aboutsummaryrefslogtreecommitdiff
path: root/infra/libkookie/nixpkgs/nixos/modules/programs
diff options
context:
space:
mode:
Diffstat (limited to 'infra/libkookie/nixpkgs/nixos/modules/programs')
-rw-r--r--infra/libkookie/nixpkgs/nixos/modules/programs/bandwhich.nix2
-rw-r--r--infra/libkookie/nixpkgs/nixos/modules/programs/firejail.nix46
-rw-r--r--infra/libkookie/nixpkgs/nixos/modules/programs/fish.nix2
-rw-r--r--infra/libkookie/nixpkgs/nixos/modules/programs/proxychains.nix165
-rw-r--r--infra/libkookie/nixpkgs/nixos/modules/programs/ssmtp.nix9
-rw-r--r--infra/libkookie/nixpkgs/nixos/modules/programs/wshowkeys.nix22
-rw-r--r--infra/libkookie/nixpkgs/nixos/modules/programs/x2goserver.nix2
7 files changed, 239 insertions, 9 deletions
diff --git a/infra/libkookie/nixpkgs/nixos/modules/programs/bandwhich.nix b/infra/libkookie/nixpkgs/nixos/modules/programs/bandwhich.nix
index 5413044f4614..1cffb5fa2765 100644
--- a/infra/libkookie/nixpkgs/nixos/modules/programs/bandwhich.nix
+++ b/infra/libkookie/nixpkgs/nixos/modules/programs/bandwhich.nix
@@ -4,7 +4,7 @@ with lib;
let cfg = config.programs.bandwhich;
in {
- meta.maintainers = with maintainers; [ filalex77 ];
+ meta.maintainers = with maintainers; [ Br1ght0ne ];
options = {
programs.bandwhich = {
diff --git a/infra/libkookie/nixpkgs/nixos/modules/programs/firejail.nix b/infra/libkookie/nixpkgs/nixos/modules/programs/firejail.nix
index 484f9eb44406..ad4ef1a39459 100644
--- a/infra/libkookie/nixpkgs/nixos/modules/programs/firejail.nix
+++ b/infra/libkookie/nixpkgs/nixos/modules/programs/firejail.nix
@@ -11,10 +11,20 @@ let
}
''
mkdir -p $out/bin
- ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: ''
+ ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: value:
+ let
+ opts = if builtins.isAttrs value
+ then value
+ else { executable = value; profile = null; extraArgs = []; };
+ args = lib.escapeShellArgs (
+ (optional (opts.profile != null) "--profile=${toString opts.profile}")
+ ++ opts.extraArgs
+ );
+ in
+ ''
cat <<_EOF >$out/bin/${command}
#! ${pkgs.runtimeShell} -e
- exec /run/wrappers/bin/firejail ${binary} "\$@"
+ exec /run/wrappers/bin/firejail ${args} -- ${toString opts.executable} "\$@"
_EOF
chmod 0755 $out/bin/${command}
'') cfg.wrappedBinaries)}
@@ -25,12 +35,38 @@ in {
enable = mkEnableOption "firejail";
wrappedBinaries = mkOption {
- type = types.attrsOf types.path;
+ type = types.attrsOf (types.either types.path (types.submodule {
+ options = {
+ executable = mkOption {
+ type = types.path;
+ description = "Executable to run sandboxed";
+ example = literalExample "''${lib.getBin pkgs.firefox}/bin/firefox";
+ };
+ profile = mkOption {
+ type = types.nullOr types.path;
+ default = null;
+ description = "Profile to use";
+ example = literalExample "''${pkgs.firejail}/etc/firejail/firefox.profile";
+ };
+ extraArgs = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = "Extra arguments to pass to firejail";
+ example = [ "--private=~/.firejail_home" ];
+ };
+ };
+ }));
default = {};
example = literalExample ''
{
- firefox = "''${lib.getBin pkgs.firefox}/bin/firefox";
- mpv = "''${lib.getBin pkgs.mpv}/bin/mpv";
+ firefox = {
+ executable = "''${lib.getBin pkgs.firefox}/bin/firefox";
+ profile = "''${pkgs.firejail}/etc/firejail/firefox.profile";
+ };
+ mpv = {
+ executable = "''${lib.getBin pkgs.mpv}/bin/mpv";
+ profile = "''${pkgs.firejail}/etc/firejail/mpv.profile";
+ };
}
'';
description = ''
diff --git a/infra/libkookie/nixpkgs/nixos/modules/programs/fish.nix b/infra/libkookie/nixpkgs/nixos/modules/programs/fish.nix
index 39b92edf2ac2..50d1077dd410 100644
--- a/infra/libkookie/nixpkgs/nixos/modules/programs/fish.nix
+++ b/infra/libkookie/nixpkgs/nixos/modules/programs/fish.nix
@@ -103,7 +103,7 @@ in
programs.fish.shellAliases = mapAttrs (name: mkDefault) cfge.shellAliases;
# Required for man completions
- documentation.man.generateCaches = true;
+ documentation.man.generateCaches = lib.mkDefault true;
environment.etc."fish/foreign-env/shellInit".text = cfge.shellInit;
environment.etc."fish/foreign-env/loginShellInit".text = cfge.loginShellInit;
diff --git a/infra/libkookie/nixpkgs/nixos/modules/programs/proxychains.nix b/infra/libkookie/nixpkgs/nixos/modules/programs/proxychains.nix
new file mode 100644
index 000000000000..7743f79c1c0a
--- /dev/null
+++ b/infra/libkookie/nixpkgs/nixos/modules/programs/proxychains.nix
@@ -0,0 +1,165 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+
+ cfg = config.programs.proxychains;
+
+ configFile = ''
+ ${cfg.chain.type}_chain
+ ${optionalString (cfg.chain.type == "random")
+ "chain_len = ${builtins.toString cfg.chain.length}"}
+ ${optionalString cfg.proxyDNS "proxy_dns"}
+ ${optionalString cfg.quietMode "quiet_mode"}
+ remote_dns_subnet ${builtins.toString cfg.remoteDNSSubnet}
+ tcp_read_time_out ${builtins.toString cfg.tcpReadTimeOut}
+ tcp_connect_time_out ${builtins.toString cfg.tcpConnectTimeOut}
+ localnet ${cfg.localnet}
+ [ProxyList]
+ ${builtins.concatStringsSep "\n"
+ (lib.mapAttrsToList (k: v: "${v.type} ${v.host} ${builtins.toString v.port}")
+ (lib.filterAttrs (k: v: v.enable) cfg.proxies))}
+ '';
+
+ proxyOptions = {
+ options = {
+ enable = mkEnableOption "this proxy";
+
+ type = mkOption {
+ type = types.enum [ "http" "socks4" "socks5" ];
+ description = "Proxy type.";
+ };
+
+ host = mkOption {
+ type = types.str;
+ description = "Proxy host or IP address.";
+ };
+
+ port = mkOption {
+ type = types.port;
+ description = "Proxy port";
+ };
+ };
+ };
+
+in {
+
+ ###### interface
+
+ options = {
+
+ programs.proxychains = {
+
+ enable = mkEnableOption "installing proxychains configuration";
+
+ chain = {
+ type = mkOption {
+ type = types.enum [ "dynamic" "strict" "random" ];
+ default = "strict";
+ description = ''
+ <literal>dynamic</literal> - Each connection will be done via chained proxies
+ all proxies chained in the order as they appear in the list
+ at least one proxy must be online to play in chain
+ (dead proxies are skipped)
+ otherwise <literal>EINTR</literal> is returned to the app.
+
+ <literal>strict</literal> - Each connection will be done via chained proxies
+ all proxies chained in the order as they appear in the list
+ all proxies must be online to play in chain
+ otherwise <literal>EINTR</literal> is returned to the app.
+
+ <literal>random</literal> - Each connection will be done via random proxy
+ (or proxy chain, see <option>programs.proxychains.chain.length</option>) from the list.
+ '';
+ };
+ length = mkOption {
+ type = types.nullOr types.int;
+ default = null;
+ description = ''
+ Chain length for random chain.
+ '';
+ };
+ };
+
+ proxyDNS = mkOption {
+ type = types.bool;
+ default = true;
+ description = "Proxy DNS requests - no leak for DNS data.";
+ };
+
+ quietMode = mkEnableOption "Quiet mode (no output from the library).";
+
+ remoteDNSSubnet = mkOption {
+ type = types.enum [ 10 127 224 ];
+ default = 224;
+ description = ''
+ Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.
+ '';
+ };
+
+ tcpReadTimeOut = mkOption {
+ type = types.int;
+ default = 15000;
+ description = "Connection read time-out in milliseconds.";
+ };
+
+ tcpConnectTimeOut = mkOption {
+ type = types.int;
+ default = 8000;
+ description = "Connection time-out in milliseconds.";
+ };
+
+ localnet = mkOption {
+ type = types.str;
+ default = "127.0.0.0/255.0.0.0";
+ description = "By default enable localnet for loopback address ranges.";
+ };
+
+ proxies = mkOption {
+ type = types.attrsOf (types.submodule proxyOptions);
+ description = ''
+ Proxies to be used by proxychains.
+ '';
+
+ example = literalExample ''
+ { myproxy =
+ { type = "socks4";
+ host = "127.0.0.1";
+ port = 1337;
+ };
+ }
+ '';
+ };
+
+ };
+
+ };
+
+ ###### implementation
+
+ meta.maintainers = with maintainers; [ sorki ];
+
+ config = mkIf cfg.enable {
+
+ assertions = singleton {
+ assertion = cfg.chain.type != "random" && cfg.chain.length == null;
+ message = ''
+ Option `programs.proxychains.chain.length`
+ only makes sense with `programs.proxychains.chain.type` = "random".
+ '';
+ };
+
+ programs.proxychains.proxies = mkIf config.services.tor.client.enable
+ {
+ torproxy = mkDefault {
+ enable = true;
+ type = "socks4";
+ host = "127.0.0.1";
+ port = 9050;
+ };
+ };
+
+ environment.etc."proxychains.conf".text = configFile;
+ environment.systemPackages = [ pkgs.proxychains ];
+ };
+
+}
diff --git a/infra/libkookie/nixpkgs/nixos/modules/programs/ssmtp.nix b/infra/libkookie/nixpkgs/nixos/modules/programs/ssmtp.nix
index 15d2750c193f..1f49ddc91bb3 100644
--- a/infra/libkookie/nixpkgs/nixos/modules/programs/ssmtp.nix
+++ b/infra/libkookie/nixpkgs/nixos/modules/programs/ssmtp.nix
@@ -1,6 +1,6 @@
# Configuration for `ssmtp', a trivial mail transfer agent that can
# replace sendmail/postfix on simple systems. It delivers email
-# directly to an SMTP server defined in its configuration file, wihout
+# directly to an SMTP server defined in its configuration file, without
# queueing mail locally.
{ config, lib, pkgs, ... }:
@@ -142,6 +142,13 @@ in
config = mkIf cfg.enable {
+ assertions = [
+ {
+ assertion = cfg.useSTARTTLS -> cfg.useTLS;
+ message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS";
+ }
+ ];
+
services.ssmtp.settings = mkMerge [
({
MailHub = cfg.hostName;
diff --git a/infra/libkookie/nixpkgs/nixos/modules/programs/wshowkeys.nix b/infra/libkookie/nixpkgs/nixos/modules/programs/wshowkeys.nix
new file mode 100644
index 000000000000..09b008af1d5d
--- /dev/null
+++ b/infra/libkookie/nixpkgs/nixos/modules/programs/wshowkeys.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.programs.wshowkeys;
+in {
+ meta.maintainers = with maintainers; [ primeos ];
+
+ options = {
+ programs.wshowkeys = {
+ enable = mkEnableOption ''
+ wshowkeys (displays keypresses on screen on supported Wayland
+ compositors). It requires root permissions to read input events, but
+ these permissions are dropped after startup'';
+ };
+ };
+
+ config = mkIf cfg.enable {
+ security.wrappers.wshowkeys.source = "${pkgs.wshowkeys}/bin/wshowkeys";
+ };
+}
diff --git a/infra/libkookie/nixpkgs/nixos/modules/programs/x2goserver.nix b/infra/libkookie/nixpkgs/nixos/modules/programs/x2goserver.nix
index 7d74231e956b..05707a56542f 100644
--- a/infra/libkookie/nixpkgs/nixos/modules/programs/x2goserver.nix
+++ b/infra/libkookie/nixpkgs/nixos/modules/programs/x2goserver.nix
@@ -110,7 +110,7 @@ in {
"L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod"
"L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp"
"L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed"
- "L+ /usr/local/bin/setsid - - - - ${utillinux}/bin/setsid"
+ "L+ /usr/local/bin/setsid - - - - ${util-linux}/bin/setsid"
"L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr"
"L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap"
];