vscode upd + trans socks + some other small fixes

2025-12-06 07:16:37 +03:00 · 2024-03-31 20:12:53 +03:00 · 2024-03-31 20:12:53 +03:00 · 9c0c55ec5e
parent de61a1c165
commit 9c0c55ec5e
10 changed files with 171 additions and 105 deletions
--- a/apps/apps.nix
+++ b/apps/apps.nix
@ -94,32 +94,9 @@ in {
    ripgrep gh # for nvim
    lunarvim # text edit
    lexend # font from google (non-mono)
-    # (pkgs.writeScriptBin "kitty" "${pkgs.kitty}/bin/kitty --single-instance --config ${kitty_config} $@")
-    # (pkgs.writeScriptBin "kitten" "${pkgs.kitty}/bin/kitten $@")
-    # (pkgs.makeDesktopItem {
-    #   type = "Application";
-    #   name = "kitty";
-    #   desktopName = "kitty";
-    #   genericName = "Terminal Emulator";
-    #   comment = "Fast, feature-rich, GPU based terminal";
-    #   tryExec = "kitty";
-    #   exec = "kitty";
-    #   icon = "kitty";
-    #   categories = [ "System" "TerminalEmulator"];
-    # })
-    # (pkgs.makeDesktopItem {
-    #   type = "Application";
-    #   name = "kitty URL Launcher";
-    #   desktopName = "kitty URL Launcher";
-    #   genericName = "Terminal Emulator";
-    #   comment = "Open URLs with kitty";
-    #   tryExec = "kitty";
-    #   exec = "kitty +open %U";
-    #   icon = "kitty";
-    #   categories = [ "System" "TerminalEmulator"];
-    #   noDisplay = true;
-    #   mimeTypes = [ "image/*" "application/x-sh" "application/x-shellscript" "inode/directory" "text/*" "x-scheme-handler/kitty" "x-scheme-handler/ssh" ];
-    # })
+    jamesdsp easyeffects
+    nmap
+    wget
  ]);

  programs.firefox = {
@ -198,8 +175,8 @@ in {
          (extension "tampermonkey" "firefox@tampermonkey.net")
          #(extension "torrent-control" "{e6e36c9a-8323-446c-b720-a176017e38ff}")
          (extension "unpaywall" "{f209234a-76f0-4735-9920-eb62507a54cd}")
-          (extension "ctrl-number-to-switch-tabs"
-            "{84601290-bec9-494a-b11c-1baa897a9683}")
+          (extension "ctrl-number-to-switch-tabs" "{84601290-bec9-494a-b11c-1baa897a9683}")
+          (extension "temporary-containers" "{c607c8df-14a7-4f28-894f-29e8722976af}")
        ];
    };
  };
--- a/apps/scripts.nix
+++ b/apps/scripts.nix
@ -35,7 +35,7 @@ let
      browser_path="${pkgs.google-chrome}/bin/google-chrome-stable https://ifconfig.me"
      profile="google-chrome"
    elif [[ $browser == "ungoogled_chromium" ]]; then
-      browser_path="${pkgs.ungoogled-chromium}/bin/chromium https://ifconfig.me"
+      browser_path="${pkgs.ungoogled-chromium}/bin/chromium --user-data-dir=/tmp/ephemeralbrowser/.config/chromium https://ifconfig.me"
      profile="chromium"
    elif [[ $browser == "firefox" ]]; then
      browser_path="${pkgs.firefox}/bin/firefox -no-remote https://ifconfig.me"
--- a/apps/socks.nix
+++ b/apps/socks.nix
@ -22,7 +22,13 @@ let
        script = attrs.script;
        preStart = "while true; do ip addr show dev novpn1 | grep -q 'inet' && break; sleep 1; done";

-        path = with pkgs; [ shadowsocks-libev shadowsocks-v2ray-plugin sing-box wireproxy iproute2 ];
+        path = with pkgs; [ 
+          iproute2 
+          shadowsocks-libev 
+          shadowsocks-v2ray-plugin 
+          sing-box 
+          wireproxy 
+          (callPackage ../derivations/microsocks.nix {}) ];
      };
    };
  
@ -30,7 +36,8 @@ let
  
  socksed = [
    { name = "singbox-aus"; script = "sing-box run -c /run/secrets/singbox-aus";   } # port 4000
-    { name = "socks-warp"; script = "wireproxy -c /etc/wireguard/warp0.conf";     } # port 3333
+    { name = "socks-warp";  script = "wireproxy -c /etc/wireguard/warp0.conf";     } # port 3333
+    { name = "socks-novpn"; script = "microsocks -i 192.168.150.2 -p 3334";        } # port 3334
  ];

  delete_rules = pkgs.writeScriptBin "delete_rules" ''
@ -117,27 +124,67 @@ in {
  };

  users.groups.socks = {};
-  systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { novpn = {
-    enable = true;
-    description = "novpn namespace";
-    after = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-    wants = map (s: "${s.name}.service") socksed ++ [ "network-online.target"];
+  systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { 
+    novpn = {
+      enable = true;
+      description = "novpn namespace";
+      after = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+      wants = map (s: "${s.name}.service") socksed ++ [ "network-online.target"];

-    serviceConfig = {
-      Restart = "on-failure";
-      RestartSec = "15";
-      ExecStart = "${start_novpn}/bin/start_novpn";
-      ExecStop = "${stop_novpn}/bin/stop_novpn";
-      Type = "simple";
+      serviceConfig = {
+        Restart = "on-failure";
+        RestartSec = "15";
+        ExecStart = "${start_novpn}/bin/start_novpn";
+        ExecStop = "${stop_novpn}/bin/stop_novpn";
+        StateDirectory = "novpn";
+        Type = "simple";
+      };
+      
+      preStart = "${stop_novpn}/bin/stop_novpn && ip netns add novpn";
+      path = with pkgs; [ gawk iproute2 iptables sysctl coreutils ];
    };

-    preStart = "${stop_novpn}/bin/stop_novpn && ip netns add novpn";
-    path = with pkgs; [ gawk iproute2 iptables sysctl coreutils ];
-  };};
+    warp-svc = {
+      enable = true;
+      description = "Cloudflare Zero Trust Client Daemon";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "pre-network.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "on-failure";
+        RestartSec = "15";
+        DynamicUser = "no";
+        # ReadOnlyPaths = "/etc/resolv.conf";
+        CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE";
+        AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE";
+        StateDirectory = "cloudflare-warp";
+        RuntimeDirectory = "cloudflare-warp";
+        LogsDirectory = "cloudflare-warp";
+        ExecStart = "${pkgs.cloudflare-warp}/bin/warp-svc";
+      };
+
+      postStart = ''
+        while true; do
+          set -e
+          status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true)
+          set +e
+
+          if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then
+            ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408
+            exit 0
+          fi
+          sleep 1
+        done
+      '';
+    };
+
+    tor.wantedBy = lib.mkForce [];
+  };

  users.users.delta.packages = [
-    (pkgs.writeScriptBin "nyx" ''sudo -u tor -g tor ${inputs.nixpkgs-2105.legacyPackages."x86_64-linux".nyx}/bin/nyx $@'')
+    (pkgs.writeScriptBin "nyx" ''sudo -u tor -g tor ${inputs.nixpkgs2105.legacyPackages."x86_64-linux".nyx}/bin/nyx $@'')
  ];

  services.tor = {
--- a/derivations/microsocks.nix
+++ b/derivations/microsocks.nix
@ -0,0 +1,22 @@
+{ pkgs, stdenv, fetchFromGitHub }: 
+
+stdenv.mkDerivation {
+  pname = "microsocks";
+  version = "1.0.4";
+  
+  src = fetchFromGitHub {
+    owner = "rofl0r";
+    repo = "microsocks";
+    rev = "v1.0.4";
+    sha256 = "sha256-cB2XMWjoZ1zLAmAfl/nqjdOyBDKZ+xtlEmqsZxjnFn0=";
+  };
+
+  buildPhase = ''
+    make
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin/
+    cp ./microsocks $out/bin/
+  '';
+}
--- a/flake.lock
+++ b/flake.lock
@ -269,22 +269,6 @@
        "type": "github"
      }
    },
-    "nixpkgs-2105": {
-      "locked": {
-        "lastModified": 1659914493,
-        "narHash": "sha256-lkA5X3VNMKirvA+SUzvEhfA7XquWLci+CGi505YFAIs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "022caabb5f2265ad4006c1fa5b1ebe69fb0c3faf",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-21.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1711668574,
@ -333,6 +317,22 @@
        "type": "github"
      }
    },
+    "nixpkgs2105": {
+      "locked": {
+        "lastModified": 1659914493,
+        "narHash": "sha256-lkA5X3VNMKirvA+SUzvEhfA7XquWLci+CGi505YFAIs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "022caabb5f2265ad4006c1fa5b1ebe69fb0c3faf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-21.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1711703276,
@ -408,11 +408,11 @@
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
-        "lastModified": 1711809391,
-        "narHash": "sha256-/nGV6P8nB/R/ysbl1KQIKIwp1mQPXxtnoEd+pf3X+nw=",
+        "lastModified": 1711888895,
+        "narHash": "sha256-Hykv2DGC5EHzZ89+54w/zkit+CVGLRcdIgOWnB4zW5k=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "0c16f59202c5062d12ef9cd4560cc9fca9d99f9a",
+        "rev": "db6b61f117c83943f15289ced03674f81d08256a",
        "type": "github"
      },
      "original": {
@ -454,9 +454,9 @@
        "anyrun": "anyrun",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
-        "nixpkgs-2105": "nixpkgs-2105",
        "nixpkgs-stable": "nixpkgs-stable",
        "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixpkgs2105": "nixpkgs2105",
        "nixvim": "nixvim",
        "secrets": "secrets",
        "telegram-desktop-patched": "telegram-desktop-patched"
--- a/flake.nix
+++ b/flake.nix
@ -3,7 +3,7 @@
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nixpkgs-2105.url = "github:NixOS/nixpkgs/nixos-21.05";
+    nixpkgs2105.url = "github:NixOS/nixpkgs/nixos-21.05";
    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
    anyrun.url = "github:Kirottu/anyrun";
--- a/home/home.nix
+++ b/home/home.nix
@ -32,13 +32,22 @@
        version = "2.0.11";
        sha256 = "7ZH9l4jySPo1jMZnylTPK6o+XZnxUtrpYIiY9xVPuRw=";
      }
+      {
+        name = "bracket-select";
+        publisher = "chunsen";
+        version = "2.0.2";
+        sha256 = "sha256-2+42NJWAI0cz+RvmihO2v8J/ndAHvV3YqMExvnl46m4=";
+      }
    ];
      enableExtensionUpdateCheck = false;
      enableUpdateCheck = false;
      userSettings = {
-        "files.autoSave" = "on";
+        "files.autoSave" = "onFocusChange";
        "window.titleBarStyle" = "custom";
        "workbench.colorTheme" = "Popping and Locking";
+        "terminal.external.linuxExec" = "kitty";
+        "editor.guides.bracketPairs" = "active";
+        "editor.bracketPairColorization.independentColorPoolPerBracketType" = true;
        "nix.enableLanguageServer"= true;
        #"nix.serverPath" = "${pkgs.nil}/bin/nil";
        "nix.serverPath" = "${pkgs.nixd}/bin/nixd";
--- a/hosts/dlaptop/hardware.nix
+++ b/hosts/dlaptop/hardware.nix
@ -26,8 +26,14 @@
        name = "TIAS2781RCA4.bin";
      }} $out/lib/firmware/TIAS2781RCA4.bin
    '')
+    pkgs.wireless-regdb
  ];

+  # 5 GHZ wifi
+  boot.extraModprobeConfig = ''
+    options cfg80211 ieee80211_regdom="RU"
+  '';
+
  boot.loader.systemd-boot.enable = true;

  boot.kernelParams = [
--- a/hosts/dlaptop/services.nix
+++ b/hosts/dlaptop/services.nix
@ -4,29 +4,29 @@
    (pkgs.writeScriptBin "warp-cli" "${pkgs.cloudflare-warp}/bin/warp-cli $@")
  ];

-  systemd.services.cloudflare-warp = {
-    enable = true;
-    description = "cloudflare warp service";
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Restart = "on-failure";
-      RestartSec = "15";
-    };
-    script = "${pkgs.cloudflare-warp}/bin/warp-svc";
+  # systemd.services.cloudflare-warp = {
+  #   enable = true;
+  #   description = "cloudflare warp service";
+  #   wantedBy = [ "multi-user.target" ];
+  #   serviceConfig = {
+  #     Restart = "on-failure";
+  #     RestartSec = "15";
+  #   };
+  #   script = "${pkgs.cloudflare-warp}/bin/warp-svc";

-    postStart = ''
-      while true; do
-        set -e
-        status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true)
-        set +e
-        if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then
-          ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408
-          exit 0
-        fi
-        sleep 15
-      done
-    '';
-  };
+  #   postStart = ''
+  #     while true; do
+  #       set -e
+  #       status=$(${pkgs.cloudflare-warp}/bin/warp-cli status || true)
+  #       set +e
+  #       if [[ "$status" != *"Unable to connect to CloudflareWARP daemon"* ]]; then
+  #         ${pkgs.cloudflare-warp}/bin/warp-cli set-custom-endpoint 162.159.193.1:2408
+  #         exit 0
+  #       fi
+  #       sleep 15
+  #     done
+  #   '';
+  # };

  users.groups.cloudflared = { };
  users.users.cloudflared = {
--- a/hosts/generic.nix
+++ b/hosts/generic.nix
@ -41,6 +41,7 @@ in {
    FLAKE = "/home/delta/Documents/dotfiles";
  };

+
  users.users.delta = {
    isNormalUser = true;
    description = "delta";
@ -50,20 +51,21 @@ in {
    ];
  };

-  nix = {
-    settings = {
-      experimental-features = [ "flakes" "nix-command" ];
-      auto-optimise-store = true;
-      substituters = [ 
-        "https://shwewo.cachix.org" 
-        "https://anyrun.cachix.org" 
-      ];
-      trusted-public-keys = [ 
-        "shwewo.cachix.org-1:84cIX7ETlqQwAWHBnd51cD4BeUVXCyGbFdtp+vLxKOo=" 
-        "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" 
-      ];
+    nix = {
+      settings = {
+        experimental-features = [ "flakes" "nix-command" ];
+        auto-optimise-store = true;
+        substituters = [ 
+          "https://shwewo.cachix.org" 
+          "https://anyrun.cachix.org" 
+        ];
+        trusted-public-keys = [ 
+          "shwewo.cachix.org-1:84cIX7ETlqQwAWHBnd51cD4BeUVXCyGbFdtp+vLxKOo=" 
+          "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" 
+        ];
+      };
+      package = unstable.nixUnstable;
    };
-  };

  nixpkgs.config.allowUnfree = true;
  boot.kernel.sysctl."kernel.sysrq" = 1;
@ -93,6 +95,8 @@ in {
    eza # better ls, will check what's better 
    htop
    btop
+    nix-search-cli
+    nix-index
    (pkgs.writeScriptBin "reboot" ''read -p "Do you REALLY want to reboot? (y/N) " answer; [[ $answer == [Yy]* ]] && ${pkgs.systemd}/bin/reboot'')
  ];

@ -107,6 +111,7 @@ in {
      rollback = "sudo nixos-rebuild switch --rollback --flake ~/Documents/dotfiles/";
      haste = "HASTE_SERVER='https://haste.schizoposting.online' ${pkgs.haste-client}/bin/haste";
      ls = "${pkgs.lsd}/bin/lsd";
+      search = "nix-search -d -m 5 -p";
      ltree = "${pkgs.lsd}/bin/lsd --tree";
    };
    promptInit = ''