diff --git a/derivations/nu_plugin_dns.nix b/derivations/nu_plugin_dns.nix new file mode 100644 index 0000000..2e0ec48 --- /dev/null +++ b/derivations/nu_plugin_dns.nix @@ -0,0 +1,23 @@ +{ lib, fetchFromGitHub, rustPlatform }: + +rustPlatform.buildRustPackage rec { + pname = "nu_plugin_dns"; + version = "v1.0.5"; + doCheck = false; + + src = fetchFromGitHub { + owner = "dead10ck"; + repo = pname; + rev = version; + sha256 = "sha256-Qnj0oe+OnxlGoah7kr1ni50iKC0xCQ5fFC2GQ8iHqDc="; + }; + + cargoSha256 = "sha256-JEZ7Ng+woHEkCDzcUUqrQvl9cM7kiUtdLmZUidC3Vxs="; + + meta = with lib; { + description = "DNS utility for nushell"; + homepage = "https://github.com/dead10ck/nu_plugin_dns"; + license = licenses.mpl20; + maintainers = [ ]; + }; +} \ No newline at end of file diff --git a/home/home.nix b/home/home.nix index 6a4ff7b..1ae34d8 100644 --- a/home/home.nix +++ b/home/home.nix @@ -49,11 +49,14 @@ wl-clipboard-x11 (callPackage ../derivations/audiorelay.nix { }) (callPackage ../derivations/spotify.nix { }) + (callPackage ../derivations/nu_plugin_dns.nix { }) xorg.xwininfo jq ]) ++ (with unstable; [ xfce.thunar rustdesk-flutter + autossh + scrcpy nixfmt btop htop diff --git a/home/scripts.nix b/home/scripts.nix index afbd334..1ccb780 100644 --- a/home/scripts.nix +++ b/home/scripts.nix @@ -2,55 +2,67 @@ let ephemeralbrowser = pkgs.writeScriptBin "ephemeralbrowser" '' - #!/usr/bin/env bash + #!/usr/bin/env bash - default_interface=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '/default/ {print $5}') - interfaces=$(${pkgs.iproute2}/bin/ip -o -4 addr show | ${pkgs.gawk}/bin/awk '$4 ~ /\/24/ {print $2}' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/|/g') + default_interface=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '/default/ {print $5}') + interfaces=$(${pkgs.iproute2}/bin/ip -o -4 addr show | ${pkgs.gawk}/bin/awk '$4 ~ /\/24/ {print $2}' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/|/g') - # The difference between default_interface and and default chose option is that default_interface is used to get dhcp from it, and default is for leave network as is without tweaking it (e.g. VPN/proxy/whatever) + # The difference between default_interface and and default chose option is that default_interface is used to get dhcp from it, and default is for leave network as is without tweaking it (e.g. VPN/proxy/whatever) - result=$(${pkgs.gnome.zenity}/bin/zenity --forms --title="Configuration" \ - --text="Please configure your settings" \ - --add-combo="Browser:" --combo-values="google_chrome|chromium" \ - --add-combo="Network Interface:" --combo-values="default|"$interfaces \ - --add-combo="DNS Server:" --combo-values="dhcp|1.1.1.1|8.8.8.8|77.88.8.1") + result=$(${pkgs.gnome.zenity}/bin/zenity --forms --title="Configuration" \ + --text="Please configure your settings" \ + --add-combo="Browser:" --combo-values="google_chrome|ungoogled_chromium|firefox" \ + --add-combo="Network Interface:" --combo-values="default|"$interfaces \ + --add-combo="DNS Server:" --combo-values="dhcp|1.1.1.1|8.8.8.8|77.88.8.1") - browser=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f1) - interface=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f2) - dns=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f3) + if [[ -z $result ]]; then + exit 1 + fi - if [[ $dns == "dhcp" ]]; then - ${pkgs.coreutils}/bin/echo "Getting DNS from DHCP..." - dns=$(${pkgs.networkmanager}/bin/nmcli device show $default_interface | ${pkgs.gnugrep}/bin/grep 'IP4.DNS\[1\]' | ${pkgs.coreutils}/bin/head -n 1 | ${pkgs.gawk}/bin/awk '{print $2}') - ${pkgs.coreutils}/bin/echo "DHCP's dns is $dns" - fi + browser=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f1) + interface=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f2) + dns=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f3) - ${pkgs.coreutils}/bin/mkdir -p /tmp/ephemeralbrowser + if [[ $dns == "dhcp" ]]; then + ${pkgs.coreutils}/bin/echo "Getting DNS from DHCP..." + dns=$(${pkgs.networkmanager}/bin/nmcli device show $default_interface | ${pkgs.gnugrep}/bin/grep 'IP4.DNS\[1\]' | ${pkgs.coreutils}/bin/head -n 1 | ${pkgs.gawk}/bin/awk '{print $2}') + ${pkgs.coreutils}/bin/echo "DHCP's dns is $dns" + fi - if [[ $browser == "google_chrome" ]]; then - browser_path="${pkgs.google-chrome}/bin/google-chrome-stable" - profile="google-chrome" - elif [[ $browser == "chromium" ]]; then - browser_path="${pkgs.chromium}/bin/chromium" - profile="chromium" - fi + ${pkgs.coreutils}/bin/mkdir -p /tmp/ephemeralbrowser + + if [[ $browser == "google_chrome" ]]; then + browser_path="${pkgs.google-chrome}/bin/google-chrome-stable https://ifconfig.me" + profile="google-chrome" + elif [[ $browser == "ungoogled_chromium" ]]; then + browser_path="${pkgs.ungoogled-chromium}/bin/chromium https://ifconfig.me" + profile="chromium" + elif [[ $browser == "firefox" ]]; then + browser_path="${pkgs.firefox}/bin/firefox -no-remote https://ifconfig.me" + profile="firefox" + fi - ${pkgs.libnotify}/bin/notify-send --icon=google-chrome-unstable "Ephemeral Browser" "$browser | $interface | $dns" + ${pkgs.libnotify}/bin/notify-send --icon=google-chrome-unstable "Ephemeral Browser" "$browser | $interface | $dns" - if [[ $interface != "default" ]]; then - firejail --ignore='include whitelist-run-common.inc' \ - --private=/tmp/ephemeralbrowser \ - --profile="$profile" \ - --net="$interface" \ - --dns="$dns" \ - "$browser_path" https://ifconfig.me - else - firejail --ignore='include whitelist-run-common.inc' \ - --private=/tmp/ephemeralbrowser \ - --profile="$profile" \ - --dns="$dns" \ - "$browser_path" https://ifconfig.me - fi + # FOR SOME FUCKING REASON https://github.com/netblue30/firejail/issues/2869#issuecomment-546579293 + if [[ $interface != "default" ]]; then + firejail \ + --ignore='include whitelist-run-common.inc' \ + --blacklist='/var/run/nscd' \ + --private=/tmp/ephemeralbrowser \ + --profile="$profile" \ + --net="$interface" \ + --dns="$dns" \ + bash -c "$browser_path" + else + firejail \ + --ignore='include whitelist-run-common.inc' \ + --blacklist='/var/run/nscd' \ + --private=/tmp/ephemeralbrowser \ + --profile="$profile" \ + --dns="$dns" \ + bash -c "$browser_path" + fi ''; keepassxc = pkgs.writeScriptBin "keepassxc" '' diff --git a/hosts/dlaptop/configuration.nix b/hosts/dlaptop/configuration.nix index 4eb4af3..558fd0a 100644 --- a/hosts/dlaptop/configuration.nix +++ b/hosts/dlaptop/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ inputs, stable, unstable, config, pkgs, age, ... }: +{ inputs, stable, unstable, config, pkgs, age, lib, ... }: { time.timeZone = "Europe/Moscow"; @@ -39,30 +39,59 @@ environment.sessionVariables = { QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; QT_QPA_PLATFORM = "wayland"; - STEAM_FORCE_DESKTOPUI_SCALING = "2"; + STEAM_FORCE_DESKTOPUI_SCALING = "1"; NIXOS_OZONE_WL = "1"; }; - services.dnscrypt-proxy2 = { - enable = true; - settings = { - ipv6_servers = true; - require_dnssec = true; - server_names = [ "cloudflare" ]; - }; - }; - - systemd.services.dnscrypt-proxy2.serviceConfig = { - StateDirectory = "dnscrypt-proxy"; - }; + #services.dnscrypt-proxy2 = { + # enable = true; + # settings = { + # ipv6_servers = true; + # require_dnssec = true; + # server_names = [ "cloudflare" ]; + # }; + #}; + users.groups.no-net = {}; + #services.connman.wifi.backend = "iwd"; networking = { hostName = "dlaptop"; - nameservers = [ "127.0.0.1" "::1" ]; + nameservers = [ "100.92.15.128" "fd7a:115c:a1e0::b21c:f80" ]; networkmanager.dns = "none"; networkmanager.enable = true; + #wireless.iwd.enable = true; + #networkmanager.wifi.backend = "iwd"; + useDHCP = lib.mkDefault true; + interfaces.wlp1s0.proxyARP = true; + iproute2.enable = true; firewall = { - enable = false; + enable = true; + allowedTCPPorts = [ + # qbittorrent + 4780 + # audiorelay + 59100 + # localsend + 53317 + #syncthing + 22000 + ]; + allowedUDPPorts = [ + # audiorelay + 59100 + 59200 + # localsend + 53317 + #syncthing + 22000 + 21027 + ]; + allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kde connect + allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; + checkReversePath = "loose"; + extraCommands = '' + iptables -A OUTPUT -m owner --gid-owner no-net -j REJECT + ''; }; }; @@ -159,6 +188,7 @@ hardware.pulseaudio.enable = false; services.tailscale.enable = true; + services.syncthing.enable = true; services.blueman.enable = true; services.tumbler.enable = true; services.gvfs.enable = true; @@ -229,7 +259,9 @@ gnomeExtensions.tiling-assistant #gnomeExtensions.wintile-windows-10-window-tiling-for-gnome gnomeExtensions.advanced-alttab-window-switcher + gnomeExtensions.syncthing-indicator gnome.gnome-tweaks + mojave-gtk-theme adw-gtk3 any-nix-shell @@ -246,6 +278,7 @@ #firefox_nightly #inputs.anyrun.packages.${pkgs.system}.anyrun inputs.telegram-desktop-patched-unstable.packages.${pkgs.system}.default + inputs.ayugram-desktop.packages.${pkgs.system}.default inputs.agenix.packages.x86_64-linux.default ]; diff --git a/hosts/generic.nix b/hosts/generic.nix index ba495c0..5b4b4de 100644 --- a/hosts/generic.nix +++ b/hosts/generic.nix @@ -54,8 +54,19 @@ in { git micro nano + fishPlugins.grc + fishPlugins.autopair + fishPlugins.z + #fishPlugins.tide + #fishPlugins.hydro + fishPlugins.fzf-fish + fishPlugins.sponge + grc unstable.nh any-nix-shell + dnsutils + inetutils + killall ]; programs.command-not-found.enable = false; @@ -64,11 +75,13 @@ in { shellAliases = { rebuild = "nh os switch"; rollback = "sudo nixos-rebuild switch --rollback --flake ~/Documents/dotfiles/"; + haste = "HASTE_SERVER='https://haste.delch.workers.dev' ${pkgs.haste-client}/bin/haste"; }; promptInit = '' set TERM "xterm-256color" set fish_greeting - any-nix-shell fish --info-right | source + ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source + #tide configure --auto --style=Lean --prompt_colors='16 colors' --show_time=No --lean_prompt_height='Two lines' --prompt_connection=Disconnected --prompt_spacing=Compact --icons='Few icons' --transient=No ''; }; users.defaultUserShell = pkgs.fish;