rewrite networking modules

modules/net/default.nix

@@ -0,0 +1,17 @@
+{...}: {
+  imports = [
+    ./firewall.nix
+    ./hosts.nix
+    ./dispatchers
+  ];
+  networking.networkmanager.wifi.backend = "wpa_supplicant";
+  systemd.services."NetworkManager-wait-online".enable = false;
+  services.mullvad-vpn.enable = true;
+  home-manager.users.jade = {pkgs, ...}: {
+    home.packages = with pkgs; [
+      networkmanagerapplet
+      mullvad-vpn
+      macchanger
+    ];
+  };
+}

modules/net/dispatchers/default.nix

@@ -0,0 +1,27 @@
+{pkgs, ...}: let
+  addNuShebang = path:
+    builtins.concatStringsSep "\n\n" [
+      "#!${pkgs.nushell}/bin/nu"
+      (builtins.readFile path)
+    ];
+in {
+  networking.networkmanager.dispatcherScripts = [
+    {
+      type = "basic";
+      source = pkgs.writeText "dispatcher" (addNuShebang ./dispatcher.nu);
+    }
+  ];
+
+  environment.etc = with builtins; (
+    listToAttrs (
+      map (v: {
+        name = "networkhooks/${v}";
+        value = {
+          text = addNuShebang ./hooks/${v};
+          mode = "0755";
+        };
+      })
+      (attrNames (readDir ./hooks))
+    )
+  );
+}

modules/net/dispatchers/dispatcher.nu

@@ -0,0 +1,21 @@
+def main [
+  interface: string
+  type: string
+] {
+  $env.PATH = ($env.PATH | split row (char esep) | append '/run/current-system/sw/bin');
+
+  let currentnet = ( 
+    nmcli -m tabular connection show --active
+    | from ssv
+    | first
+    | get name
+    );
+
+  systemd-cat echo $"($currentnet) \(($interface)): ($type)";
+
+  if $interface starts-with 'wlp' {
+    let p = $"/etc/networkhooks/($currentnet).nu";
+    systemd-cat echo $p;
+    ^$p $interface $type
+  }
+}

modules/net/dispatchers/hooks/WIFI@DB.nu

@@ -0,0 +1,40 @@
+def main [
+  interface: string
+  type: string
+] {
+  if not ($type == 'up') {
+    exit
+  };
+
+  mullvad disconnect;
+  let page = http get 'http://172.0.0.1/';
+
+  let hotspot_ip = $page | htmlq 'input[name=uamip]' -a 'value';
+  let hotspot_port = $page | htmlq 'input[name=uamport]' -a 'value';
+
+  let pl_data  = $page 
+    | htmlq input -a name -r input[name=button]
+    | lines
+    | wrap name 
+    | merge (
+      $page 
+      | htmlq input -a value 
+      | lines
+      | wrap value
+    ) 
+    | drop 1;
+
+  let payload = $pl_data 
+    | each {|kv| [
+      ($kv.name | url encode --all) 
+      ($kv.value | url encode --all) ] 
+      | str join '='
+    } | str join '&';
+
+  let res = curl --insecure --resolve $"www.hotsplots.de:($hotspot_port):($hotspot_ip)" -H 'Content-Type: application/x-www-form-urlencoded' "https://www.hotsplots.de/auth/login.php" --data-raw $"($payload)" ;
+
+  let url = $res | htmlq 'meta[http-equiv=refresh]' -a 'content' | parse '0;url={url}';
+
+  http get $url.url.0;
+  mullvad connect;
+}

modules/net/dispatchers/hooks/WIFIonICE.nu

@@ -0,0 +1,22 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p curl htmlq
+
+# echo "Fetching cookie and CSRF token..."
+# form=$(curl --silent --location --junk-session-cookies --cookie-jar /tmp/wifionice "https://login.wifionice.de/en/" --resolve login.wifionice.de:443:10.101.64.10 -i | htmlq "input")
+
+# keys=$(htmlq "input" --attribute "name" <<< "$form")
+# values=$(htmlq "input" --attribute "value" <<< "$form")
+# payload=$(paste --delimiters="=" <(echo "$keys") <(echo "$values") | tr "\n" "&")
+
+# echo "Payload: \"$payload\""
+# echo "POSTing payload..."
+
+# curl --cookie /tmp/wifionice "https://login.wifionice.de/en/" --resolve login.wifionice.de:443:10.101.64.10 -d "$payload"
+
+def main [
+  interface: string
+  type: string
+] {
+  let form = curl --silent --location --junk-session-cookies --cookie-jar /tmp/wifionice 'https://login.wifionice.de/en/' --resolve 'login.wifionice.de:443:10.101.64.10' -i | htmlq 'input';
+  # TODO
+}

modules/net/dispatchers/hooks/ccchh.nu

@@ -0,0 +1,40 @@
+const wave_timeout = 15min;
+
+def main [
+  interface: string
+  type: string
+] {
+  if not ('/var/lib/ccchh-winken/last' | path exists) {
+    mkdir '/var/lib/ccchh-winken';
+    0 | into datetime | save '/var/lib/ccchh-winken/last' -f;
+  } 
+
+  let $last_waved = open '/var/lib/ccchh-winken/last' --raw | into datetime;
+
+  if ((date now) - $last_waved) > $wave_timeout {
+    if $type == "up" {
+      mullvad disconnect;
+      curl mqtt://mqtt.z9/winkekatze/katz9/eye/set -d (rand-color);
+      curl mqtt://mqtt.z9/winkekatze/Viktoria/eye/set -d (rand-color);
+      curl mqtt://mqtt.z9/winkekatze/allcats -d 'wink';
+
+      date now | save '/var/lib/ccchh-winken/last' -f;
+    }
+  }
+}
+
+def rand-color [] {
+  const colors = [ 
+      "blue"
+      "cyan"
+      "green"
+      "pink"
+      "red"
+      "white"
+      "yellow"
+  ];
+
+  $colors | get (random int 0..(($colors | length) - 1))
+}
+
+

modules/net/firewall.nix

@@ -0,0 +1,40 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  config = {
+    networking = {
+      firewall = {
+        enable = true;
+        allowedTCPPorts = [
+          # ssh
+          22
+
+          # http, https
+          80
+          443
+
+          # syncthing
+          22000
+
+          # mumble
+          64738
+        ];
+        allowedUDPPorts = [
+          8080
+
+          # other
+          12333
+
+          # syncthing discovery
+          21027
+
+          # mumble
+          64738
+        ];
+      };
+    };
+  };
+}

modules/net/hosts.nix

@@ -0,0 +1,24 @@
+{...}: {
+  networking.hosts = {
+    "127.0.0.1" = [
+      "www.tiktok.com"
+      "www.twitter.com"
+      "www.instagram.com"
+      "www.facebook.com"
+      "www.snapchat.com"
+
+      "tiktok.com"
+      "twitter.com"
+      "instagram.com"
+      "facebook.com"
+      "snapchat.com"
+
+      "google-analytics.com"
+      "stats.g.doubleclick.net"
+      "googleadservices.com"
+      "googletagmanager.com"
+      "googletagservices.com"
+      "googlesyndication.com"
+    ];
+  };
+}