home/modules/captive-browser: init module

starting with Chrome/ Chromium only by copying command from
https://github.com/FiloSottile/captive-browser/

.git-blame-ignore-revs

@@ -0,0 +1 @@
+ce54be9aac846c7798307d6d6fcee3346c01f601

home/common.nix

@@ -11,6 +11,7 @@
     ./modules/packages.nix
     ./modules/vscodium.nix
     ./modules/fonts.nix
+    ./modules/captive-browser.nix
   ];
   home.homeDirectory =
     if pkgs.stdenv.isDarwin then "/Users/${config.home.username}" else "/home/${config.home.username}";

home/desktop.nix

@@ -33,40 +33,39 @@
       contacts = import "${inputs.mysecrets}/contacts.nix" { inherit lib; };
     in
     {
-      includes =
+      includes = [
-        [
+        {
-          {
+          condition = "gitdir:~/Seafile/Studium/";
-            condition = "gitdir:~/Seafile/Studium/";
+          contents = {
+            user.name = contacts.personal.name;
+            user.email = contacts.uni.email;
+          };
+        }
+        {
+          condition = "gitdir:~/src/nixpkgs/";
+          contents = {
+            user.name = "Trolli Schmittlauch";
+            user.email = contacts.nixOs.email;
+          };
+        }
+      ]
+      # set default name for several other common locations
+      ++
+        map
+          (dir: {
+            condition = "gitdir:${dir}";
             contents = {
-              user.name = contacts.personal.name;
+              user = {
-              user.email = contacts.uni.email;
+                inherit (contacts.schmittlauch) email name;
-            };
-          }
-          {
-            condition = "gitdir:~/src/nixpkgs/";
-            contents = {
-              user.name = "Trolli Schmittlauch";
-              user.email = contacts.nixOs.email;
-            };
-          }
-        ]
-        # set default name for several other common locations
-        ++
-          map
-            (dir: {
-              condition = "gitdir:${dir}";
-              contents = {
-                user = {
-                  inherit (contacts.schmittlauch) email name;
-                };
               };
-            })
+            };
-            [
+          })
-              "~/src/"
+          [
-              "~/bin/"
+            "~/src/"
-              "~/tmp/"
+            "~/bin/"
-              "~/nixconfigs/"
+            "~/tmp/"
-            ];
+            "~/nixconfigs/"
+          ];
     };
 
   services.gpg-agent = {

home/modules/captive-browser.nix

@@ -0,0 +1,77 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  config,
+  system,
+  ...
+}:
+
+let
+  tomlFormat = pkgs.formats.toml { };
+  cfg = config.programs.captive-browser;
+  inherit (pkgs.stdenv.hostPlatform) isDarwin;
+in
+{
+  options.programs.captive-browser = {
+    enable = lib.mkEnableOption "Enable custom captive-browser in user PATH";
+    package = lib.mkPackageOption pkgs "captive-browser" { nullable = true; };
+    settings = lib.mkOption {
+      type = lib.types.submodule {
+        freeformType = tomlFormat.type;
+
+        options = {
+          browser = lib.mkOption {
+            type = lib.types.str;
+            description = "command to invoke the browser with";
+
+            # browser is the shell (/bin/sh) command executed once the proxy starts.
+            # When browser exits, the proxy exits. An extra env var PROXY is available.
+            #
+            # Here, we use a separate Chrome instance in Incognito mode, so that
+            # it can run (and be waited for) alongside the default one, and that
+            # it maintains no state across runs. To configure this browser open a
+            # normal window in it, settings will be preserved.
+            default = ''
+              ${cfg.browserCommand} \
+              --user-data-dir="$HOME/Library/Application Support/Google/Captive" \
+              --proxy-server="socks5://$PROXY" \
+              --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" \
+              --no-first-run --new-window --incognito \
+              http://example.com
+            '';
+          };
+        };
+      };
+    };
+    interface = lib.mkOption {
+      type = lib.types.str;
+      description = "WLAN interface to use";
+    };
+    browserCommand = lib.mkOption {
+      type = lib.types.str;
+      default = if isDarwin then "open -n -W -a \"Google Chrome\" --args" else (lib.getExe pkgs.chromium);
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    home.packages = [ cfg.package ];
+
+    programs.captive-browser.settings = {
+      # dhcp-dns is the shell (/bin/sh) command executed to obtain the DHCP
+      # DNS server address. The first match of an IPv4 regex is used.
+      # IPv4 only, because let's be real, it's a captive portal.
+      dhcp-dns = "ipconfig getoption ${cfg.interface} domain_name_server";
+
+      # socks5-addr is the listen address for the SOCKS5 proxy server.
+      socks5-addr = "localhost:1666";
+    };
+    home.file.".config/captive-browser.toml" = lib.mkIf (isDarwin && !config.xdg.enable) {
+      source = tomlFormat.generate "captive-browser-config" cfg.settings;
+    };
+
+    xdg.configFile."captive-browser.toml" = lib.mkIf (!(isDarwin && !config.xdg.enable)) {
+      source = tomlFormat.generate "captive-browser-config" cfg.settings;
+    };
+
+  };
+}

home/modules/latex.nix

@@ -43,5 +43,6 @@ in
         koma-script
         ;
     })
-  ] ++ lib.optionals config.schmittlauch.latex.guiTools latexGuiTools;
+  ]
+  ++ lib.optionals config.schmittlauch.latex.guiTools latexGuiTools;
 }

home/modules/packages.nix

@@ -12,88 +12,85 @@ let
   unstable = inputs.nixos-unstable.legacyPackages.${system};
   nur = inputs.nur.legacyPackages.${system};
 
-  graphicsApps =
+  graphicsApps = [
-    [
+    inkscape
-      inkscape
+    darktable
-      darktable
+    exiftool
-      exiftool
+  ]
-    ]
+  ++ (with gimp3Plugins; [
-    ++ (with gimp3Plugins; [
+    #fourier  # broken
-      #fourier  # broken
+    #lqrPlugin  # broken
-      #lqrPlugin  # broken
+  ])
-    ])
+  ++ lib.optionals pkgs.stdenv.isLinux [
-    ++ lib.optionals pkgs.stdenv.isLinux [
+    gimp3
-      gimp3
+    hugin
-      hugin
+    #luminanceHDR  # FIXME, build failure
-      #luminanceHDR  # FIXME, build failure
+    xournalpp
-      xournalpp
+  ]
-    ]
+  ++ lib.optionals pkgs.stdenv.isDarwin [
-    ++ lib.optionals pkgs.stdenv.isDarwin [
+    gimp
-      gimp
+  ];
-    ];
 
-  multimediaApps =
+  multimediaApps = [
-    [
+    mpv
-      mpv
+    yt-dlp
-      yt-dlp
+  ]
-    ]
+  ++ lib.optionals pkgs.stdenv.isDarwin [ vlc-bin ]
-    ++ lib.optionals pkgs.stdenv.isDarwin [ vlc-bin ]
+  ++ lib.optionals pkgs.stdenv.isLinux [
-    ++ lib.optionals pkgs.stdenv.isLinux [
+    vlc
-      vlc
+    amarok
-      amarok
+    clementine
-      clementine
+    kdePackages.elisa
-      kdePackages.elisa
+    musescore
-      musescore
+    tenacity
-      tenacity
+    soundkonverter
-      soundkonverter
+    #nur.repos.fooker.studio-link
-      #nur.repos.fooker.studio-link
+  ];
-    ];
 
-  cliApps =
+  cliApps = [
-    [
+    coreutils
-      coreutils
+    myVim
-      myVim
+    htop
-      htop
+    tmux
-      tmux
+    httpie
-      httpie
+    rsync
-      rsync
+    ponysay
-      ponysay
+    gti
-      gti
+    tree
-      tree
+    lsof
-      lsof
+    mosh
-      mosh
+    openssh
-      openssh
+    sshfs-fuse
-      sshfs-fuse
+    sshuttle
-      sshuttle
+    cryfs
-      cryfs
+    thefuck
-      thefuck
+    gnupg
-      gnupg
+    unar
-      unar
+    lzop
-      lzop
+    p7zip
-      p7zip
+    pwgen
-      pwgen
+    pandoc
-      pandoc
+    pdfgrep
-      pdfgrep
+    # zig dependency breaks occasionally, stay on C version for now
-      # zig dependency breaks occasionally, stay on C version for now
+    ncdu_1
-      ncdu_1
+    dos2unix
-      dos2unix
+    unzip
-      unzip
+    fswatch
-      fswatch
+    jq
-      jq
+    age
-      age
+    lnav
-      lnav
+    spacer
-      spacer
 
-      nix-output-monitor # putting this here as a plain `nix` alternative
+    nix-output-monitor # putting this here as a plain `nix` alternative
-    ]
+  ]
-    ++ lib.optionals pkgs.stdenv.isLinux [
+  ++ lib.optionals pkgs.stdenv.isLinux [
-      xclip
+    xclip
-      smbnetfs # for FUSE smb mounting
+    smbnetfs # for FUSE smb mounting
-      psmisc # for killall
+    psmisc # for killall
-      torsocks
+    torsocks
-      agrep
+    agrep
-      reptyr # re-bind running program to other tty
+    reptyr # re-bind running program to other tty
-    ];
+  ];
 
   nixHelpers = [
     nixpkgs-review
@@ -101,30 +98,29 @@ let
     nix-top
     statix
   ];
-  devTools =
+  devTools = [
-    [
+    curl
-      curl
+    httpie
-      httpie
+    gcc
-      gcc
+    shellcheck
-      shellcheck
+    mtr
-      mtr
+    ripgrep
-      ripgrep
+    fd
-      fd
+    gitui
-      gitui
+    pre-commit
-      pre-commit
+    scriv
-      scriv
 
-      # Haskell
+    # Haskell
-      ghc
+    ghc
-      cabal2nix
+    cabal2nix
-    ]
+  ]
-    ++ lib.optionals pkgs.stdenv.isLinux [
+  ++ lib.optionals pkgs.stdenv.isLinux [
-      gdb
+    gdb
-      strace
+    strace
-      ltrace
+    ltrace
-      valgrind
+    valgrind
-      zeal
+    zeal
-    ];
+  ];
 
   pythonTools = with python3Packages; [
     python # to shadow old macOS python
@@ -196,33 +192,32 @@ let
     chromedriver
   ];
 
-  kdeTools =
+  kdeTools = [
-    [
+    okteta
-      okteta
+    plasma5Packages.kdeconnect-kde
-      plasma5Packages.kdeconnect-kde
+  ]
-    ]
+  ++ (with kdePackages; [
-    ++ (with kdePackages; [
+    okular
-      okular
+    gwenview
-      gwenview
+    yakuake
-      yakuake
+    dolphin
-      dolphin
+    spectacle
-      spectacle
+    kate
-      kate
+    kleopatra
-      kleopatra
+    qdirstat
-      qdirstat
+    ark
-      ark
+    kwalletmanager
-      kwalletmanager
+    #ktouch  # TODO: unbreak
-      #ktouch  # TODO: unbreak
+    kcharselect
-      kcharselect
+    konversation
-      konversation
+    krdc
-      krdc
+    skanlite
-      skanlite
+    akonadiconsole
-      akonadiconsole
+    tokodon # mastodon client
-      tokodon # mastodon client
+    networkmanager-qt
-      networkmanager-qt
+    kcrash
-      kcrash
+    breeze-gtk
-      breeze-gtk
+  ]);
-    ]);
 in
 {
   options.schmittlauch.packages = {

home/workmac.nix

@@ -66,26 +66,25 @@ in
       contacts = import "${inputs.mysecrets}/contacts.nix" { inherit lib; };
     in
     {
-      includes =
+      includes = [
-        [
+        {
-          {
+          condition = "gitdir:~/src/schmittlauch/";
-            condition = "gitdir:~/src/schmittlauch/";
-            contents = {
-              user = {
-                inherit (contacts.schmittlauch) name email;
-              };
-            };
-          }
-        ]
-        # set default name for several other common locations
-        ++ map (dir: {
-          condition = "gitdir:${dir}";
           contents = {
             user = {
-              inherit (contacts.work) name email;
+              inherit (contacts.schmittlauch) name email;
             };
           };
-        }) [ "~/" ];
+        }
+      ]
+      # set default name for several other common locations
+      ++ map (dir: {
+        condition = "gitdir:${dir}";
+        contents = {
+          user = {
+            inherit (contacts.work) name email;
+          };
+        };
+      }) [ "~/" ];
     };
 
   # some extra shell scripts
@@ -94,6 +93,11 @@ in
     + import ./scripts/ssh-loop-fc.nix { inherit pkgs lib; }
   );
 
+  # separate proxied browser using the DHCP-supplied DNS for accessing captive portals
+  programs.captive-browser = {
+    enable = true;
+    interface = "en0";
+  };
   launchd.agents.hydra_proxy = {
     enable = true;
     config = {