Add dtth vpn client and some tools

home/common.nix

@@ -65,9 +65,6 @@
     # Databases
     postgresql
     mariadb
-
-    # Docker, because it's useful ...sometimes
-    docker
   ];
 
   home.sessionVariables = {

modules/common/linux/default.nix

@@ -32,10 +32,20 @@ let
       services.ratbagd.enable = true;
       environment.systemPackages = with pkgs; [ piper ];
     };
+
+    virtualisation = { pkgs, ... }: mkIf cfg.enable {
+      virtualisation.podman = {
+        enable = true;
+        dockerCompat = true;
+        defaultNetwork.settings.dns_enabled = true;
+      };
+
+      virtualisation.oci-containers.backend = "podman";
+    };
   };
 in
 {
-  imports = with modules; [ adb ios wlr logitech ];
+  imports = with modules; [ adb ios wlr logitech virtualisation ];
 
   options.common.linux = {
     enable = mkOption {

nki-home/configuration.nix

@@ -39,6 +39,38 @@ with lib;
     };
   nki.services.edns.enable = true;
   nki.services.edns.ipv6 = true;
+  ## DTTH Wireguard
+  #
+  sops.secrets."dtth-wg/private-key" = { owner = "root"; group = "systemd-network"; mode = "0640"; };
+  sops.secrets."dtth-wg/preshared-key" = { owner = "root"; group = "systemd-network"; mode = "0640"; };
+  systemd.network.netdevs."10-dtth-wg" = {
+    netdevConfig = {
+      Kind = "wireguard";
+      Name = "dtth-wg";
+      MTUBytes = "1280";
+    };
+    wireguardConfig = {
+      PrivateKeyFile = config.sops.secrets."dtth-wg/private-key".path;
+    };
+    wireguardPeers = [{
+      wireguardPeerConfig = {
+        PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ=";
+        PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path;
+        AllowedIPs = [ "100.64.0.0/10" "fd00::/106" ];
+        Endpoint = "vpn.dtth.ch:51820";
+        PersistentKeepalive = 25;
+      };
+    }];
+  };
+  systemd.network.networks."dtth-wg" = {
+    matchConfig.Name = "dtth-wg";
+    address = [ "100.73.146.80/32" "fd00::33:105b/128" ];
+    DHCP = "no";
+    routes = [
+      { routeConfig = { Destination = "100.64.0.0/10"; Scope = "link"; }; }
+      { routeConfig.Destination = "fd00::/106"; }
+    ];
+  };
 
   # Define a user account. 
   common.linux.username = "nki";

nki-home/secrets/secrets.yaml

@@ -8,6 +8,9 @@ windscribe:
 scrobble:
     lastfm: ENC[AES256_GCM,data:+3G9zwmAu/B9omG0KUT0b5G+lJ4=,iv:ubrE4A35si9f6+m2sAino4SfOf9F4g2UjtF2Yy9n2e4=,tag:A/e6GECfIZuX2bVGPo9qyA==,type:str]
     listenbrainz: ENC[AES256_GCM,data:FNSJnYEQd+LgInmdyqcaAQG6imiJS/OPBEe2fBKQGKBjpCLy,iv:qhloVpcwcGwRDn6vOujgmvelbPl2korhELfyf5BvdjM=,tag:WnLaMUtHsxBaXNTAKwchkQ==,type:str]
+dtth-wg:
+    private-key: ENC[AES256_GCM,data:ySxPGzOplKwNLxRnPNw7If7xzxMwRkwTasT7FaQE9n5YB04R+gaQVjDqPqg=,iv:f5t94bUoo9sCGGwWytiuhg5jcKjzRjbR3Q0OIM28VDU=,tag:fJos9Hb9XytQbfGaPMa1/A==,type:str]
+    preshared-key: ENC[AES256_GCM,data:96q0ZfvPz4pb53XvTGameVkcETamYH8Xbv69672RBdacH6QjRCCVvPnBTfA=,iv:Q2Yonb07/Uu6KidhMgRX4zJuNU1ZySNC7g/5TwpMU80=,tag:1qQQdk20yIQlGZmX+/25RA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -41,8 +44,8 @@ sops:
             bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw
             hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-09-16T10:37:15Z"
+    lastmodified: "2023-04-29T13:03:22Z"
-    mac: ENC[AES256_GCM,data:+YW1Jbs2En9QEbSm994LeKGDQ411mpBz4ZjM0FM/W1S8IQMeMuUZL3Ku8JCjB3u2a6nX4TdqOUGrWSpq5QScgu1avXIdGNPyais2YVTRu0vUoya/X4hOqXykVVgio8LOMcS73oQZQazUmTDYGW5ytbfdtrZo9+gKffzJ2nziOoE=,iv:SCnEb95tCVkCqbccOPCrMrF2Gaz6+esPTRNPD7Zb+M8=,tag:LGDtm+MepZZRFFsJKvFlfw==,type:str]
+    mac: ENC[AES256_GCM,data:ZNDRS6LLy89TZoW27c57RMnjs6M/GBH0XfKKlrhys8gL7+I0V/++ry59VDbLxvqS4nPR4C5hk777+B5dqnseyYW2xRT3NKYxocCQu5kO6A8L/wB00j3bm3SSIGwLcKJPibEqi7ymU53K0bmZdjRMChkBwv3CnDNkM3Dc6rvZ2DM=,iv:Z1ZjnYW1Yk+oEzNknQDytTengjKxcud95LZTFfKMnpw=,tag:pnZ+UGQWuRCKoTll00oUKA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3