diff --git a/nix/configurations/vanadium/home/xmobar/xmobar.hs b/nix/configurations/vanadium/home/xmobar/xmobar.hs index 88837948..1117d7cd 100644 --- a/nix/configurations/vanadium/home/xmobar/xmobar.hs +++ b/nix/configurations/vanadium/home/xmobar/xmobar.hs @@ -77,6 +77,7 @@ config = , "--target", "2025-10-13=no teef" , "--target", "2025-10-31=dragon book" , "--target", "2025-11-29=à deux" + , "--target", "2025-12-16=dragon book²" , "--target", "2025-12-30=seule" ] "" diff --git a/nix/configurations/vanadium/nixos/connectivity.nix b/nix/configurations/vanadium/nixos/connectivity.nix index add16508..3564f3f1 100644 --- a/nix/configurations/vanadium/nixos/connectivity.nix +++ b/nix/configurations/vanadium/nixos/connectivity.nix @@ -38,98 +38,134 @@ secretsFile = config.age.secrets.wpa_password.path; scanOnLowSignal = false; networks = let - properties = lib.flip lib.pipe; - networks = lib.flip lib.genAttrs (_: {}); + # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`. + escapePwdKey = lib.replaceStrings ["="] ["_"]; - # The higher the more preferred - setPrio = i: lib.mapAttrs (_: conf: conf // {priority = i;}); - private = setPrio 10; - limited = setPrio (-10); + privatePriority = 10; + limitedPriority = -10; - extraConfig = value: conf: conf // {extraConfig = conf.extraConfig or "" + value;}; - randomizeMac = lib.mapAttrs (_: extraConfig "mac_addr=1\n"); - roaming = lib.mapAttrs (_: extraConfig "bgscan=\"simple:30:-70:3600\"\n"); - - hasPsk = let - # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`. - escapePwdKey = lib.replaceStrings ["="] ["_"]; - in - lib.mapAttrs (name: conf: conf // {pskRaw = "ext:${escapePwdKey conf.ssid or name}";}); - in - lib.mkMerge [ - (properties [private hasPsk] - (networks [ - "~" - "Pei’s Wifi" - "girlypop-net" - ])) - (properties [private roaming hasPsk] - (networks [ - "annapurna" - "5526-1" - ])) - - # - # School - # - (properties [private roaming] - { - eduroam = { - authProtocols = ["WPA-EAP"]; - auth = '' - pairwise=CCMP - group=CCMP TKIP - eap=PEAP - ca_cert="${./certs/universite_de_rennes.pem}" - identity="ychiang@etudiant.univ-rennes.fr" - altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr" - phase2="auth=MSCHAPV2" - password=ext:EDUROAM - anonymous_identity="anonymous@univ-rennes.fr" + fromList = ns: let + go = networkArgs @ { + ssid, + # Custom fields wrapping nixpkgs module options + hasPassword ? false, + scanOnLowSignal ? false, + randomizeMac ? false, + ... + }: { + ${ssid} = lib.mkMerge [ + (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"]) + (lib.optionalAttrs hasPassword { + pskRaw = "ext:${escapePwdKey ssid}"; + }) + (lib.optionalAttrs scanOnLowSignal { + extraConfig = '' + bgscan="simple:30:-70:3600" ''; - }; - }) + }) + (lib.optionalAttrs randomizeMac { + extraConfig = '' + mac_addr=1 + ''; + }) + ]; + }; + in + lib.mkMerge (map go ns); + in + fromList [ + { + ssid = "~"; + priority = privatePriority; + hasPassword = true; + } + { + ssid = "Pei’s Wifi"; + priority = privatePriority; + hasPassword = true; + } + { + ssid = "girlypop-net"; + priority = privatePriority; + hasPassword = true; + } - # - # Cafés - # - (properties [private randomizeMac hasPsk] - (networks [ - "A-WAY" - "CAT.jpgcafe" - "LOUISA" # 區公所 - "LouisaCoffee" # 七張 - "MetroTaipei x Louisa" # 大安 - ])) + { + ssid = "annapurna"; + priority = privatePriority; + hasPassword = true; + scanOnLowSignal = true; + } + { + ssid = "5526-1"; # TODO: set bssid preference ? + priority = privatePriority; + hasPassword = true; + scanOnLowSignal = true; + } - # - # Open networks - # - # - # Use this link to do portal login - # http://detectportal.firefox.com/canonical.html - (properties [randomizeMac] - (networks [ - # Transport - "_SNCF_WIFI_INOUI" - "_WIFI_LYRIA" - "EurostarTrainsWiFi" - "SBB-FREE" - "AOT Airport Free Wi-Fi by NT" + { + ssid = "eduroam"; + priority = privatePriority; + scanOnLowSignal = true; - # Library - "NewTaipei" + authProtocols = ["WPA-EAP"]; + auth = '' + pairwise=CCMP + group=CCMP TKIP + eap=PEAP + ca_cert="${./certs/universite_de_rennes.pem}" + identity="ychiang@etudiant.univ-rennes.fr" + altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr" + phase2="auth=MSCHAPV2" + password=ext:EDUROAM + anonymous_identity="anonymous@univ-rennes.fr" + ''; + } - "Fami-WiFi" - ])) + { + ssid = "A-WAY"; + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "CAT.jpgcafe"; + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "LOUISA"; # 區公所 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "LouisaCoffee"; # 七張 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "MetroTaipei x Louisa"; # 大安 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } - # - # Phones - # - (properties [limited hasPsk] - (networks [ - "iPhone de Léana 江" - ])) + {ssid = "_SNCF_WIFI_INOUI";} + {ssid = "_WIFI_LYRIA";} + {ssid = "EurostarTrainsWiFi";} + {ssid = "SBB-FREE";} + {ssid = "AOT Airport Free Wi-Fi by NT";} + {ssid = "NewTaipei";} + {ssid = "Fami-WiFi";} + + { + ssid = "iPhone de Léana 江"; + priority = limitedPriority; + hasPassword = true; + } ]; }; }; @@ -165,6 +201,25 @@ lb_strategy = "p2"; lb_estimator = true; + # Prevent building up reliance on chatbots + # Gotta preserve that thinking ability of my smoof bwain + blocked_names = { + blocked_names_file = let + sources = import ../../../../npins; + ai-blocklist = sources.ai-blocklist + "/noai_hosts.txt"; + + # Blocklists are made of one pattern per line. + # https://github.com/DNSCrypt/dnscrypt-proxy/blob/fa59f990431a49b6485f63f96601bc7e64017bf8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L583C4-L583C75 + blocked_names = lib.pipe (builtins.readFile ai-blocklist) [ + (lib.replaceStrings ["\r\n"] ["\n"]) # convert to unix ending just in case + (lib.splitString "\n") + (builtins.filter (x: ! (x == "" || lib.hasPrefix "#" x))) + (builtins.map (x: builtins.elemAt (lib.splitString " " x) 1)) # remove 0.0.0.0 + ]; + in + pkgs.writeText "no-ai-blocklist" (builtins.concatStringsSep "\n" blocked_names); + }; + # Add this to test if dnscrypt-proxy is actually used to resolve DNS requests # query_log.file = "/var/log/dnscrypt-proxy/query.log"; sources.public-resolvers = { diff --git a/nix/configurations/vanadium/nixos/display.nix b/nix/configurations/vanadium/nixos/display.nix index fbc65165..94d31e1c 100644 --- a/nix/configurations/vanadium/nixos/display.nix +++ b/nix/configurations/vanadium/nixos/display.nix @@ -29,8 +29,8 @@ services.autorandr = { enable = true; hooks.postswitch = { - "10_xmobar" = "pkill xmobar"; # make sure there are no duplicated xmobar - "20_xmonad" = "xmonad --restart"; # make sure feh keeps up + "10_xmobar" = "${lib.getExe' pkgs.toybox "pkill"} xmobar"; # make sure there are no duplicated xmobar + "20_xmonad" = "${lib.getExe pkgs.haskellPackages.xmonad} --restart"; # make sure feh keeps up }; profiles = let diff --git a/nix/nixosModules/common/xscreensaver.nix b/nix/nixosModules/common/xscreensaver.nix index 2359f830..2d18a6a1 100644 --- a/nix/nixosModules/common/xscreensaver.nix +++ b/nix/nixosModules/common/xscreensaver.nix @@ -34,6 +34,7 @@ in { cfg.hooks; in '' xscreensaver-command -watch | while read event rest; do + echo "The handler script got \"$event\"" case $event in ${handlers} esac diff --git a/npins/sources.json b/npins/sources.json index e8245080..c81b44a7 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -16,6 +16,20 @@ "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.15.0", "hash": "01dhrghwa7zw93cybvx4gnrskqk97b004nfxgsys0736823956la" }, + "ai-blocklist": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "laylavish", + "repo": "uBlockOrigin-HUGE-AI-Blocklist" + }, + "branch": "main", + "submodules": false, + "revision": "9bb188e2701138e03f73bacebd6b19b181ca0012", + "url": "https://github.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/archive/9bb188e2701138e03f73bacebd6b19b181ca0012.tar.gz", + "hash": "0h318ckx8l89bff1fv4xg6mmhkvpfhyhvzbr0iyaa7q3dx3iyz57", + "frozen": true + }, "disko": { "type": "GitRelease", "repository": { @@ -207,9 +221,9 @@ }, "branch": "master", "submodules": false, - "revision": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", - "url": "https://github.com/NixOS/nixos-hardware/archive/9ed85f8afebf2b7478f25db0a98d0e782c0ed903.tar.gz", - "hash": "19cld3jnzxjw92b91hra3qxx41yhxwl635478rqp0k4nl9ak2snq" + "revision": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", + "url": "https://github.com/NixOS/nixos-hardware/archive/d6645c340ef7d821602fd2cd199e8d1eed10afbc.tar.gz", + "hash": "0m84zxwanfq34j568w4xkvip5hwpwbhsk46xjvnl063y77i54vfs" }, "nixpkgs": { "type": "Git", @@ -220,9 +234,9 @@ }, "branch": "nixos-25.05-small", "submodules": false, - "revision": "f2ee78c4eb601be36a277e1779a7a87655419dad", - "url": "https://github.com/NixOS/nixpkgs/archive/f2ee78c4eb601be36a277e1779a7a87655419dad.tar.gz", - "hash": "0g5m7bhqw01a950xga0w246al2cy11pqd0dq763whw5sbqfadr59" + "revision": "4d9bd66e3ea558621ae800445e9302a2aa1bb687", + "url": "https://github.com/NixOS/nixpkgs/archive/4d9bd66e3ea558621ae800445e9302a2aa1bb687.tar.gz", + "hash": "0dzq4bp8qamilabyy014qsjivr2ga7348da5fjiqbkp7y7fhbdk0" }, "nur": { "type": "Git", @@ -233,9 +247,9 @@ }, "branch": "main", "submodules": false, - "revision": "68f4e0f40dfafa9bc9ae50b18685befac76ebcd4", - "url": "https://github.com/nix-community/nur/archive/68f4e0f40dfafa9bc9ae50b18685befac76ebcd4.tar.gz", - "hash": "04p7vqixrbyjnr9nnm3p4k37137f5nm6daly2q2yfci1p1a35qjc" + "revision": "e68fcda79871132cb42777c15a2c4a3ea563cad6", + "url": "https://github.com/nix-community/nur/archive/e68fcda79871132cb42777c15a2c4a3ea563cad6.tar.gz", + "hash": "0qng617rx1b5vifnigrhshlsb7rviwaii2czbpgbi8ljyivw10v0" }, "pin-emacs28": { "type": "Git",