From 9c0c55ec5ecf4ba1c3c4aaa9905d6e8b65391e0c Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 31 Mar 2024 20:12:53 +0300 Subject: [PATCH] vscode upd + trans socks + some other small fixes --- apps/apps.nix | 33 +++------------ apps/scripts.nix | 2 +- apps/socks.nix | 85 +++++++++++++++++++++++++++++--------- derivations/microsocks.nix | 22 ++++++++++ flake.lock | 40 +++++++++--------- flake.nix | 2 +- home/home.nix | 11 ++++- hosts/dlaptop/hardware.nix | 6 +++ hosts/dlaptop/services.nix | 44 ++++++++++---------- hosts/generic.nix | 31 ++++++++------ 10 files changed, 171 insertions(+), 105 deletions(-) create mode 100644 derivations/microsocks.nix diff --git a/apps/apps.nix b/apps/apps.nix index 652834c..877edb3 100644 --- a/apps/apps.nix +++ b/apps/apps.nix @@ -94,32 +94,9 @@ in { ripgrep gh # for nvim lunarvim # text edit lexend # font from google (non-mono) - # (pkgs.writeScriptBin "kitty" "${pkgs.kitty}/bin/kitty --single-instance --config ${kitty_config} $@") - # (pkgs.writeScriptBin "kitten" "${pkgs.kitty}/bin/kitten $@") - # (pkgs.makeDesktopItem { - # type = "Application"; - # name = "kitty"; - # desktopName = "kitty"; - # genericName = "Terminal Emulator"; - # comment = "Fast, feature-rich, GPU based terminal"; - # tryExec = "kitty"; - # exec = "kitty"; - # icon = "kitty"; - # categories = [ "System" "TerminalEmulator"]; - # }) - # (pkgs.makeDesktopItem { - # type = "Application"; - # name = "kitty URL Launcher"; - # desktopName = "kitty URL Launcher"; - # genericName = "Terminal Emulator"; - # comment = "Open URLs with kitty"; - # tryExec = "kitty"; - # exec = "kitty +open %U"; - # icon = "kitty"; - # categories = [ "System" "TerminalEmulator"]; - # noDisplay = true; - # mimeTypes = [ "image/*" "application/x-sh" "application/x-shellscript" "inode/directory" "text/*" "x-scheme-handler/kitty" "x-scheme-handler/ssh" ]; - # }) + jamesdsp easyeffects + nmap + wget ]); programs.firefox = { @@ -198,8 +175,8 @@ in { (extension "tampermonkey" "firefox@tampermonkey.net") #(extension "torrent-control" "{e6e36c9a-8323-446c-b720-a176017e38ff}") (extension "unpaywall" "{f209234a-76f0-4735-9920-eb62507a54cd}") - (extension "ctrl-number-to-switch-tabs" - "{84601290-bec9-494a-b11c-1baa897a9683}") + (extension "ctrl-number-to-switch-tabs" "{84601290-bec9-494a-b11c-1baa897a9683}") + (extension "temporary-containers" "{c607c8df-14a7-4f28-894f-29e8722976af}") ]; }; }; diff --git a/apps/scripts.nix b/apps/scripts.nix index 4c70764..0d444c1 100644 --- a/apps/scripts.nix +++ b/apps/scripts.nix @@ -35,7 +35,7 @@ let browser_path="${pkgs.google-chrome}/bin/google-chrome-stable https://ifconfig.me" profile="google-chrome" elif [[ $browser == "ungoogled_chromium" ]]; then - browser_path="${pkgs.ungoogled-chromium}/bin/chromium https://ifconfig.me" + browser_path="${pkgs.ungoogled-chromium}/bin/chromium --user-data-dir=/tmp/ephemeralbrowser/.config/chromium https://ifconfig.me" profile="chromium" elif [[ $browser == "firefox" ]]; then browser_path="${pkgs.firefox}/bin/firefox -no-remote https://ifconfig.me" diff --git a/apps/socks.nix b/apps/socks.nix index e91d030..84b14ff 100644 --- a/apps/socks.nix +++ b/apps/socks.nix @@ -22,7 +22,13 @@ let script = attrs.script; preStart = "while true; do ip addr show dev novpn1 | grep -q 'inet' && break; sleep 1; done"; - path = with pkgs; [ shadowsocks-libev shadowsocks-v2ray-plugin sing-box wireproxy iproute2 ]; + path = with pkgs; [ + iproute2 + shadowsocks-libev + shadowsocks-v2ray-plugin + sing-box + wireproxy + (callPackage ../derivations/microsocks.nix {}) ]; }; }; @@ -30,7 +36,8 @@ let socksed = [ { name = "singbox-aus"; script = "sing-box run -c /run/secrets/singbox-aus"; } # port 4000 - { name = "socks-warp"; script = "wireproxy -c /etc/wireguard/warp0.conf"; } # port 3333 + { name = "socks-warp"; script = "wireproxy -c /etc/wireguard/warp0.conf"; } # port 3333 + { name = "socks-novpn"; script = "microsocks -i 192.168.150.2 -p 3334"; } # port 3334 ]; delete_rules = pkgs.writeScriptBin "delete_rules" '' @@ -117,27 +124,67 @@ in { }; users.groups.socks = {}; - systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { novpn = { - enable = true; - description = "novpn namespace"; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - wants = map (s: "${s.name}.service") socksed ++ [ "network-online.target"]; + systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { + novpn = { + enable = true; + description = "novpn namespace"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + wants = map (s: "${s.name}.service") socksed ++ [ "network-online.target"]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = "15"; - ExecStart = "${start_novpn}/bin/start_novpn"; - ExecStop = "${stop_novpn}/bin/stop_novpn"; - Type = "simple"; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "15"; + ExecStart = "${start_novpn}/bin/start_novpn"; + ExecStop = "${stop_novpn}/bin/stop_novpn"; + StateDirectory = "novpn"; + Type = "simple"; + }; + + preStart = "${stop_novpn}/bin/stop_novpn && ip netns add novpn"; + path = with pkgs; [ gawk iproute2 iptables sysctl coreutils ]; }; - - preStart = "${stop_novpn}/bin/stop_novpn && ip netns add novpn"; - path = with pkgs; [ gawk iproute2 iptables sysctl coreutils ]; - };}; + + warp-svc = { + enable = true; + description = "Cloudflare Zero Trust Client Daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "pre-network.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "on-failure"; + RestartSec = "15"; + DynamicUser = "no"; + # ReadOnlyPaths = "/etc/resolv.conf"; + CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE"; + AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE"; + StateDirectory = "cloudflare-warp"; + RuntimeDirectory = "cloudflare-warp"; + LogsDirectory = "cloudflare-warp"; + ExecStart = "${pkgs.cloudflare-warp}/bin/warp-svc"; + }; + + postStart = '' + while true; do + set -e + status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true) + set +e + + if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then + ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408 + exit 0 + fi + sleep 1 + done + ''; + }; + + tor.wantedBy = lib.mkForce []; + }; users.users.delta.packages = [ - (pkgs.writeScriptBin "nyx" ''sudo -u tor -g tor ${inputs.nixpkgs-2105.legacyPackages."x86_64-linux".nyx}/bin/nyx $@'') + (pkgs.writeScriptBin "nyx" ''sudo -u tor -g tor ${inputs.nixpkgs2105.legacyPackages."x86_64-linux".nyx}/bin/nyx $@'') ]; services.tor = { diff --git a/derivations/microsocks.nix b/derivations/microsocks.nix new file mode 100644 index 0000000..a7201c4 --- /dev/null +++ b/derivations/microsocks.nix @@ -0,0 +1,22 @@ +{ pkgs, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation { + pname = "microsocks"; + version = "1.0.4"; + + src = fetchFromGitHub { + owner = "rofl0r"; + repo = "microsocks"; + rev = "v1.0.4"; + sha256 = "sha256-cB2XMWjoZ1zLAmAfl/nqjdOyBDKZ+xtlEmqsZxjnFn0="; + }; + + buildPhase = '' + make + ''; + + installPhase = '' + mkdir -p $out/bin/ + cp ./microsocks $out/bin/ + ''; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index 2e02592..d7a233c 100644 --- a/flake.lock +++ b/flake.lock @@ -269,22 +269,6 @@ "type": "github" } }, - "nixpkgs-2105": { - "locked": { - "lastModified": 1659914493, - "narHash": "sha256-lkA5X3VNMKirvA+SUzvEhfA7XquWLci+CGi505YFAIs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "022caabb5f2265ad4006c1fa5b1ebe69fb0c3faf", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-21.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1711668574, @@ -333,6 +317,22 @@ "type": "github" } }, + "nixpkgs2105": { + "locked": { + "lastModified": 1659914493, + "narHash": "sha256-lkA5X3VNMKirvA+SUzvEhfA7XquWLci+CGi505YFAIs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "022caabb5f2265ad4006c1fa5b1ebe69fb0c3faf", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1711703276, @@ -408,11 +408,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1711809391, - "narHash": "sha256-/nGV6P8nB/R/ysbl1KQIKIwp1mQPXxtnoEd+pf3X+nw=", + "lastModified": 1711888895, + "narHash": "sha256-Hykv2DGC5EHzZ89+54w/zkit+CVGLRcdIgOWnB4zW5k=", "owner": "nix-community", "repo": "nixvim", - "rev": "0c16f59202c5062d12ef9cd4560cc9fca9d99f9a", + "rev": "db6b61f117c83943f15289ced03674f81d08256a", "type": "github" }, "original": { @@ -454,9 +454,9 @@ "anyrun": "anyrun", "home-manager": "home-manager", "nixpkgs": "nixpkgs", - "nixpkgs-2105": "nixpkgs-2105", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs2105": "nixpkgs2105", "nixvim": "nixvim", "secrets": "secrets", "telegram-desktop-patched": "telegram-desktop-patched" diff --git a/flake.nix b/flake.nix index 44f9f9c..a09e51f 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-2105.url = "github:NixOS/nixpkgs/nixos-21.05"; + nixpkgs2105.url = "github:NixOS/nixpkgs/nixos-21.05"; home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; anyrun.url = "github:Kirottu/anyrun"; diff --git a/home/home.nix b/home/home.nix index 4688367..912b06c 100644 --- a/home/home.nix +++ b/home/home.nix @@ -32,13 +32,22 @@ version = "2.0.11"; sha256 = "7ZH9l4jySPo1jMZnylTPK6o+XZnxUtrpYIiY9xVPuRw="; } + { + name = "bracket-select"; + publisher = "chunsen"; + version = "2.0.2"; + sha256 = "sha256-2+42NJWAI0cz+RvmihO2v8J/ndAHvV3YqMExvnl46m4="; + } ]; enableExtensionUpdateCheck = false; enableUpdateCheck = false; userSettings = { - "files.autoSave" = "on"; + "files.autoSave" = "onFocusChange"; "window.titleBarStyle" = "custom"; "workbench.colorTheme" = "Popping and Locking"; + "terminal.external.linuxExec" = "kitty"; + "editor.guides.bracketPairs" = "active"; + "editor.bracketPairColorization.independentColorPoolPerBracketType" = true; "nix.enableLanguageServer"= true; #"nix.serverPath" = "${pkgs.nil}/bin/nil"; "nix.serverPath" = "${pkgs.nixd}/bin/nixd"; diff --git a/hosts/dlaptop/hardware.nix b/hosts/dlaptop/hardware.nix index 368e556..cce5b55 100644 --- a/hosts/dlaptop/hardware.nix +++ b/hosts/dlaptop/hardware.nix @@ -26,8 +26,14 @@ name = "TIAS2781RCA4.bin"; }} $out/lib/firmware/TIAS2781RCA4.bin '') + pkgs.wireless-regdb ]; + # 5 GHZ wifi + boot.extraModprobeConfig = '' + options cfg80211 ieee80211_regdom="RU" + ''; + boot.loader.systemd-boot.enable = true; boot.kernelParams = [ diff --git a/hosts/dlaptop/services.nix b/hosts/dlaptop/services.nix index defab5f..1503195 100644 --- a/hosts/dlaptop/services.nix +++ b/hosts/dlaptop/services.nix @@ -4,29 +4,29 @@ (pkgs.writeScriptBin "warp-cli" "${pkgs.cloudflare-warp}/bin/warp-cli $@") ]; - systemd.services.cloudflare-warp = { - enable = true; - description = "cloudflare warp service"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = "15"; - }; - script = "${pkgs.cloudflare-warp}/bin/warp-svc"; + # systemd.services.cloudflare-warp = { + # enable = true; + # description = "cloudflare warp service"; + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = "15"; + # }; + # script = "${pkgs.cloudflare-warp}/bin/warp-svc"; - postStart = '' - while true; do - set -e - status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true) - set +e - if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then - ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408 - exit 0 - fi - sleep 15 - done - ''; - }; + # postStart = '' + # while true; do + # set -e + # status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true) + # set +e + # if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then + # ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408 + # exit 0 + # fi + # sleep 15 + # done + # ''; + # }; users.groups.cloudflared = { }; users.users.cloudflared = { diff --git a/hosts/generic.nix b/hosts/generic.nix index 7632c9d..8a5d4f5 100644 --- a/hosts/generic.nix +++ b/hosts/generic.nix @@ -41,6 +41,7 @@ in { FLAKE = "/home/delta/Documents/dotfiles"; }; + users.users.delta = { isNormalUser = true; description = "delta"; @@ -50,20 +51,21 @@ in { ]; }; - nix = { - settings = { - experimental-features = [ "flakes" "nix-command" ]; - auto-optimise-store = true; - substituters = [ - "https://shwewo.cachix.org" - "https://anyrun.cachix.org" - ]; - trusted-public-keys = [ - "shwewo.cachix.org-1:84cIX7ETlqQwAWHBnd51cD4BeUVXCyGbFdtp+vLxKOo=" - "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" - ]; + nix = { + settings = { + experimental-features = [ "flakes" "nix-command" ]; + auto-optimise-store = true; + substituters = [ + "https://shwewo.cachix.org" + "https://anyrun.cachix.org" + ]; + trusted-public-keys = [ + "shwewo.cachix.org-1:84cIX7ETlqQwAWHBnd51cD4BeUVXCyGbFdtp+vLxKOo=" + "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" + ]; + }; + package = unstable.nixUnstable; }; - }; nixpkgs.config.allowUnfree = true; boot.kernel.sysctl."kernel.sysrq" = 1; @@ -93,6 +95,8 @@ in { eza # better ls, will check what's better htop btop + nix-search-cli + nix-index (pkgs.writeScriptBin "reboot" ''read -p "Do you REALLY want to reboot? (y/N) " answer; [[ $answer == [Yy]* ]] && ${pkgs.systemd}/bin/reboot'') ]; @@ -107,6 +111,7 @@ in { rollback = "sudo nixos-rebuild switch --rollback --flake ~/Documents/dotfiles/"; haste = "HASTE_SERVER='https://haste.schizoposting.online' ${pkgs.haste-client}/bin/haste"; ls = "${pkgs.lsd}/bin/lsd"; + search = "nix-search -d -m 5 -p"; ltree = "${pkgs.lsd}/bin/lsd --tree"; }; promptInit = ''