n8r/nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: n8r:8ddb6acd7e37f695c824e88028d48f0e3a62b9a0
Branches Tags
n8r:master
n8r:jaci
n8r:jaci-temp
n8r:refactor
...
compare: n8r:429b8ee99c7e53db26e709dd71377d9a4eea20d9
Branches Tags
n8r:master
n8r:jaci
n8r:jaci-temp
n8r:refactor

2 Commits
8ddb6acd7e ... 429b8ee99c

Author SHA1 Message Date
Nate Anderson
429b8ee99c update to 25.11, various fixes, converted to using gnome keyring 2025-12-05 16:57:40 -07:00
Nate Anderson
6dfc1553f6 add vpn proxy module to work computer, remove lock screen on boot up 2025-11-26 14:26:43 -07:00
6 changed files with 354 additions and 91 deletions
Show Stats Expand all files Collapse all files

43
flake.lock generated
View File

@ -1,25 +1,5 @@
{ {
"nodes": { "nodes": {
"auto-cpufreq": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1752998173,
"narHash": "sha256-ZlYpBp2WOe03UrpjJGz5KTOL/pp7A452hJO/Vc8C4/0=",
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"rev": "562278377ffa96f3c1af49c7b499df028ce8d8bd",
"type": "github"
},
"original": {
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"type": "github"
}
},
"catppuccin": { "catppuccin": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
@ -66,16 +46,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749154018, "lastModified": 1764866045,
"narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-25.05", "ref": "release-25.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -114,11 +94,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1763283776, "lastModified": 1764667669,
"narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", "rev": "418468ac9527e799809c900eda37cbff999199b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -130,16 +110,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1763334038, "lastModified": 1764831616,
"narHash": "sha256-LBVOyaH6NFzQ3X/c6vfMZ9k4SV2ofhpxeL9YnhHNJQQ=", "narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4c8cdd5b1a630e8f72c9dd9bf582b1afb3127d2c", "rev": "c97c47f2bac4fa59e2cbdeba289686ae615f8ed4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-25.05", "ref": "nixos-25.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -182,7 +162,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"auto-cpufreq": "auto-cpufreq",
"catppuccin": "catppuccin", "catppuccin": "catppuccin",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",

11
flake.nix
View File

@ -2,23 +2,19 @@
description = "NixOS system flake."; description = "NixOS system flake.";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# bonus inputs # bonus inputs
catppuccin.url = "github:catppuccin/nix"; catppuccin.url = "github:catppuccin/nix";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
auto-cpufreq = {
url = "github:AdnanHodzic/auto-cpufreq";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, catppuccin, nur, home-manager, auto-cpufreq, nixos-hardware, ... } @ inputs: outputs = { self, nixpkgs, nixpkgs-unstable, catppuccin, nur, home-manager, nixos-hardware, ... } @ inputs:
let let
inherit (self) outputs; inherit (self) outputs;
system = "x86_64-linux"; system = "x86_64-linux";
@ -72,7 +68,6 @@
}; };
modules = [ modules = [
catppuccin.nixosModules.catppuccin catppuccin.nixosModules.catppuccin
auto-cpufreq.nixosModules.default
# Setup home manager # Setup home manager
inputs.home-manager.nixosModules.home-manager { inputs.home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;

2
nate-work/linked-dotfiles/hypr/hyprland.conf
View File

@ -17,7 +17,7 @@ exec-once = lxqt-policykit-agent
exec-once = nm-applet --indicator exec-once = nm-applet --indicator
exec-once = sleep 5 && syncthingtray --wait exec-once = sleep 5 && syncthingtray --wait
exec-once = swaybg -i ~/.config/hypr/va_background.png exec-once = swaybg -i ~/.config/hypr/va_background.png
exec-once = swaylock -C ~/.config/swaylock/boot-config # exec-once = swaylock -C ~/.config/swaylock/boot-config
exec-once = swaync exec-once = swaync
exec-once = waybar exec-once = waybar
exec-once = firefox --new-tab https://vasion.okta.com --new-tab https://github.com/PrinterLogic --new-tab https://claude.ai exec-once = firefox --new-tab https://vasion.okta.com --new-tab https://github.com/PrinterLogic --new-tab https://claude.ai

78
nate-work/modules/home-manager/home.nix
View File

@ -13,6 +13,7 @@
imports = [ imports = [
../../../shared/modules/apps/firefox/firefox.nix ../../../shared/modules/apps/firefox/firefox.nix
../hypr/hypr_home.nix ../hypr/hypr_home.nix
../vpn-proxy/vpn-proxy.nix
]; ];
catppuccin = { catppuccin = {
@ -37,10 +38,12 @@
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
# Enable VPN proxy script
vpnProxy.enable = true;
hyprhome = { hyprhome = {
enable = true; enable = true;
homePackages = with pkgs; [ homePackages = with pkgs; [
chromium
# #
# Dev Tools # Dev Tools
# #
@ -52,19 +55,19 @@
jq jq
gnumake gnumake
mariadb mariadb
lsp-ai
python3
nodejs_24
cmake cmake
## nodejs frontend
nodejs_24
husky
pnpm
yarn
## dev services cli
gh gh
awscli2 awscli2
# AI ## AI
unstable.claude-code unstable.claude-code
unstable.opencode unstable.opencode
# proto ## Go stuff
protobuf
protoc-gen-dart
# Go stuff
go go
unstable.delve unstable.delve
gotools gotools
@ -74,14 +77,6 @@
go-swag go-swag
trivy trivy
# clojure
jre17_minimal
clojure
clojure-lsp
cljfmt
leiningen
emacs
### LSP's ### LSP's
gopls gopls
nil nil
@ -89,26 +84,19 @@
nodePackages_latest.bash-language-server nodePackages_latest.bash-language-server
openscad-lsp openscad-lsp
vscode-langservers-extracted # provides eslint, markdown, json, css, and html lsp vscode-langservers-extracted # provides eslint, markdown, json, css, and html lsp
python311Packages.python-lsp-server
yaml-language-server yaml-language-server
elixir-ls
ltex-ls ltex-ls
### Misc ### Misc
usbutils usbutils
openscad
libxml2
nfs-utils nfs-utils
# For AnyConnect VPN
openconnect
networkmanager-openconnect
# #
# Better Unix # Better Unix
# #
bat bat
duf duf
du-dust dust
fd fd
fzf fzf
lsd lsd
@ -142,14 +130,12 @@
# #
# Other # Other
# #
chromium
keepassxc keepassxc
obs-studio obs-studio
prusa-slicer
gnome-disk-utility gnome-disk-utility
kdePackages.filelight
hugo hugo
unstable.llama-cpp # unstable.davinci-resolve-studio
unstable.davinci-resolve-studio
# #
# Style # Style
@ -186,10 +172,9 @@
# Git setup # Git setup
programs.git = { programs.git = {
enable = true; enable = true;
userEmail = email; settings = {
userName = fullName; user.name = fullName;
extraConfig = { user.email = email;
include = { path = "${config.xdg.configHome}/macchiato.gitconfig"; };
init = { defaultBranch = "main"; }; init = { defaultBranch = "main"; };
merge = { conflictStyle="zdiff3"; }; merge = { conflictStyle="zdiff3"; };
pull = { ff = "only"; }; pull = { ff = "only"; };
@ -201,16 +186,18 @@
}; };
}; };
}; };
delta = {
enable = true;
options = {
side-by-side = true;
hyperlinks = true;
};
};
}; };
# Better git diffs with delta
programs.delta = {
enable = true;
enableGitIntegration = true;
options = {
side-by-side = true;
hyperlinks = true;
};
};
# direnv for auto nix flake shells
programs = { programs = {
direnv = { direnv = {
enable = true; enable = true;
@ -226,14 +213,13 @@
enable = true; enable = true;
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
plugins = [ "git" "ssh-agent" ]; plugins = [ "git" ];
theme = "half-life"; theme = "half-life";
extraConfig =
''
zstyle :omz:plugins:ssh-agent lazy yes
'';
}; };
initContent = '' initContent = ''
# integrate ssh-agent from gnome keyring
export SSH_AUTH_SOCK=/run/user/$UID/gcr/ssh
# direnv setup # direnv setup
eval "$(direnv hook zsh)" eval "$(direnv hook zsh)"

6
nate-work/modules/hypr/hyprland.nix
View File

@ -92,8 +92,6 @@ in
enable = true; enable = true;
qemu = { qemu = {
swtpm.enable = true; swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
}; };
}; };
spiceUSBRedirection.enable = true; spiceUSBRedirection.enable = true;
@ -127,7 +125,7 @@ in
programs.xfconf.enable = true; programs.xfconf.enable = true;
programs.regreet.enable = true; programs.regreet.enable = true;
programs.zsh.enable = true; programs.zsh.enable = true;
programs.ssh.startAgent = true; programs.ssh.startAgent = false; # Using GNOME Keyring's gcr-ssh-agent instead
programs.steam.enable = true; programs.steam.enable = true;
programs.wshowkeys.enable = true; programs.wshowkeys.enable = true;
services.printing = { services.printing = {
@ -154,7 +152,7 @@ in
}; };
}; };
# disable lid switch sleep when plugged into power, laptop docked # disable lid switch sleep when plugged into power, laptop docked
services.logind.lidSwitchExternalPower = "ignore"; services.logind.settings.Login.HandleLidSwitchExternalPower = "ignore";
# For yubioath desktop # For yubioath desktop
services.pcscd.enable = true; services.pcscd.enable = true;
security.polkit.enable = true; security.polkit.enable = true;

305
nate-work/modules/vpn-proxy/vpn-proxy.nix Normal file
View File

@ -0,0 +1,305 @@
{ config, pkgs, lib, ... }:
{
options.vpnProxy = {
enable = lib.mkEnableOption "VPN SOCKS proxy script";
vmUser = lib.mkOption {
type = lib.types.str;
default = "nate";
description = "Username for VM SSH connection";
};
vmIp = lib.mkOption {
type = lib.types.str;
default = "192.168.122.241";
description = "IP address of the VM";
};
socksPort = lib.mkOption {
type = lib.types.int;
default = 1080;
description = "Local SOCKS proxy port";
};
vpnTestUrl = lib.mkOption {
type = lib.types.str;
default = "https://doc-aut.app.vasionnow.com/";
description = "URL to test VPN connectivity";
};
};
config = lib.mkIf config.vpnProxy.enable {
home.packages = [
(pkgs.writeShellApplication {
name = "vpn-proxy";
runtimeInputs = with pkgs; [
openssh
procps
lsof
gnused
coreutils
curl
glib # for gsettings
nettools # for ss command
];
text = ''
VM_USER="${config.vpnProxy.vmUser}"
VM_IP="${config.vpnProxy.vmIp}"
SOCKS_PORT=${toString config.vpnProxy.socksPort}
PID_FILE="/tmp/vpn-socks.pid"
VPN_TEST_URL="${config.vpnProxy.vpnTestUrl}"
check_ssh_agent() {
# Check if SSH agent is available
if [ -z "$SSH_AUTH_SOCK" ]; then
echo "Error: SSH agent not running (SSH_AUTH_SOCK not set)"
return 1
fi
# Check if any SSH keys are loaded
if ! ssh-add -l >/dev/null 2>&1; then
echo "Error: No SSH keys are loaded in the agent"
echo "Please add your SSH key first with: ssh-add ~/.ssh/id_ed25519"
echo ""
echo "Agent status: SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
return 1
fi
# Show loaded keys for confirmation
echo " SSH agent has loaded keys:"
ssh-add -l | sed 's/^/ /'
return 0
}
start_proxy() {
# Check if proxy is already running
if [ -f "$PID_FILE" ]; then
local pid
pid=$(cat "$PID_FILE" 2>/dev/null)
if [ -n "$pid" ] && ps -p "$pid" > /dev/null 2>&1; then
echo "Proxy already running (PID: $pid)"
return 1
else
echo "Stale PID file found, cleaning up..."
rm -f "$PID_FILE"
fi
fi
# Check SSH agent and keys
echo "Checking SSH agent..."
if ! check_ssh_agent; then
return 1
fi
echo ""
# Test SSH connectivity first
echo "Testing SSH connection to VM..."
if ! ssh -o ConnectTimeout=5 -o BatchMode=yes -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" exit 2>/dev/null; then
echo "Error: Cannot connect to VM: $VM_USER @ $VM_IP"
echo "Make sure:"
echo " 1. VM is running"
echo " 2. SSH service is running in VM"
echo " 3. SSH key authentication is set up"
return 1
fi
# Start SSH tunnel in background
echo "Starting SSH SOCKS proxy..."
ssh -D $SOCKS_PORT -f -N -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes "$VM_USER@$VM_IP"
local ssh_exit=$?
if [ $ssh_exit -ne 0 ]; then
echo "Error: SSH tunnel failed to start (exit code: $ssh_exit)"
return 1
fi
# Wait a moment for SSH to fully establish
sleep 1
# Find and save the SSH process PID
local pid
pid=$(pgrep -f "ssh -D $SOCKS_PORT.*$VM_USER@$VM_IP" | head -1)
if [ -z "$pid" ]; then
echo "Error: SSH process not found after startup"
return 1
fi
echo "$pid" > "$PID_FILE"
# Verify port is listening
echo "Verifying SOCKS proxy is listening on port $SOCKS_PORT..."
local retry=0
while [ $retry -lt 5 ]; do
if lsof -i :"$SOCKS_PORT" > /dev/null 2>&1 || ss -tln | grep -q ":$SOCKS_PORT "; then
break
fi
sleep 1
retry=$((retry + 1))
done
if [ $retry -eq 5 ]; then
echo "Error: SOCKS proxy port $SOCKS_PORT is not listening"
pkill -P "$pid" 2>/dev/null
kill "$pid" 2>/dev/null
rm -f "$PID_FILE"
return 1
fi
# Configure system proxy
gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.socks host 'localhost'
gsettings set org.gnome.system.proxy.socks port $SOCKS_PORT
echo " VPN proxy started successfully on localhost:$SOCKS_PORT (PID: $pid)"
# Test VPN connectivity
echo "Testing VPN connectivity..."
if curl -s -m 10 --socks5-hostname localhost:"$SOCKS_PORT" "$VPN_TEST_URL" > /dev/null 2>&1; then
echo " VPN connection verified - can reach $VPN_TEST_URL"
else
echo " Warning: Could not reach $VPN_TEST_URL through proxy"
echo " The SOCKS proxy is running but VPN connection may not be active in the VM"
fi
}
stop_proxy() {
if [ -f "$PID_FILE" ]; then
local pid
pid=$(cat "$PID_FILE" 2>/dev/null)
# Kill the specific SSH process
if [ -n "$pid" ] && ps -p "$pid" > /dev/null 2>&1; then
echo "Stopping VPN proxy (PID: $pid)..."
kill "$pid" 2>/dev/null
# Wait for process to die
local retry=0
while [ $retry -lt 5 ] && ps -p "$pid" > /dev/null 2>&1; do
sleep 1
retry=$((retry + 1))
done
# Force kill if still alive
if ps -p "$pid" > /dev/null 2>&1; then
echo "Process didn't stop gracefully, force killing..."
kill -9 "$pid" 2>/dev/null
fi
else
echo "PID $pid not found in process list"
fi
rm -f "$PID_FILE"
else
echo "Proxy not running (no PID file found)"
fi
# Always clean up orphaned SSH processes
if pgrep -f "ssh -D $SOCKS_PORT" > /dev/null 2>&1; then
echo "Cleaning up orphaned SSH processes..."
pkill -f "ssh -D $SOCKS_PORT"
fi
# Always disable system proxy and clear SOCKS settings
echo "Clearing proxy settings..."
gsettings set org.gnome.system.proxy mode 'none'
gsettings set org.gnome.system.proxy.socks host ""
gsettings set org.gnome.system.proxy.socks port 0
# Verify settings are cleared
local proxy_mode
proxy_mode=$(gsettings get org.gnome.system.proxy mode 2>/dev/null)
if [ "$proxy_mode" = "'none'" ]; then
echo " System proxy disabled"
else
echo " Warning: Could not verify proxy was disabled (current mode: $proxy_mode)"
fi
echo " VPN proxy stopped and proxy settings cleared"
# Return success even if there was no PID file
return 0
}
status_proxy() {
if [ -f "$PID_FILE" ]; then
local pid
pid=$(cat "$PID_FILE" 2>/dev/null)
if [ -n "$pid" ] && ps -p "$pid" > /dev/null 2>&1; then
echo " Proxy running on localhost:$SOCKS_PORT (PID: $pid)"
# Check if port is actually listening
if lsof -i :"$SOCKS_PORT" > /dev/null 2>&1 || ss -tln | grep -q ":$SOCKS_PORT "; then
echo " Port $SOCKS_PORT is listening"
else
echo " Warning: Process running but port not listening"
fi
# Check system proxy settings
local proxy_mode
proxy_mode=$(gsettings get org.gnome.system.proxy mode 2>/dev/null)
if [ "$proxy_mode" = "'manual'" ]; then
echo " System proxy configured"
else
echo " System proxy not configured (mode: $proxy_mode)"
fi
# Quick connectivity test
if curl -s -m 5 --socks5-hostname localhost:"$SOCKS_PORT" "$VPN_TEST_URL" > /dev/null 2>&1; then
echo " VPN connectivity verified"
else
echo " Cannot reach VPN resources"
fi
return 0
else
echo " Proxy not running (stale PID file)"
return 1
fi
else
echo " Proxy not running"
# Check for orphaned processes
if pgrep -f "ssh -D $SOCKS_PORT" > /dev/null 2>&1; then
echo " Warning: Found SSH process without PID file"
echo " Run 'vpn-proxy stop' to clean up"
fi
return 1
fi
}
case "''${1:-}" in
start)
start_proxy
;;
stop)
stop_proxy
;;
restart)
stop_proxy
sleep 1
start_proxy
;;
status)
status_proxy
;;
test)
# Quick VPN test without starting/stopping
if curl -s -m 10 --socks5-hostname localhost:"$SOCKS_PORT" "$VPN_TEST_URL" > /dev/null 2>&1; then
echo " VPN connection working - can reach $VPN_TEST_URL"
exit 0
else
echo " Cannot reach $VPN_TEST_URL through proxy"
exit 1
fi
;;
*)
echo "Usage: vpn-proxy {start|stop|restart|status|test}"
exit 1
;;
esac
'';
})
];
};
}