summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--hosts/navi/default.nix40
-rw-r--r--hosts/vps/default.nix16
-rw-r--r--mixins/cli.nix1
-rw-r--r--mixins/firefox/absolute-minimum.nix107
-rw-r--r--mixins/multimedia.nix16
-rw-r--r--profiles/network.nix5
6 files changed, 157 insertions, 28 deletions
diff --git a/hosts/navi/default.nix b/hosts/navi/default.nix
index a5ad367..3ad9dbd 100644
--- a/hosts/navi/default.nix
+++ b/hosts/navi/default.nix
@@ -16,6 +16,7 @@
     ../../mixins/multimedia.nix
     ../../mixins/syncthing.nix
     ../../mixins/firefox
+    # ../../mixins/firefox/absolute-minimum.nix
   ];
 
   config = {
@@ -50,27 +51,43 @@
     systemd.network.networks."10-wlp1s0" = {
       matchConfig.Name = "wlp1s0";
       networkConfig.DHCP = "yes";
-      dns = ["127.0.0.1" "::1"];
       dhcpV4Config = {
         UseDNS = false;
       };
       dhcpV6Config = {
         UseDNS = false;
       };
+      # apparently this is what i need to disable dhcpv6 dns servers, but this breaks my network
+      #ipv6AcceptRAConfig = {
+      #  UseDNS = false;
+      #  DHCPv6Client = false;
+      #};
     };
 
     # # iwd networking stuffs
     # networking.networkmanager.enable = lib.mkForce false;
-    # networking.wireless.iwd.enable = true;
-    # services.connman = {
-    #   enable = true;
-    #   wifi.backend = "iwd";
-    # };
-    # networking.wireless.dbusControlled = true;
-    # home-manager.users.tzlil.home.packages = [pkgs.cmst];
-    # networking.wireless.userControlled.enable = true;
-    # networking.wireless.enable = true;
-    # services.connman.enable = true;
+    #networking.wireless.iwd = {
+    #  enable = true;
+    #  settings = {
+    #    Settings.AutoConnect = true;
+    #  };
+    #};
+    services.connman = {
+      enable = true;
+      #wifi.backend = "iwd";
+    };
+
+    # fucks up wpa_supplicant
+    security.lockKernelModules = lib.mkForce false;
+    networking.wireless = {
+      dbusControlled = true;
+      userControlled.enable = true;
+      enable = true;
+    };
+    #networking.wireless.dbusControlled = true;
+    # home-manager.users.tzlil.home.packages = [];
+    #networking.wireless.userControlled.enable = true;
+    #networking.wireless.enable = true;
 
     # services.tor = {
     #   enable = true;
@@ -93,6 +110,7 @@
         pkgs.schildichat-desktop-wayland
         pkgs.keepassxc
         pkgs.gtkcord4
+        pkgs.cmst
 
         (pkgs.stdenv.mkDerivation rec {
           name = "pragmata";
diff --git a/hosts/vps/default.nix b/hosts/vps/default.nix
index ba0fdb9..cfa50c7 100644
--- a/hosts/vps/default.nix
+++ b/hosts/vps/default.nix
@@ -32,12 +32,15 @@
     systemd.network.networks."10-ens3" = {
       matchConfig.Name = "ens3";
       networkConfig.DHCP = "yes";
-      dns = ["127.0.0.1" "::1"];
       dhcpV4Config = {
         UseDNS = false;
       };
+      dhcpV6Config = {
+        UseDNS = false;
+      };
       ipv6AcceptRAConfig = {
         UseDNS = false;
+        DHCPv6Client = false;
       };
     };
 
@@ -48,6 +51,11 @@
         user = "terraria";
         group = "terraria";
       }
+      {
+        directory = "/var/lib/private/${config.services.factorio.stateDirName}";
+        user = "root";
+        group = "root";
+      }
     ];
 
     services.terraria = {
@@ -56,5 +64,11 @@
       password = "???";
       openFirewall = true;
     };
+    services.factorio = {
+      enable = true;
+      openFirewall = true;
+      game-password = "???";
+      requireUserVerification = false;
+    };
   };
 }
diff --git a/mixins/cli.nix b/mixins/cli.nix
index abc2650..ceb485b 100644
--- a/mixins/cli.nix
+++ b/mixins/cli.nix
@@ -83,6 +83,7 @@
               end
               nix shell $p
             '';
+            nr = "nix run nixpkgs#$argv[1] $argv[2..]";
             tmp = "cd (mktemp -d --suffix -$argv[1])";
             py = ''python -c "print(eval(\"\"\"$argv\"\"\"))"'';
             # fish_command_not_found = "nix shell nixpkgs#(command-not-found $argv[1] &| sed -nr 's/.*-p (.*)$/\\1/p' | ${lib.getExe pkgs.fzf} || return 0) -c $argv[1]";
diff --git a/mixins/firefox/absolute-minimum.nix b/mixins/firefox/absolute-minimum.nix
index 579df93..d3ebe98 100644
--- a/mixins/firefox/absolute-minimum.nix
+++ b/mixins/firefox/absolute-minimum.nix
@@ -27,20 +27,28 @@ in
       addons = cfg.firefox.profiles.${profile}.extensions;
       extensionPath = "extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}";
 
-      extensionsData =
-        pkgs.runCommand "extensions.json" {
+      firefoxData =
+        pkgs.runCommand "firefox-default-profile" {
           buildInputs = [
             pkgs.xvfb-run
-            pkgs.mozlz4a
-            pkgs.jq
             (pkgs.firefox.override {
-              extraPolicies.Extensions.Install = map (x: x.src.outPath) addons;
+              extraPolicies = {
+                Extensions.Install = map (x: x.src.outPath) addons;
+                ExtensionSettings = {
+                  "google@search.mozilla.org" = {installation_mode = "blocked";};
+                  "amazondotcom@search.mozilla.org" = {installation_mode = "blocked";};
+                  "wikipedia@search.mozilla.org" = {installation_mode = "blocked";};
+                  "bing@search.mozilla.org" = {installation_mode = "blocked";};
+                };
+              };
             })
           ];
         } ''
           HOME=$(mktemp -d)
           export FONTCONFIG_FILE=${pkgs.makeFontsConf {fontDirectories = [pkgs.roboto];}}
-          mkdir -p $HOME/.mozilla/firefox/default
+          mkdir -p $HOME/.mozilla/firefox/
+          mkdir $out
+          ln -s $out $HOME/.mozilla/firefox/default
           cat >> $HOME/.mozilla/firefox/profiles.ini<< EOF
           [Profile0]
           Default=1
@@ -49,13 +57,31 @@ in
           Path=default
           EOF
 
-          echo user_pref\(\"browser.region.network.url\", \"\"\) > $HOME/.mozilla/firefox/default/user.js
+          echo user_pref\(\"browser.region.network.url\", \"\"\)\; > $HOME/.mozilla/firefox/default/user.js
 
-          xvfb-run firefox --screenshot about:blank
+          xvfb-run firefox --screenshot about:blank --headless
 
-          cat $HOME/.mozilla/firefox/default/extensions.json > $out
-          # mozlz4a -d $HOME/.mozilla/firefox/default/addonStartup.json.lz4 /dev/stdout | jq .\"app-profile\".addons > $out
+          # cat $HOME/.mozilla/firefox/default/extensions.json > $out
+          #
         '';
+      extensionsData = "${firefoxData}/extensions.json";
+
+      # addonStartup = builtins.fromJSON (builtins.unsafeDiscardStringContext (builtins.readFile (pkgs.runCommand "addonStartup.json" {
+      #   buildInputs = [
+      #     pkgs.mozlz4a
+      #     pkgs.jq
+      #   ];
+      # }
+      # ''
+      # mozlz4a -d ${firefoxData}/addonStartup.json.lz4 /dev/stdout | jq . > $out
+      # '')));
+
+      # decrappedAddonStartup = lib.attrsets.updateManyAttrsByPath [
+      #   {
+      #     path = ["app-builtin" "addons" "google@search.mozilla.org" "enable"];
+      #     update = old: false;
+      #   }
+      # ] addonStartup;
 
       extensionManifest = e:
         builtins.fromJSON (builtins.readFile (pkgs.runCommand "${e.addonId}-manifest.json" {buildInputs = [pkgs.p7zip];} ''
@@ -69,7 +95,7 @@ in
       home.file."${prf}/extension-settings.json".source = pkgs.emptyFile;
       home.file."${prf}/extension-settings.json.tmp".source = pkgs.emptyFile;
 
-      home.file."${prf}/search.json.mozlz4".source = pkgs.emptyFile;
+      # home.file."${prf}/search.json.mozlz4".source = pkgs.emptyFile;
       home.file."${prf}/search.json.mozlz4.tmp".source = pkgs.emptyFile;
 
       home.file."${prf}/extensions".source = lib.mkForce "${pkgs.symlinkJoin {
@@ -82,8 +108,14 @@ in
       home.file."${prf}/datareporting".source = pkgs.emptyDirectory;
       home.file."${prf}/saved-telemetry-pings".source = pkgs.emptyDirectory;
 
-      # home.file."${prf}/addonStartup.json.lz4".source = mozlz4 "addonStartup.json" {"app-profile".addons = addonStartupData;};
-      # home.file."${prf}/addonStartup.json.lz4.tmp".source = pkgs.emptyFile;
+      # home.file."${prf}/addonStartup.json.lz4".source = mozlz4 "addonStartup.json" (lib.attrsets.updateManyAttrsByPath [
+      #   {
+      #     path = ["app-builtin" "addons" "google@search.mozilla.org" "enable"];
+      #     update = old: false;
+      #   }
+      # ] addonStartup);
+      home.file."${prf}/addonStartup.json.lz4".source = pkgs.emptyFile;
+      home.file."${prf}/addonStartup.json.lz4.tmp".source = pkgs.emptyFile;
 
       home.file."${prf}/addons.json".source = pkgs.emptyFile;
       home.file."${prf}/addons.json.tmp".source = pkgs.emptyFile;
@@ -127,9 +159,38 @@ in
 
       programs.firefox = {
         enable = true;
+        package = pkgs.firefox-wayland.override {
+          extraPolicies = {
+            CaptivePortal = false;
+            DisableFirefoxStudies = true;
+            DisablePocket = true;
+            DisableTelemetry = true;
+            DisableFirefoxAccounts = true;
+            FirefoxHome = {
+              Pocket = false;
+              Snippets = false;
+            };
+            UserMessaging = {
+              ExtensionRecommendations = false;
+              SkipOnboarding = true;
+            };
+            SearchEngines.Default = "DuckDuckGo";
+            ExtensionSettings = {
+              "google@search.mozilla.org" = {installation_mode = "blocked";};
+              "amazondotcom@search.mozilla.org" = {installation_mode = "blocked";};
+              "wikipedia@search.mozilla.org" = {installation_mode = "blocked";};
+              "bing@search.mozilla.org" = {installation_mode = "blocked";};
+            };
+          };
+        };
         profiles.${profile} = {
+          userChrome = builtins.readFile ./userChrome.css;
+          search = {
+            default = "DuckDuckGo";
+            force = true;
+          };
           extensions = with firefox-addons; [
-            # kristofferhagen-nord-theme
+            kristofferhagen-nord-theme
 
             ublock-origin
             clearurls
@@ -141,8 +202,26 @@ in
           ];
           settings = {
             "extensions.activeThemeID" = "{e410fec2-1cbd-4098-9944-e21e708418af}";
+
+            # (try to) hide crap
             "browser.search.hiddenOneOffs" = "Google,Bing,Amazon.com,eBay,Twitter,Wikipedia (en)";
+            "browser.newtabpage.activity-stream.showSponsored" = false;
+            "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+            "services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" = false;
+            "services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+            "browser.newtabpage.activity-stream.default.sites" = "";
+            "browser.urlbar.suggest.topsites" = false;
+            "browser.newtabpage.activity-stream.feeds.topsites" = false;
+
+            # disable welcome page
+            "browser.aboutwelcome.enabled" = false;
+            # disable privacy notice
+            "datareporting.policy.firstRunURL" = "";
+            # "browser.newtabpage.activity-stream.aboutHome.enabled" = false;
           };
+          # extraConfig = {
+
+          # };
         };
       };
     };
diff --git a/mixins/multimedia.nix b/mixins/multimedia.nix
index 11a48d5..19528c7 100644
--- a/mixins/multimedia.nix
+++ b/mixins/multimedia.nix
@@ -54,6 +54,22 @@
           screenshot-template = "%F - [%P]v%#01n";
           ytdl-format = "bestvideo[height<=?1080]+bestaudio/best";
         };
+        bindings = {
+          # yank video link
+          "Shift+Y" = "run ${pkgs.writeShellScript "yank-mpv" "
+          ${pkgs.wl-clipboard}/bin/wl-copy $1"
+          } \${path}";
+          # yank video link with timestamp
+          "Ctrl+y" = "run ${pkgs.writeShellScript "yank-mpv-timestamp" "
+          url=$1
+          if [[ $url = *youtube.com* || $url = *youtu.be* || $url = *twitch.tv* ]]; then
+              timepos=\${2%.*}
+              url+=$([[ $1 = *\?* ]] && echo \\& || echo \\?)t=$(( timepos / 3600 ))h$(( timepos / 60 ))m$(( timepos % 60 ))s
+          fi
+
+          ${pkgs.wl-clipboard}/bin/wl-copy $url
+          "} \${path} \${=time-pos}";
+        };
       };
       zathura = {
         enable = true;
diff --git a/profiles/network.nix b/profiles/network.nix
index 1fe645b..5196f0b 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -15,7 +15,8 @@
         allowedTCPPorts = [];
         checkReversePath = "loose";
       };
-      networkmanager.enable = true;
+      # kill yourself
+      # networkmanager.enable = true;
       nameservers = ["127.0.0.1" "::1"];
       extraHosts = ''
         100.99.246.128 pc
@@ -30,7 +31,7 @@
     # https://old.reddit.com/r/NixOS/comments/vdz86j/how_to_remove_boot_dependency_on_network_for_a
     systemd = {
       targets.network-online.wantedBy = pkgs.lib.mkForce []; # Normally ["multi-user.target"]
-      services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce []; # Normally ["network-online.target"]
+      # services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce []; # Normally ["network-online.target"]
       services.systemd-networkd-wait-online.wantedBy = pkgs.lib.mkForce [];
     };