Enable OpenNIC and block clown flare on desktop

Also install a few misc packages
author: Nguyễn Gia Phong <mcsinyx@disroot.org> 2023-04-11 11:53:57 +0900
committer: Nguyễn Gia Phong <mcsinyx@disroot.org> 2023-04-11 12:01:20 +0900
commit: ac7c886ebf7f77bbecf46a8cb73622e53cfa3eb5 (patch)
tree: ded9b08817ad5070048a31014503bf2e85dd5ea7
parent: 21bc63dfddab4537d36af40b77cd3079d9acae8b (diff)
download: dotfiles-ac7c886ebf7f77bbecf46a8cb73622e53cfa3eb5.tar.gz
4 files changed, 65 insertions, 16 deletions
diff --git a/guix/bash-profile b/guix/bash-profile
new file mode 100644
index 0000000..e0dcbcb
--- /dev/null
+++ b/guix/bash-profile
@@ -0,0 +1 @@
+PS1='\n\[\033[01;32m\]\u@\h${GUIX_ENVIRONMENT:+-shell}\[\033[00m\] \[\033[01;34m\]\w\[\033[00m\]\$ '
diff --git a/guix/home.scm b/guix/home.scm
index e4a8c91..9aed14b 100644
--- a/guix/home.scm
+++ b/guix/home.scm
@@ -10,7 +10,7 @@
 (home-environment
   (packages
     (specifications->packages
-      '("aerc" "icecat" "isync" "liferea" "mu" "nheko" "transmission:gui" "w3m"
+      '("aerc" "isync" "mu" "ncurses" "nheko" "weechat" "weechat-wee-slack"
         "arandr" "libreoffice" "rxvt-unicode"
         "audacious" "ffmpeg" "mediainfo" "mpv" "simplescreenrecorder" "yt-dlp"
         "awesome" "copyq" "dbus" "keynav" "scrot" "sx" "xdg-utils" "xrdb"
@@ -21,20 +21,18 @@
         "git" "git:send-email" "git-lfs" "nss-certs" "sshfs" "stow" "unzip"
         "gnupg" "pinentry" "oath-toolkit"
         "ibus" "ibus-libhangul"
+        "icecat" "liferea" "transmission:gui" "w3m"
         "pavucontrol" "playerctl" "pulsemixer")))
   (services
     (list (service home-bash-service-type
                    (home-bash-configuration
-                     (bashrc (list (local-file
-                                     (string-join
-                                       (list (dirname (current-filename))
-                                             "bashrc")
-                                       "/")
-                                     "bashrc")))))
+                     (bash-profile (list (local-file "./bash-profile")))
+                     (bashrc (list (local-file "./bashrc")))))
           (simple-service 'more-home-environment-variables-service
                           home-environment-variables-service-type
                           `(("SHELL" . #t)
                             ("PATH" . "$HOME/.local/bin:$PATH")
+                            ("GOPATH" . "$HOME/.local/share/go")
                             ("NIX_PATH" . "$HOME/Sauces")
                             ("EDITOR" . "vim")
                             ("GPG_TTY" . "$(tty)")
diff --git a/guix/nftables.conf b/guix/nftables.conf
new file mode 100644
index 0000000..c6f0ebc
--- /dev/null
+++ b/guix/nftables.conf
@@ -0,0 +1,54 @@
+table inet filter { # https://www.cloudflare.com/ips-v4
+	set cloudflare_ipv4 {
+		type ipv4_addr
+		flags interval
+		elements = {
+			173.245.48.0/20,
+			103.21.244.0/22,
+			103.22.200.0/22,
+			103.31.4.0/22,
+			141.101.64.0/18,
+			108.162.192.0/18,
+			190.93.240.0/20,
+			188.114.96.0/20,
+			197.234.240.0/22,
+			198.41.128.0/17,
+			162.158.0.0/15,
+			104.16.0.0/13,
+			104.24.0.0/14,
+			172.64.0.0/13,
+			131.0.72.0/22
+		}
+	}
+
+	# https://www.cloudflare.com/ips-v6
+	set cloudflare_ipv6 {
+		type ipv6_addr
+		flags interval
+		elements = {
+			2400:cb00::/32,
+			2606:4700::/32,
+			2803:f800::/32,
+			2405:b500::/32,
+			2405:8100::/32,
+			2a06:98c0::/29,
+			2c0f:f248::/32
+		}
+	}
+
+	chain output {
+		type filter hook output priority 0
+		policy accept
+
+		ip daddr @cloudflare_ipv4 counter reject
+		ip6 daddr @cloudflare_ipv6 counter reject
+	}
+
+	chain input {
+		type filter hook output priority 0
+		policy accept
+
+		ip saddr @cloudflare_ipv4 counter reject
+		ip6 saddr @cloudflare_ipv6 counter reject
+	}
+}
diff --git a/guix/system.scm b/guix/system.scm
index 77d350b..909b25c 100644
--- a/guix/system.scm
+++ b/guix/system.scm
@@ -33,14 +33,9 @@
                (keyboard-layout keyboard-layout)))
            (screen-locker-service (specification->package "slock"))
            polkit-wheel-service
-           (service dnsmasq-service-type
-                    (dnsmasq-configuration
-                      (no-resolv? #t)
-                      (query-servers-in-order? #t)
-                      (servers '("172.104.162.222" ; ns3.sg.dns.opennic.glue
-                                 "84.200.69.80" "84.200.70.40")) ; DNS.WATCH
-                      (cache-size 10000)
-                      (negative-cache? #f)))
+           (service nftables-service-type
+                    (nftables-configuration
+                      (ruleset (local-file "./nftables.conf"))))
            (service static-networking-service-type
                     (list (static-networking
                             (addresses
@@ -51,7 +46,8 @@
                               (list (network-route
                                       (destination "default")
                                       (gateway "192.168.0.1"))))
-                            (name-servers '("127.0.0.1"))))) ; dnsmasq
+                            (name-servers ; ns{4,5}.ca.us.dns.opennic.glue
+                              '("147.182.243.49" "137.184.12.79")))))
            (service avahi-service-type)
            (udisks-service)
            (elogind-service)
author	Nguyễn Gia Phong <mcsinyx@disroot.org>	2023-04-11 11:53:57 +0900
committer	Nguyễn Gia Phong <mcsinyx@disroot.org>	2023-04-11 12:01:20 +0900
commit	ac7c886ebf7f77bbecf46a8cb73622e53cfa3eb5 (patch)
tree	ded9b08817ad5070048a31014503bf2e85dd5ea7
parent	21bc63dfddab4537d36af40b77cd3079d9acae8b (diff)
download	dotfiles-ac7c886ebf7f77bbecf46a8cb73622e53cfa3eb5.tar.gz