nixos stuff

2024-10-01 18:59:51 -05:00 · 2024-10-01 18:59:51 -05:00 · 595b5788d5
commit 595b5788d5
parent 7b0ea5cbda
6 changed files with 107 additions and 19 deletions
--- a/nixos/.flake/flake.lock
+++ b/nixos/.flake/flake.lock
@ -35,11 +35,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1727348695,
-        "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
+        "lastModified": 1727634051,
+        "narHash": "sha256-S5kVU7U82LfpEukbn/ihcyNt2+EvG7Z5unsKW9H/yFA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
+        "rev": "06cf0e1da4208d3766d898b7fdab6513366d45b9",
        "type": "github"
      },
      "original": {
--- a/nixos/.flake/home/programs/core.nix.org
+++ b/nixos/.flake/home/programs/core.nix.org
@ -34,15 +34,19 @@ This is the core of my program configuration. This file installs programs that d
      mpv
      networkmanagerapplet
      obs-studio
+      openresolv
+      openvpn
      pavucontrol
      prismlauncher # minecraft
-      protonvpn-gui
      python3
      python312Packages.python-lsp-server
+      qbittorrent
+      retroarchFull
      swaybg
      texliveFull
      unzip
      zip
+      zotero
    ];
  }
 #+end_src
--- a/nixos/.flake/home/services/core.nix.org
+++ b/nixos/.flake/home/services/core.nix.org
@ -2,18 +2,18 @@

 Import service configurations.
 #+begin_src nix :tangle ~/.flake/home/services/core.nix :mkdirp yes
-{ config, pkgs, ... }:
+  { config, pkgs, ... }:

-{
-  imports = [
-    ./emacs.nix
-    ./mako.nix
-    ./mpd.nix
-    ./syncthing.nix
-  ];
+  {
+    imports = [
+      ./emacs.nix
+      ./mako.nix
+      ./mpd.nix
+      ./syncthing.nix
+    ];

-  home.packages = with pkgs; [
-    mpdscribble
-  ];
-}
+    home.packages = with pkgs; [
+      mpdscribble
+    ];
+  }
 #+end_src
--- a/nixos/.flake/system/desktop.nix.org
+++ b/nixos/.flake/system/desktop.nix.org
@ -104,6 +104,12 @@ Enable PipeWire.
    };
 #+end_src

+Enable GNOME Keyring.
+#+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
+  services.gnome.gnome-keyring.enable = true;
+  security.pam.services.greetd.enableGnomeKeyring = true;
+#+end_src
+
 Close the desktop configuration.
 #+begin_src nix :tangle ~/.flake/system/desktop.nix :mkdirp yes
  }
--- a/nixos/.flake/system/network.nix.org
+++ b/nixos/.flake/system/network.nix.org
@ -36,10 +36,17 @@ Enable SSH.

 Set up my firewall.
 #+begin_src nix :tangle ~/.flake/system/network.nix :mkdirp yes
-    networking.firewall = {
-      allowedTCPPorts = [ ];
-      allowedUDPPorts = [ ];
+  networking.firewall = {
+    allowedTCPPorts = [ ];
+    allowedUDPPorts = [ ];
+  };
+
+  environment.etc = {
+    "openvpn/update-resolv-conf" = {
+      source = ./update-resolv-conf.sh;
+      mode = "0700";
    };
+  };
 #+end_src

 Close the network configuration.
--- a/nixos/.flake/system/update-resolv-conf.sh
+++ b/nixos/.flake/system/update-resolv-conf.sh
@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+#
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
+# and Chris Hanson
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
+# 07/2013 colin@daedrum.net Fixed intet name
+# 05/2006 chlauber@bnc.ch
+#
+# Example envs set from openvpn:
+# foreign_option_1='dhcp-option DNS 193.43.27.132'
+# foreign_option_2='dhcp-option DNS 193.43.27.133'
+# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
+
+## The 'type' builtins will look for file in $PATH variable, so we set the
+## PATH below. You might need to directly set the path to 'resolvconf'
+## manually if it still doesn't work, i.e.
+## RESOLVCONF=/usr/sbin/resolvconf
+export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
+RESOLVCONF=$(type -p resolvconf)
+
+case $script_type in
+
+up)
+  for optionname in ${!foreign_option_*} ; do
+    option="${!optionname}"
+    echo $option
+    part1=$(echo "$option" | cut -d " " -f 1)
+    if [ "$part1" == "dhcp-option" ] ; then
+      part2=$(echo "$option" | cut -d " " -f 2)
+      part3=$(echo "$option" | cut -d " " -f 3)
+      if [ "$part2" == "DNS" ] ; then
+        IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
+      fi
+      if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
+        IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
+      fi
+    fi
+  done
+  R=""
+  if [ "$IF_DNS_SEARCH" ]; then
+    R="search "
+    for DS in $IF_DNS_SEARCH ; do
+      R="${R} $DS"
+    done
+  R="${R}
+"
+  fi
+
+  for NS in $IF_DNS_NAMESERVERS ; do
+    R="${R}nameserver $NS
+"
+  done
+  #echo -n "$R" | $RESOLVCONF -x -p -a "${dev}"
+  echo -n "$R" | $RESOLVCONF -x -a "${dev}.inet"
+  ;;
+down)
+  $RESOLVCONF -d "${dev}.inet"
+  ;;
+esac
+
+# Workaround / jm@epiclabs.io 
+# force exit with no errors. Due to an apparent conflict with the Network Manager
+# $RESOLVCONF sometimes exits with error code 6 even though it has performed the
+# action correctly and OpenVPN shuts down.
+exit 0