home/modules/captive-browser: init module

starting with Chrome/ Chromium only by copying command from
https://github.com/FiloSottile/captive-browser/

.git-blame-ignore-revs

@@ -0,0 +1 @@
+ce54be9aac846c7798307d6d6fcee3346c01f601

home/common.nix

@@ -11,6 +11,7 @@
     ./modules/packages.nix
     ./modules/vscodium.nix
     ./modules/fonts.nix
+    ./modules/captive-browser.nix
   ];
   home.homeDirectory =
     if pkgs.stdenv.isDarwin then "/Users/${config.home.username}" else "/home/${config.home.username}";

home/desktop.nix

@@ -33,40 +33,39 @@
       contacts = import "${inputs.mysecrets}/contacts.nix" { inherit lib; };
     in
     {
-      includes =
-        [
-          {
-            condition = "gitdir:~/Seafile/Studium/";
+      includes = [
+        {
+          condition = "gitdir:~/Seafile/Studium/";
+          contents = {
+            user.name = contacts.personal.name;
+            user.email = contacts.uni.email;
+          };
+        }
+        {
+          condition = "gitdir:~/src/nixpkgs/";
+          contents = {
+            user.name = "Trolli Schmittlauch";
+            user.email = contacts.nixOs.email;
+          };
+        }
+      ]
+      # set default name for several other common locations
+      ++
+        map
+          (dir: {
+            condition = "gitdir:${dir}";
             contents = {
-              user.name = contacts.personal.name;
-              user.email = contacts.uni.email;
-            };
-          }
-          {
-            condition = "gitdir:~/src/nixpkgs/";
-            contents = {
-              user.name = "Trolli Schmittlauch";
-              user.email = contacts.nixOs.email;
-            };
-          }
-        ]
-        # set default name for several other common locations
-        ++
-          map
-            (dir: {
-              condition = "gitdir:${dir}";
-              contents = {
-                user = {
-                  inherit (contacts.schmittlauch) email name;
-                };
+              user = {
+                inherit (contacts.schmittlauch) email name;
               };
-            })
-            [
-              "~/src/"
-              "~/bin/"
-              "~/tmp/"
-              "~/nixconfigs/"
-            ];
+            };
+          })
+          [
+            "~/src/"
+            "~/bin/"
+            "~/tmp/"
+            "~/nixconfigs/"
+          ];
     };
 
   services.gpg-agent = {

home/modules/captive-browser.nix

@@ -0,0 +1,77 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  config,
+  system,
+  ...
+}:
+
+let
+  tomlFormat = pkgs.formats.toml { };
+  cfg = config.programs.captive-browser;
+  inherit (pkgs.stdenv.hostPlatform) isDarwin;
+in
+{
+  options.programs.captive-browser = {
+    enable = lib.mkEnableOption "Enable custom captive-browser in user PATH";
+    package = lib.mkPackageOption pkgs "captive-browser" { nullable = true; };
+    settings = lib.mkOption {
+      type = lib.types.submodule {
+        freeformType = tomlFormat.type;
+
+        options = {
+          browser = lib.mkOption {
+            type = lib.types.str;
+            description = "command to invoke the browser with";
+
+            # browser is the shell (/bin/sh) command executed once the proxy starts.
+            # When browser exits, the proxy exits. An extra env var PROXY is available.
+            #
+            # Here, we use a separate Chrome instance in Incognito mode, so that
+            # it can run (and be waited for) alongside the default one, and that
+            # it maintains no state across runs. To configure this browser open a
+            # normal window in it, settings will be preserved.
+            default = ''
+              ${cfg.browserCommand} \
+              --user-data-dir="$HOME/Library/Application Support/Google/Captive" \
+              --proxy-server="socks5://$PROXY" \
+              --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" \
+              --no-first-run --new-window --incognito \
+              http://example.com
+            '';
+          };
+        };
+      };
+    };
+    interface = lib.mkOption {
+      type = lib.types.str;
+      description = "WLAN interface to use";
+    };
+    browserCommand = lib.mkOption {
+      type = lib.types.str;
+      default = if isDarwin then "open -n -W -a \"Google Chrome\" --args" else (lib.getExe pkgs.chromium);
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    home.packages = [ cfg.package ];
+
+    programs.captive-browser.settings = {
+      # dhcp-dns is the shell (/bin/sh) command executed to obtain the DHCP
+      # DNS server address. The first match of an IPv4 regex is used.
+      # IPv4 only, because let's be real, it's a captive portal.
+      dhcp-dns = "ipconfig getoption ${cfg.interface} domain_name_server";
+
+      # socks5-addr is the listen address for the SOCKS5 proxy server.
+      socks5-addr = "localhost:1666";
+    };
+    home.file.".config/captive-browser.toml" = lib.mkIf (isDarwin && !config.xdg.enable) {
+      source = tomlFormat.generate "captive-browser-config" cfg.settings;
+    };
+
+    xdg.configFile."captive-browser.toml" = lib.mkIf (!(isDarwin && !config.xdg.enable)) {
+      source = tomlFormat.generate "captive-browser-config" cfg.settings;
+    };
+
+  };
+}

home/modules/latex.nix

@@ -43,5 +43,6 @@ in
         koma-script
         ;
     })
-  ] ++ lib.optionals config.schmittlauch.latex.guiTools latexGuiTools;
+  ]
+  ++ lib.optionals config.schmittlauch.latex.guiTools latexGuiTools;
 }

home/modules/packages.nix

@@ -12,88 +12,85 @@ let
   unstable = inputs.nixos-unstable.legacyPackages.${system};
   nur = inputs.nur.legacyPackages.${system};
 
-  graphicsApps =
-    [
-      inkscape
-      darktable
-      exiftool
-    ]
-    ++ (with gimp3Plugins; [
-      #fourier  # broken
-      #lqrPlugin  # broken
-    ])
-    ++ lib.optionals pkgs.stdenv.isLinux [
-      gimp3
-      hugin
-      #luminanceHDR  # FIXME, build failure
-      xournalpp
-    ]
-    ++ lib.optionals pkgs.stdenv.isDarwin [
-      gimp
-    ];
+  graphicsApps = [
+    inkscape
+    darktable
+    exiftool
+  ]
+  ++ (with gimp3Plugins; [
+    #fourier  # broken
+    #lqrPlugin  # broken
+  ])
+  ++ lib.optionals pkgs.stdenv.isLinux [
+    gimp3
+    hugin
+    #luminanceHDR  # FIXME, build failure
+    xournalpp
+  ]
+  ++ lib.optionals pkgs.stdenv.isDarwin [
+    gimp
+  ];
 
-  multimediaApps =
-    [
-      mpv
-      yt-dlp
-    ]
-    ++ lib.optionals pkgs.stdenv.isDarwin [ vlc-bin ]
-    ++ lib.optionals pkgs.stdenv.isLinux [
-      vlc
-      amarok
-      clementine
-      kdePackages.elisa
-      musescore
-      tenacity
-      soundkonverter
-      #nur.repos.fooker.studio-link
-    ];
+  multimediaApps = [
+    mpv
+    yt-dlp
+  ]
+  ++ lib.optionals pkgs.stdenv.isDarwin [ vlc-bin ]
+  ++ lib.optionals pkgs.stdenv.isLinux [
+    vlc
+    amarok
+    clementine
+    kdePackages.elisa
+    musescore
+    tenacity
+    soundkonverter
+    #nur.repos.fooker.studio-link
+  ];
 
-  cliApps =
-    [
-      coreutils
-      myVim
-      htop
-      tmux
-      httpie
-      rsync
-      ponysay
-      gti
-      tree
-      lsof
-      mosh
-      openssh
-      sshfs-fuse
-      sshuttle
-      cryfs
-      thefuck
-      gnupg
-      unar
-      lzop
-      p7zip
-      pwgen
-      pandoc
-      pdfgrep
-      # zig dependency breaks occasionally, stay on C version for now
-      ncdu_1
-      dos2unix
-      unzip
-      fswatch
-      jq
-      age
-      lnav
-      spacer
+  cliApps = [
+    coreutils
+    myVim
+    htop
+    tmux
+    httpie
+    rsync
+    ponysay
+    gti
+    tree
+    lsof
+    mosh
+    openssh
+    sshfs-fuse
+    sshuttle
+    cryfs
+    thefuck
+    gnupg
+    unar
+    lzop
+    p7zip
+    pwgen
+    pandoc
+    pdfgrep
+    # zig dependency breaks occasionally, stay on C version for now
+    ncdu_1
+    dos2unix
+    unzip
+    fswatch
+    jq
+    age
+    lnav
+    spacer
 
-      nix-output-monitor # putting this here as a plain `nix` alternative
-    ]
-    ++ lib.optionals pkgs.stdenv.isLinux [
-      xclip
-      smbnetfs # for FUSE smb mounting
-      psmisc # for killall
-      torsocks
-      agrep
-      reptyr # re-bind running program to other tty
-    ];
+    nix-output-monitor # putting this here as a plain `nix` alternative
+  ]
+  ++ lib.optionals pkgs.stdenv.isLinux [
+    xclip
+    smbnetfs # for FUSE smb mounting
+    psmisc # for killall
+    torsocks
+    agrep
+    reptyr # re-bind running program to other tty
+  ];
 
   nixHelpers = [
     nixpkgs-review
@@ -101,30 +98,29 @@ let
     nix-top
     statix
   ];
-  devTools =
-    [
-      curl
-      httpie
-      gcc
-      shellcheck
-      mtr
-      ripgrep
-      fd
-      gitui
-      pre-commit
-      scriv
+  devTools = [
+    curl
+    httpie
+    gcc
+    shellcheck
+    mtr
+    ripgrep
+    fd
+    gitui
+    pre-commit
+    scriv
 
-      # Haskell
-      ghc
-      cabal2nix
-    ]
-    ++ lib.optionals pkgs.stdenv.isLinux [
-      gdb
-      strace
-      ltrace
-      valgrind
-      zeal
-    ];
+    # Haskell
+    ghc
+    cabal2nix
+  ]
+  ++ lib.optionals pkgs.stdenv.isLinux [
+    gdb
+    strace
+    ltrace
+    valgrind
+    zeal
+  ];
 
   pythonTools = with python3Packages; [
     python # to shadow old macOS python
@@ -196,33 +192,32 @@ let
     chromedriver
   ];
 
-  kdeTools =
-    [
-      okteta
-      plasma5Packages.kdeconnect-kde
-    ]
-    ++ (with kdePackages; [
-      okular
-      gwenview
-      yakuake
-      dolphin
-      spectacle
-      kate
-      kleopatra
-      qdirstat
-      ark
-      kwalletmanager
-      #ktouch  # TODO: unbreak
-      kcharselect
-      konversation
-      krdc
-      skanlite
-      akonadiconsole
-      tokodon # mastodon client
-      networkmanager-qt
-      kcrash
-      breeze-gtk
-    ]);
+  kdeTools = [
+    okteta
+    plasma5Packages.kdeconnect-kde
+  ]
+  ++ (with kdePackages; [
+    okular
+    gwenview
+    yakuake
+    dolphin
+    spectacle
+    kate
+    kleopatra
+    qdirstat
+    ark
+    kwalletmanager
+    #ktouch  # TODO: unbreak
+    kcharselect
+    konversation
+    krdc
+    skanlite
+    akonadiconsole
+    tokodon # mastodon client
+    networkmanager-qt
+    kcrash
+    breeze-gtk
+  ]);
 in
 {
   options.schmittlauch.packages = {

home/workmac.nix

@@ -66,26 +66,25 @@ in
       contacts = import "${inputs.mysecrets}/contacts.nix" { inherit lib; };
     in
     {
-      includes =
-        [
-          {
-            condition = "gitdir:~/src/schmittlauch/";
-            contents = {
-              user = {
-                inherit (contacts.schmittlauch) name email;
-              };
-            };
-          }
-        ]
-        # set default name for several other common locations
-        ++ map (dir: {
-          condition = "gitdir:${dir}";
+      includes = [
+        {
+          condition = "gitdir:~/src/schmittlauch/";
           contents = {
             user = {
-              inherit (contacts.work) name email;
+              inherit (contacts.schmittlauch) name email;
             };
           };
-        }) [ "~/" ];
+        }
+      ]
+      # set default name for several other common locations
+      ++ map (dir: {
+        condition = "gitdir:${dir}";
+        contents = {
+          user = {
+            inherit (contacts.work) name email;
+          };
+        };
+      }) [ "~/" ];
     };
 
   # some extra shell scripts
@@ -94,6 +93,11 @@ in
     + import ./scripts/ssh-loop-fc.nix { inherit pkgs lib; }
   );
 
+  # separate proxied browser using the DHCP-supplied DNS for accessing captive portals
+  programs.captive-browser = {
+    enable = true;
+    interface = "en0";
+  };
   launchd.agents.hydra_proxy = {
     enable = true;
     config = {