+29 -21

nix/.config/nixpkgs/darwin/configuration.nix

reviewed

··· 1 1 { config, pkgs, ... }: 2 2 3 3 { 4 4 + imports = [ 5 5 + ./services/dnsmasq.nix 6 6 + ]; 7 7 + 8 8 + nixpkgs.config.allowUnfree = true; 9 9 + nixpkgs.overlays = [ 10 10 + (import ../overlays/encpipe.nix) 11 11 + ]; 12 12 + 4 13 system.defaults.dock.autohide = true; 5 14 6 15 system.keyboard.enableKeyMapping = true; ··· 68 77 environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; 69 78 70 79 # Auto upgrade nix package and the daemon service. 71 71 - services.nix-daemon.enable = false; 72 72 - services.nix-daemon.enableSocketListener = true; 80 80 + services.nix-daemon = { 81 81 + enable = false; 82 82 + enableSocketListener = true; 83 83 + }; 73 84 74 74 - # Set .localhost. TLD on loopback address 75 75 - launchd.daemons.dnsmasq = { 76 76 - command = "${pkgs.dnsmasq}/bin/dnsmasq -a 127.0.0.1 --keep-in-foreground"; 77 77 - serviceConfig.KeepAlive = true; 78 78 - serviceConfig.RunAtLoad = true; 79 79 - }; 80 80 - environment.etc."dnsmasq.conf" = { 85 85 + services.dnsmasq = { 81 86 enable = true; 82 82 - text = '' 83 83 - address=/localhost/127.0.0.1 84 84 - ''; 85 85 - }; 86 86 - environment.etc."resolver/localhost" = { 87 87 - enable = true; 88 88 - text = "nameserver 127.0.0.1"; 87 87 + addresses = { 88 88 + localhost = "127.0.0.1"; 89 89 + }; 89 90 }; 90 91 91 92 nix.package = pkgs.nixStable; 92 93 # nix.useSandbox = true; 93 93 - nix.sandboxPaths = [ "/System/Library/Frameworks" "/System/Library/PrivateFrameworks" "/usr/lib" "/private/tmp" "/private/var/tmp" "/usr/bin/env" ]; 94 94 - 95 95 - nixpkgs.config.allowUnfree = true; 94 94 + nix.sandboxPaths = [ 95 95 + "/System/Library/Frameworks" 96 96 + "/System/Library/PrivateFrameworks" 97 97 + "/usr/lib" 98 98 + "/private/tmp" 99 99 + "/private/var/tmp" 100 100 + "/usr/bin/env" 101 101 + ]; 96 102 97 97 - programs.gnupg.agent.enable = false; 98 98 - programs.gnupg.agent.enableSSHSupport = true; 103 103 + programs.gnupg = { 104 104 + agent.enable = false; 105 105 + agent.enableSSHSupport = true; 106 106 + }; 99 107 100 108 programs.fish.enable = true; 101 109

+67

nix/.config/nixpkgs/darwin/services/dnsmasq.nix

reviewed

··· 1 1 + { config, lib, pkgs, ... }: 2 2 + 3 3 + with lib; 4 4 + 5 5 + let 6 6 + cfg = config.services.dnsmasq; 7 7 + mapA = f: attrs: with builtins; attrValues (mapAttrs f attrs); 8 8 + in 9 9 + 10 10 + { 11 11 + options = { 12 12 + services.dnsmasq.enable = mkOption { 13 13 + type = types.bool; 14 14 + default = false; 15 15 + description = "Whether to enable DNSmasq."; 16 16 + }; 17 17 + 18 18 + services.dnsmasq.package = mkOption { 19 19 + type = types.path; 20 20 + default = pkgs.dnsmasq; 21 21 + defaultText = "pkgs.dnsmasq"; 22 22 + description = "This option specifies the dnsmasq package to use."; 23 23 + }; 24 24 + 25 25 + services.dnsmasq.bind = mkOption { 26 26 + type = types.str; 27 27 + default = "127.0.0.1"; 28 28 + description = "This option specifies the interface on which DNSmasq will listen."; 29 29 + }; 30 30 + 31 31 + services.dnsmasq.port = mkOption { 32 32 + type = types.int; 33 33 + default = 53; 34 34 + description = "This option specifies port on which DNSmasq will listen."; 35 35 + }; 36 36 + 37 37 + services.dnsmasq.addresses = mkOption { 38 38 + type = types.attrs; 39 39 + default = {}; 40 40 + description = "List of domains that will be redirected by the DNSmasq"; 41 41 + }; 42 42 + }; 43 43 + 44 44 + config = mkIf cfg.enable { 45 45 + environment.systemPackages = [ cfg.package ]; 46 46 + 47 47 + launchd.daemons.dnsmasq = { 48 48 + serviceConfig.ProgramArguments = [ 49 49 + "${cfg.package}/bin/dnsmasq" 50 50 + "--listen-address=${cfg.bind}" 51 51 + "--port=${toString cfg.port}" 52 52 + "--keep-in-foreground" 53 53 + ] ++ (mapA (domain: addr: "--address=/${domain}/${addr}") cfg.addresses); 54 54 + 55 55 + serviceConfig.KeepAlive = true; 56 56 + serviceConfig.RunAtLoad = true; 57 57 + }; 58 58 + 59 59 + environment.etc = builtins.listToAttrs (builtins.map (domain: { 60 60 + name = "resolver/${domain}"; 61 61 + value = { 62 62 + enable = true; 63 63 + text = "nameserver ${cfg.bind}.${toString cfg.port}"; 64 64 + }; 65 65 + }) (builtins.attrNames cfg.addresses)); 66 66 + }; 67 67 + }

+5 -1

nix/.config/nixpkgs/overlays/encpipe.nix

reviewed

··· 4 4 5 5 let 6 6 libhydrogen = fetchGit { 7 7 + name = "libhydrogen"; 8 8 + 7 9 url = "https://github.com/jedisct1/libhydrogen.git"; 8 10 ref = "master"; 9 11 }; ··· 16 18 nativeBuildInputs = [ git ]; 17 19 18 20 preBuild = '' 19 19 - ln -s ext/libhydrogen ${libhydrogen} ext/libhydrogen 21 21 + cp -R ${libhydrogen}/* ext/libhydrogen 20 22 ''; 23 23 + 24 24 + installFlags = [ "PREFIX=$(out)" ]; 21 25 22 26 src = fetchGit { 23 27 url = "https://github.com/jedisct1/encpipe.git";