f29f98", + "rev": "060a05138ca1a46fc0a0f79ef27f080cac57a59e", "type": "github" }, "original": { @@ -1466,11 +1466,11 @@ }, "nur": { "locked": { - "lastModified": 1708417678, - "narHash": "sha256-NKp/3NkfPV0IjjrhT4xN1k/rRNyiDLSWI1FbGT3er8s=", + "lastModified": 1708938863, + "narHash": "sha256-RwqyijFuO+O6T4IX3eQk64j3zHQHBjNWlP57Mc2wyvY=", "owner": "nix-community", "repo": "NUR", - "rev": "37e2a5836ece4dd373530656ec7d41c0aeee3ff1", + "rev": "3612172937c01525cc14646aea107cc764ed5cb2", "type": "github" }, "original": { @@ -1511,11 +1511,11 @@ ] }, "locked": { - "lastModified": 1707297608, - "narHash": "sha256-ADjo/5VySGlvtCW3qR+vdFF4xM9kJFlRDqcC9ZGI8EA=", + "lastModified": 1708018599, + "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "0db2e67ee49910adfa13010e7f012149660af7f0", + "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431", "type": "github" }, "original": { @@ -1688,11 +1688,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1703273931, - "narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=", + "lastModified": 1708358594, + "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=", "ref": "refs/heads/main", - "rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691", - "revCount": 597, + "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c", + "revCount": 614, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, diff --git a/hosts/thalassa/aoife/default.nix b/hosts/thalassa/aoife/default.nix index 863dcf83..a3c31c0c 100644 --- a/hosts/thalassa/aoife/default.nix +++ b/hosts/thalassa/aoife/default.nix @@ -16,6 +16,10 @@ isLaptop = true; }; + users.users.vivian.extraGroups = [ "adbusers" ]; + + + # Bootloader. boot = { bootspec.enable = true; diff --git a/hosts/thalassa/aoife/uni.nix b/hosts/thalassa/aoife/uni.nix index 6701a86a..620f5968 100644 --- a/hosts/thalassa/aoife/uni.nix +++ b/hosts/thalassa/aoife/uni.nix @@ -2,14 +2,20 @@ # * Wireless IoT and Local Area Networks # * Network Security { pkgs, ... }: { - environment.systemPackages = with pkgs; [ docker-compose ]; + environment.systemPackages = with pkgs; [ + docker-compose + bridge-utils + nettools + wget + ]; programs.wireshark.enable = true; programs.wireshark.package = pkgs.wireshark; - users.extraUsers.vivian.extraGroups = [ "wireshark" "docker" ]; virtualisation.lxc.enable = true; virtualisation.podman.enable = false; virtualisation.docker.enable = true; virtualisation.docker.storageDriver = "btrfs"; + + users.extraUsers.vivian.extraGroups = [ "wireshark" "docker" "lxd" ]; }