nix

extras/shenanigans-hotspot.nix

@@ -0,0 +1,68 @@
+{ lib, pkgs, tree, ... }:
+let
+  wifiInterface = "shenanigans0";
+  wifiMac = "00:0F:55:A8:2B:8E";
+  ssid = "Shenanigans";
+  password = "password123";
+in {
+  # Set interface name to ${wifiInterface}
+  services.udev.extraRules = ''
+    KERNEL=="wlan*", ATTR{address}=="${
+      lib.toLower wifiMac
+    }", NAME="${wifiInterface}"
+  '';
+
+  networking.interfaces."${wifiInterface}".ipv4.addresses = [{
+    address = "192.168.2.1";
+    prefixLength = 24;
+  }];
+
+  networking.networkmanager.unmanaged = [
+    # Wifi
+    "interface-name:${wifiInterface}"
+    "mac:${wifiMac}"
+  ];
+
+ systemd.services.wifi-relay = let inherit (pkgs) iptables gnugrep;
+    in {
+      description = "iptables rules for wifi-relay";
+      after = [ "dhcpd4.service" ];
+      wantedBy = [ "multi-user.target" ];
+      script = ''
+        ${iptables}/bin/iptables -w -t nat -I POSTROUTING -s 192.168.2.0/24 ! -o ${wifiInterface} -j MASQUERADE
+        ${iptables}/bin/iptables -w -I FORWARD -i ${wifiInterface} -s 192.168.2.0/24 -j ACCEPT
+        ${iptables}/bin/iptables -t nat -A PREROUTING -i ${wifiInterface} -p tcp --dport 80 -j REDIRECT --to-port 8080
+        ${iptables}/bin/iptables -t nat -A PREROUTING -i ${wifiInterface} -p tcp --dport 443 -j REDIRECT --to-port 8080
+      '';
+    };
+
+  networking.firewall = {
+    trustedInterfaces = [ wifiInterface ];
+    checkReversePath = lib.mkForce false;
+    allowedTCPPorts = [ 53 80 443 ];
+  };
+
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+  networking.firewall.allowedUDPPorts = [ 53 67 ];
+
+  services.hostapd = {
+    enable = true;
+    interface = wifiInterface;
+    inherit ssid;
+    wpaPassphrase = password;
+  };
+
+  services.dhcpd4 = {
+    enable = true;
+    interfaces = [ "${wifiInterface}" ];
+    extraConfig = ''
+      option subnet-mask 255.255.255.0;
+      option broadcast-address 192.168.2.255;
+      option routers 192.168.2.1;
+      option domain-name-servers 192.168.2.1;
+      subnet 192.168.2.0 netmask 255.255.255.0 {
+        range 192.168.2.100 192.168.2.200;
+      }
+    '';
+  };
+}

flake.lock

@@ -9,11 +9,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1648475189,
+        "lastModified": 1652079807,
-        "narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=",
+        "narHash": "sha256-aCs1EwO9K2yJ1DcT4+4g7BMlJBWP7Xjs4k5i8ueR8PU=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3",
+        "rev": "690f698b18345d894784752b5fa93b9b8f3cc29f",
         "type": "github"
       },
       "original": {
@@ -41,11 +41,11 @@
     "flake-compat_2": {
       "flake": false,
       "locked": {
-        "lastModified": 1641205782,
+        "lastModified": 1650374568,
-        "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
         "type": "github"
       },
       "original": {
@@ -61,11 +61,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1650234580,
+        "lastModified": 1651886851,
-        "narHash": "sha256-wTmlRedCrDl+XYJom65GMfI3RgA3eZE/w03lD28Txoc=",
+        "narHash": "sha256-kbXOJSf1uho0/7P54nZkJdJY3oAelIjyc6tfiRhaXJI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "742c6cb3e9d866e095c629162fe5faf519adeb26",
+        "rev": "882bd8118bdbff3a6e53e5ced393932b351ce2f6",
         "type": "github"
       },
       "original": {
@@ -83,11 +83,11 @@
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1645539860,
+        "lastModified": 1650728466,
-        "narHash": "sha256-C4m74Hsc8dGKz0eU69SmX9KI3PP93dFXWD0ewFVRETI=",
+        "narHash": "sha256-rsivJjnvUXFvVEeXU+6PqKzqPqYDf5H/wwPrSHWzy2Y=",
         "owner": "ChaotiCryptidz",
         "repo": "musicutil",
-        "rev": "a64f25ebde7e79e29e4ac731441206c7e00dccdf",
+        "rev": "386be2bd37ade90573d4e61eb01f19772be64461",
         "type": "gitlab"
       },
       "original": {
@@ -103,11 +103,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1648278671,
+        "lastModified": 1651916036,
-        "narHash": "sha256-1WrR9ex+rKTjZtODNUZQhkWYUprtfOkjOyo9YWL2NMs=",
+        "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "4fdbb8168f61d31d3f90bb0d07f48de709c4fe79",
+        "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba",
         "type": "github"
       },
       "original": {
@@ -117,13 +117,29 @@
         "type": "github"
       }
     },
-    "nixpkgs-unstable": {
+    "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1650161686,
+        "lastModified": 1652020977,
-        "narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=",
+        "narHash": "sha256-9hDlNbrxzD/pLlXmoQ6gzxbYiSAKrj7uHYUWNByLFlI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887",
+        "rev": "3c5ae9be1f18c790ea890ef8decbd0946c0b4c04",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1651726670,
+        "narHash": "sha256-dSGdzB49SEvdOJvrQWfQYkAefewXraHIV08Vz6iDXWQ=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "c777cdf5c564015d5f63b09cc93bef4178b19b01",
         "type": "github"
       },
       "original": {
@@ -139,6 +155,7 @@
         "home-manager-unstable": "home-manager-unstable",
         "musicutil": "musicutil",
         "nix-darwin-unstable": "nix-darwin-unstable",
+        "nixpkgs-stable": "nixpkgs-stable",
         "nixpkgs-unstable": "nixpkgs-unstable"
       }
     },
@@ -159,11 +176,11 @@
     },
     "utils_2": {
       "locked": {
-        "lastModified": 1644229661,
+        "lastModified": 1649676176,
-        "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
+        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
+        "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
         "type": "github"
       },
       "original": {

flake.nix

@@ -9,6 +9,8 @@
     nix-darwin-unstable.url = "github:lnl7/nix-darwin/master";
     nix-darwin-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
 
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-21.11";
+
     deploy-rs.url = "github:serokell/deploy-rs";
     deploy-rs.inputs.nixpkgs.follows = "nixpkgs-unstable";
 

hosts/hetzner-vm/hetzner-vm.nix

@@ -29,6 +29,13 @@
     imports = with tree; [ home.base home.dev.small ];
   };
 
+  nix.settings.auto-optimise-store = true;
+  nix.gc = {
+    automatic = true;
+    dates = "daily";
+    options = "--delete-older-than 1d";
+  };
+
   networking.hostName = "hetzner-vm";
   time.timeZone = "Europe/London";
 

hosts/hetzner-vm/services/invidious.nix

@@ -1,11 +1,13 @@
-_: {
+{ inputs, pkgs, ... }: {
   services.invidious = {
     enable = true;
+    package =
+      inputs.nixpkgs-stable.outputs.legacyPackages.${pkgs.system}.invidious;
     port = 3000;
     settings = {
       full_refresh = true;
       https_only = true;
-      popular_enabled = false;
+      popular_enabled = true;
       statistics_enabled = true;
       registration_enabled = true;
       channel_threads = 2;
@@ -24,7 +26,7 @@ _: {
         player_style = "invidious";
         related_videos = true;
         autoplay = true;
-        continue = false;
+        continue = true;
         continue_autoplay = true;
         quality = "hd720";
         local = false;

hosts/lappy/lappy.nix

@@ -35,6 +35,9 @@ in {
 
     # For cross compiling and deploying to raspberry
     profiles.cross.arm64
+
+    #profiles.force_dns
+    #extras.shenanigans-hotspot
   ];
 
   services.mullvad-vpn.enable = true;

profiles/dnscrypt/dnscrypt.nix

@@ -4,9 +4,13 @@
     networkmanager.dns = "none";
   };
 
+  #networking.nameservers = lib.mkForce [ "127.0.0.1.5353" ];
+
   services.dnscrypt-proxy2 = {
     enable = true;
     settings = {
+      #listen_addresses = ["127.0.0.1:5353" "[::1]:5353"];
+
       ipv6_servers = true;
       require_dnssec = true;
 

profiles/force_dns/force_dns.nix

@@ -0,0 +1,7 @@
+{ lib, ...}: {
+  networking = {
+    resolvconf.useLocalResolver = false;
+    networkmanager.dns = "none";
+  };
+  networking.nameservers = lib.mkForce [ "1.1.1.1" ];
+}

scripts/rebuild.sh

@@ -14,4 +14,4 @@ FIRST_ARG="${1:-switch}"
 
 shift
 
-nixos-rebuild --flake "${REPO_ROOT}#$(hostname)" ${FIRST_ARG} $@
+nixos-rebuild --flake "path:${REPO_ROOT}#$(hostname)" ${FIRST_ARG} $@

scripts/update.sh

@@ -4,10 +4,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 REPO_ROOT="${SCRIPT_DIR}/.."
 cd $REPO_ROOT
 
-# re-run as root
-if [ "$EUID" -ne 0 ]; then
-sudo ${BASH_SOURCE[0]} $@
-exit
-fi
-
 nix flake update

treeConfig.nix

@@ -2,6 +2,8 @@
   tree = mkTree {
     folder = ./.;
     config = {
+      "extras/*".functor.enable = true;
+
       "hosts/*/services".functor.enable = true;
       "hosts/raspberry/services/music-friend".functor.enable = true;
       "hosts/*/home".functor.enable = true;