upd idk ayuogram

2025-12-06 07:16:37 +03:00 · 2024-03-12 16:03:57 +03:00 · 2024-03-12 16:03:57 +03:00 · 4608c137ec
parent 547c582aef
commit 4608c137ec
5 changed files with 141 additions and 57 deletions
--- a/derivations/nu_plugin_dns.nix
+++ b/derivations/nu_plugin_dns.nix
@ -0,0 +1,23 @@
 { lib, fetchFromGitHub, rustPlatform }:
 rustPlatform.buildRustPackage rec {
  pname = "nu_plugin_dns";
  version = "v1.0.5";
  doCheck = false;
  src = fetchFromGitHub {
    owner = "dead10ck";
    repo = pname;
    rev = version;
    sha256 = "sha256-Qnj0oe+OnxlGoah7kr1ni50iKC0xCQ5fFC2GQ8iHqDc=";
  };
  cargoSha256 = "sha256-JEZ7Ng+woHEkCDzcUUqrQvl9cM7kiUtdLmZUidC3Vxs=";
  meta = with lib; {
    description = "DNS utility for nushell";
    homepage = "https://github.com/dead10ck/nu_plugin_dns";
    license = licenses.mpl20;
    maintainers = [ ];
  };
 }
--- a/home/home.nix
+++ b/home/home.nix
@ -49,11 +49,14 @@
    wl-clipboard-x11
    (callPackage ../derivations/audiorelay.nix { })
    (callPackage ../derivations/spotify.nix { })
    (callPackage ../derivations/nu_plugin_dns.nix { })
    xorg.xwininfo
    jq
  ]) ++ (with unstable; [
    xfce.thunar
    rustdesk-flutter
    autossh
    scrcpy
    nixfmt
    btop
    htop
--- a/home/scripts.nix
+++ b/home/scripts.nix
@ -2,55 +2,67 @@
 let 
  ephemeralbrowser = pkgs.writeScriptBin "ephemeralbrowser" ''
-  #!/usr/bin/env bash
+    #!/usr/bin/env bash
-  default_interface=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '/default/ {print $5}')
+    default_interface=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '/default/ {print $5}')
-  interfaces=$(${pkgs.iproute2}/bin/ip -o -4 addr show | ${pkgs.gawk}/bin/awk '$4 ~ /\/24/ {print $2}' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/|/g')
+    interfaces=$(${pkgs.iproute2}/bin/ip -o -4 addr show | ${pkgs.gawk}/bin/awk '$4 ~ /\/24/ {print $2}' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/|/g')
-  # The difference between default_interface and and default chose option is that default_interface is used to get dhcp from it, and default is for leave network as is without tweaking it (e.g. VPN/proxy/whatever)
+    # The difference between default_interface and and default chose option is that default_interface is used to get dhcp from it, and default is for leave network as is without tweaking it (e.g. VPN/proxy/whatever)
-  result=$(${pkgs.gnome.zenity}/bin/zenity --forms --title="Configuration" \
+    result=$(${pkgs.gnome.zenity}/bin/zenity --forms --title="Configuration" \
-    --text="Please configure your settings" \
+      --text="Please configure your settings" \
-    --add-combo="Browser:" --combo-values="google_chrome|chromium" \
+      --add-combo="Browser:" --combo-values="google_chrome|ungoogled_chromium|firefox" \
-    --add-combo="Network Interface:" --combo-values="default|"$interfaces \
+      --add-combo="Network Interface:" --combo-values="default|"$interfaces \
-    --add-combo="DNS Server:" --combo-values="dhcp|1.1.1.1|8.8.8.8|77.88.8.1")
+      --add-combo="DNS Server:" --combo-values="dhcp|1.1.1.1|8.8.8.8|77.88.8.1")
-  browser=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f1)
+    if [[ -z $result ]]; then
-  interface=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f2)
+      exit 1
-  dns=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f3)
+    fi
-  if [[ $dns == "dhcp" ]]; then
+    browser=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f1)
-    ${pkgs.coreutils}/bin/echo "Getting DNS from DHCP..."
+    interface=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f2) 
-    dns=$(${pkgs.networkmanager}/bin/nmcli device show $default_interface | ${pkgs.gnugrep}/bin/grep 'IP4.DNS\[1\]' | ${pkgs.coreutils}/bin/head -n 1 | ${pkgs.gawk}/bin/awk '{print $2}')
+    dns=$(${pkgs.coreutils}/bin/echo "$result" | cut -d'|' -f3)
    ${pkgs.coreutils}/bin/echo "DHCP's dns is $dns"
  fi
-  ${pkgs.coreutils}/bin/mkdir -p /tmp/ephemeralbrowser
+    if [[ $dns == "dhcp" ]]; then
      ${pkgs.coreutils}/bin/echo "Getting DNS from DHCP..."
      dns=$(${pkgs.networkmanager}/bin/nmcli device show $default_interface | ${pkgs.gnugrep}/bin/grep 'IP4.DNS\[1\]' | ${pkgs.coreutils}/bin/head -n 1 | ${pkgs.gawk}/bin/awk '{print $2}')
      ${pkgs.coreutils}/bin/echo "DHCP's dns is $dns"
    fi
-  if [[ $browser == "google_chrome" ]]; then
+    ${pkgs.coreutils}/bin/mkdir -p /tmp/ephemeralbrowser
-    browser_path="${pkgs.google-chrome}/bin/google-chrome-stable"
+  
-    profile="google-chrome"
+    if [[ $browser == "google_chrome" ]]; then
-  elif [[ $browser == "chromium" ]]; then
+      browser_path="${pkgs.google-chrome}/bin/google-chrome-stable https://ifconfig.me"
-    browser_path="${pkgs.chromium}/bin/chromium"
+      profile="google-chrome"
-    profile="chromium"
+    elif [[ $browser == "ungoogled_chromium" ]]; then
-  fi
+      browser_path="${pkgs.ungoogled-chromium}/bin/chromium https://ifconfig.me"
      profile="chromium"
    elif [[ $browser == "firefox" ]]; then
      browser_path="${pkgs.firefox}/bin/firefox -no-remote https://ifconfig.me"
      profile="firefox"
    fi
-  ${pkgs.libnotify}/bin/notify-send --icon=google-chrome-unstable "Ephemeral Browser" "$browser | $interface | $dns" 
+    ${pkgs.libnotify}/bin/notify-send --icon=google-chrome-unstable "Ephemeral Browser" "$browser | $interface | $dns" 
-  if [[ $interface != "default" ]]; then
+    # FOR SOME FUCKING REASON https://github.com/netblue30/firejail/issues/2869#issuecomment-546579293
-    firejail --ignore='include whitelist-run-common.inc' \
+    if [[ $interface != "default" ]]; then
-      --private=/tmp/ephemeralbrowser \
+      firejail \
-      --profile="$profile" \
+        --ignore='include whitelist-run-common.inc' \
-      --net="$interface" \
+        --blacklist='/var/run/nscd' \
-      --dns="$dns" \
+        --private=/tmp/ephemeralbrowser \
-      "$browser_path" https://ifconfig.me
+        --profile="$profile" \
-  else
+        --net="$interface" \
-    firejail --ignore='include whitelist-run-common.inc' \
+        --dns="$dns" \
-      --private=/tmp/ephemeralbrowser \
+        bash -c "$browser_path"
-      --profile="$profile" \
+    else
-      --dns="$dns" \
+      firejail \
-      "$browser_path" https://ifconfig.me
+        --ignore='include whitelist-run-common.inc' \
-  fi
+        --blacklist='/var/run/nscd' \
        --private=/tmp/ephemeralbrowser \
        --profile="$profile" \
        --dns="$dns" \
        bash -c "$browser_path"
    fi
  '';
  keepassxc = pkgs.writeScriptBin "keepassxc" ''
--- a/hosts/dlaptop/configuration.nix
+++ b/hosts/dlaptop/configuration.nix
@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-{ inputs, stable, unstable, config, pkgs, age, ... }:
+{ inputs, stable, unstable, config, pkgs, age, lib, ... }:
 {
  time.timeZone = "Europe/Moscow";
@ -39,30 +39,59 @@
  environment.sessionVariables = {
    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
    QT_QPA_PLATFORM = "wayland";
-    STEAM_FORCE_DESKTOPUI_SCALING = "2";
+    STEAM_FORCE_DESKTOPUI_SCALING = "1";
    NIXOS_OZONE_WL = "1";
  };
-  services.dnscrypt-proxy2 = {
+  #services.dnscrypt-proxy2 = {
-    enable = true;
+  #  enable = true;
-    settings = {
+  #  settings = {
-      ipv6_servers = true;
+  #    ipv6_servers = true;
-      require_dnssec = true;
+  #    require_dnssec = true;
-      server_names = [ "cloudflare" ];
+  #    server_names = [ "cloudflare" ];
-    };
+  #  };
-  };
+  #};
  systemd.services.dnscrypt-proxy2.serviceConfig = {
    StateDirectory = "dnscrypt-proxy";
  };
  users.groups.no-net = {};
  #services.connman.wifi.backend = "iwd";
  networking = {
    hostName = "dlaptop";
-    nameservers = [ "127.0.0.1" "::1" ];
+    nameservers = [ "100.92.15.128" "fd7a:115c:a1e0::b21c:f80" ];
    networkmanager.dns = "none"; 
    networkmanager.enable = true;
    #wireless.iwd.enable = true;
    #networkmanager.wifi.backend = "iwd";
    useDHCP = lib.mkDefault true;
    interfaces.wlp1s0.proxyARP = true;
    iproute2.enable = true;
    firewall = {
-      enable = false;
+      enable = true;
      allowedTCPPorts = [
        # qbittorrent
        4780 
        # audiorelay
        59100
        # localsend
        53317
        #syncthing
        22000
      ];
      allowedUDPPorts = [
        # audiorelay
        59100
        59200
        # localsend
        53317
        #syncthing
        22000
        21027
      ];
      allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kde connect
      allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
      checkReversePath = "loose";
      extraCommands = ''
        iptables -A OUTPUT -m owner --gid-owner no-net -j REJECT
      '';
    };
  };
@ -159,6 +188,7 @@
  hardware.pulseaudio.enable = false;
  services.tailscale.enable = true;
  services.syncthing.enable = true;
  services.blueman.enable = true;
  services.tumbler.enable = true;
  services.gvfs.enable = true;
@ -229,7 +259,9 @@
    gnomeExtensions.tiling-assistant
    #gnomeExtensions.wintile-windows-10-window-tiling-for-gnome
    gnomeExtensions.advanced-alttab-window-switcher
    gnomeExtensions.syncthing-indicator
    gnome.gnome-tweaks
    mojave-gtk-theme
    adw-gtk3
    any-nix-shell
@ -246,6 +278,7 @@
    #firefox_nightly
    #inputs.anyrun.packages.${pkgs.system}.anyrun
    inputs.telegram-desktop-patched-unstable.packages.${pkgs.system}.default
    inputs.ayugram-desktop.packages.${pkgs.system}.default
    inputs.agenix.packages.x86_64-linux.default
  ];
--- a/hosts/generic.nix
+++ b/hosts/generic.nix
@ -54,8 +54,19 @@ in {
    git
    micro
    nano
    fishPlugins.grc
    fishPlugins.autopair
    fishPlugins.z
    #fishPlugins.tide
    #fishPlugins.hydro
    fishPlugins.fzf-fish
    fishPlugins.sponge
    grc
    unstable.nh
    any-nix-shell
    dnsutils
    inetutils
    killall
  ];
  programs.command-not-found.enable = false;
@ -64,11 +75,13 @@ in {
    shellAliases = {
      rebuild = "nh os switch";
      rollback = "sudo nixos-rebuild switch --rollback --flake ~/Documents/dotfiles/";
      haste = "HASTE_SERVER='https://haste.delch.workers.dev' ${pkgs.haste-client}/bin/haste";
    };
    promptInit = ''
      set TERM "xterm-256color"
      set fish_greeting
-      any-nix-shell fish --info-right | source
+      ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source  
      #tide configure --auto --style=Lean --prompt_colors='16 colors' --show_time=No --lean_prompt_height='Two lines' --prompt_connection=Disconnected --prompt_spacing=Compact --icons='Few icons' --transient=No 
    '';
  };
  users.defaultUserShell = pkgs.fish;