refactor(gs/chupacabra): Vendor urbint config

If I want to build this on TVL's CI I can't reference ~/code/urb/urbos,
obviously, so I'll just vendor it here which is fine

Change-Id: I40feb4b29fafae1d3bb0119b7cca1613a4582fdc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/885
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI

users/glittershark/system/system/machines/chupacabra.nix

@@ -4,6 +4,7 @@
     ../modules/common.nix
     ../modules/reusable/battery.nix
     ../modules/tvl.nix
+    ../modules/urbint.nix
   ];
 
   hardware.enableRedistributableFirmware = true;

users/glittershark/system/system/modules/common.nix

@@ -8,7 +8,6 @@
       ./sound.nix
       ./kernel.nix
       ./rtlsdr.nix
-      /home/grfn/code/urb/urbos/system
     ];
 
   boot.loader.systemd-boot.enable = true;
@@ -129,9 +128,6 @@
     };
   };
 
-  urbos.enable = true;
-  urbos.username = "grfn";
-
   services.udev.extraRules = ''
     # UDEV rules for Teensy USB devices
     ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"

users/glittershark/system/system/modules/urbint.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+{
+  virtualisation.docker.enable = true;
+
+  nix = rec {
+    binaryCaches = [ "https://nix.urbinternal.com" ];
+    trustedBinaryCaches = binaryCaches;
+    requireSignedBinaryCaches = false;
+  };
+
+  services.openvpn.servers.urbint = {
+    config = ''
+      config /root/openvpn/urbint.conf
+    '';
+    autoStart = false;
+  };
+
+  users.users."grfn".extraGroups = [ "docker" ];
+
+  services.clamav = {
+    daemon.enable = true;
+    updater = {
+      enable = true;
+      interval = "daily";
+      frequency = 1; # per day
+    };
+  };
+}