idk prolly smt ig
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
{
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
useNetworkd = true;
|
||||
hostName = "109-199-104-83";
|
||||
firewall = {
|
||||
enable = true;
|
||||
@@ -8,6 +8,36 @@
|
||||
allowedUDPPorts = [80 443];
|
||||
};
|
||||
};
|
||||
|
||||
# the following is from nixos-bite
|
||||
|
||||
# netif=$(ip -6 route show default | sed -r 's|.*default.+?dev ([a-z0-9]+).*|\1|' | head -n1)
|
||||
# netifx=enx$(ip link show dev "$netif" | grep link/ether | sed -r 's|.*link/ether ([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}).*|\1\2\3\4\5\6|')
|
||||
# netip6=$(ip -6 address show dev "$netif" scope global | sed -z -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|"\1/\2"|')
|
||||
# netgw6=$(ip -6 route show dev "$netif" default | sed -r 's|.*default.+?via ([0-9a-f:]+).*|"\1"|' | head -n1)
|
||||
# netip4=$(ip -4 address show dev "$netif" scope global | sed -z -r 's|.*inet ([0-9.]+)/([0-9]+).*|"\1/\2"|')
|
||||
# netgw4=$(ip -4 route show dev "$netif" default | sed -r 's|.*default.+?via ([0-9.]+).*|"\1"|' | head -n1)
|
||||
|
||||
# route=""
|
||||
# [[ -n "${netgw4}" ]] && route="$route { Gateway = $netgw4; GatewayOnLink = true; }"
|
||||
# [[ -n "${netgw6}" ]] && route="$route { Gateway = $netgw6; }"
|
||||
|
||||
# dns='"2620:fe::fe" "9.9.9.9"'
|
||||
|
||||
# systemd.network = {
|
||||
# enable = true;
|
||||
# networks."40-wan" = {
|
||||
# matchConfig.name = "enx0050565f4fff";
|
||||
# address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
|
||||
# routes = [
|
||||
# {
|
||||
# Gateway = ["109.199.96.1" "fe80::1"];
|
||||
# GatewayOnLink = true;
|
||||
# }
|
||||
# ];
|
||||
# dns = ["9.9.9.9" "2620:fe::fe"];
|
||||
# };
|
||||
# };
|
||||
services.cloud-init = {
|
||||
enable = true;
|
||||
network.enable = true;
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
options.programs.firefox.phoenix = {
|
||||
enable =
|
||||
lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
|
||||
// {
|
||||
default = true;
|
||||
};
|
||||
firefoxPackages = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = ["firefox"];
|
||||
description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
|
||||
};
|
||||
};
|
||||
config = let
|
||||
cfg = config.programs.firefox.phoenix;
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = !pkgs.stdenv.isDarwin;
|
||||
message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
|
||||
}
|
||||
];
|
||||
environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
|
||||
environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
|
||||
environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
|
||||
environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
|
||||
programs.firefox.policies =
|
||||
(builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
|
||||
nixpkgs.overlays = [
|
||||
(import ../../overlays/phoenix.nix)
|
||||
(
|
||||
final: prev:
|
||||
builtins.listToAttrs (
|
||||
map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
|
||||
)
|
||||
)
|
||||
];
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user