yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove tunnel functions

Browse source
This commit is contained in:
Yan Lin 2026-02-11 20:45:12 +01:00
parent b187febfcd
commit 8cb3aab57b
4 changed files with 0 additions and 290 deletions
Download patch file Download diff file Expand all files Collapse all files

98
hosts/darwin/home-default.nix
View file

@ -48,106 +48,8 @@
# darwin-specific alias # darwin-specific alias
programs.zsh.shellAliases = { programs.zsh.shellAliases = {
oss = "sudo darwin-rebuild switch --flake ~/.config/nix#$(hostname)"; oss = "sudo darwin-rebuild switch --flake ~/.config/nix#$(hostname)";
preview = "open -a Preview";
slide = "open -a SlidePilot";
# Network monitoring aliases
bw = "sudo bandwhich";
bw-raw = "sudo bandwhich --raw";
bw-dns = "sudo bandwhich --show-dns";
}; };
# Darwin-specific zsh functions
programs.zsh.initContent = ''
# Function to search and open all macOS applications
function app() {
local app_path
local file_to_open="$1"
app_path=$( (find -L /Applications -name "*.app" -maxdepth 2 2>/dev/null; \
find -L ~/Applications -name "*.app" -maxdepth 3 2>/dev/null; \
find /System/Applications -name "*.app" -maxdepth 2 2>/dev/null; \
find /System/Applications/Utilities -name "*.app" -maxdepth 1 2>/dev/null) |
sort | uniq |
fzf --header="Select app to open''${file_to_open:+ file: $file_to_open}" \
--preview 'basename {} .app' \
--preview-window=up:1 \
--height=40%)
if [[ -n "$app_path" ]]; then
if [[ -n "$file_to_open" ]]; then
open -a "$app_path" "$file_to_open"
else
open "$app_path"
fi
fi
}
# SSH tunnel functions for easy VPN-like functionality
function tunnel-on() {
if [[ -z "$1" ]]; then
echo "Usage: tunnel-on <host>"
return 1
fi
local host="$1"
local port=1080 # Use port 1080 (standard SOCKS port)
# Check if there's already an active tunnel
local existing_tunnel=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$existing_tunnel" ]]; then
echo "Existing tunnel detected. Switching to $host..."
echo "Stopping current tunnel..."
pkill -f "ssh -D $port"
sleep 1
fi
echo "Starting SOCKS tunnel to $host on port $port..."
# Start SSH tunnel in background
ssh -D $port -N -f "$host"
if [[ $? -eq 0 ]]; then
echo "Tunnel established. Configuring system proxy..."
# Configure system proxy
networksetup -setsocksfirewallproxy "Wi-Fi" localhost $port
networksetup -setsocksfirewallproxystate "Wi-Fi" on
echo " System proxy enabled on Wi-Fi (localhost:$port -> $host)"
else
echo " Failed to establish tunnel to $host"
return 1
fi
}
function tunnel-off() {
local port=1080
echo "Disabling system proxy..."
networksetup -setsocksfirewallproxystate "Wi-Fi" off
echo " System proxy disabled"
echo "Stopping SSH tunnels..."
pkill -f "ssh -D $port"
echo " SSH tunnels stopped"
}
function tunnel-status() {
local port=1080
echo "=== System Proxy Status ==="
networksetup -getsocksfirewallproxy "Wi-Fi" | grep -E "Enabled|Server|Port"
echo ""
echo "=== Active SSH Tunnels ==="
local tunnels=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$tunnels" ]]; then
echo "$tunnels"
else
echo "No active SSH tunnels"
fi
}
'';
home.packages = with pkgs; [ home.packages = with pkgs; [
texlive.combined.scheme-full texlive.combined.scheme-full
httpie httpie

5
hosts/nixos/home-default.nix
View file

@ -29,11 +29,6 @@
# nixOS-specific alias # nixOS-specific alias
programs.zsh.shellAliases = { programs.zsh.shellAliases = {
oss = "sudo nixos-rebuild switch --flake ~/.config/nix#$(hostname)"; oss = "sudo nixos-rebuild switch --flake ~/.config/nix#$(hostname)";
# Network monitoring aliases (no sudo needed - NixOS module handles permissions)
bw = "bandwhich";
bw-raw = "bandwhich --raw";
bw-dns = "bandwhich --show-dns";
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [

68
modules/gnome/home.nix
View file

@ -250,73 +250,5 @@ in
}; };
}; };
# SSH tunnel functions for SOCKS proxy via GNOME system proxy
programs.zsh.initContent = ''
# SSH tunnel functions for easy VPN-like functionality
function tunnel-on() {
if [[ -z "$1" ]]; then
echo "Usage: tunnel-on <host>"
return 1
fi
local host="$1"
local port=1080 # Use port 1080 (standard SOCKS port)
# Check if there's already an active tunnel
local existing_tunnel=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$existing_tunnel" ]]; then
echo "Existing tunnel detected. Switching to $host..."
echo "Stopping current tunnel..."
pkill -f "ssh -D $port"
sleep 1
fi
echo "Starting SOCKS tunnel to $host on port $port..."
# Start SSH tunnel in background
ssh -D $port -N -f "$host"
if [[ $? -eq 0 ]]; then
echo "Tunnel established. Configuring system proxy..."
# Configure GNOME system proxy settings
gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.socks host 'localhost'
gsettings set org.gnome.system.proxy.socks port $port
echo " System proxy enabled (localhost:$port -> $host)"
else
echo " Failed to establish tunnel to $host"
return 1
fi
}
function tunnel-off() {
local port=1080
echo "Disabling system proxy..."
gsettings set org.gnome.system.proxy mode 'none'
echo " System proxy disabled"
echo "Stopping SSH tunnels..."
pkill -f "ssh -D $port"
echo " SSH tunnels stopped"
}
function tunnel-status() {
local port=1080
echo "=== GNOME System Proxy Status ==="
echo "Mode: $(gsettings get org.gnome.system.proxy mode)"
echo "SOCKS Host: $(gsettings get org.gnome.system.proxy.socks host)"
echo "SOCKS Port: $(gsettings get org.gnome.system.proxy.socks port)"
echo ""
echo "=== Active SSH Tunnels ==="
local tunnels=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$tunnels" ]]; then
echo "$tunnels"
else
echo "No active SSH tunnels"
fi
}
'';
}; };
} }

119
modules/hyprland/home.nix
View file

@ -412,125 +412,6 @@
programs.zsh.initContent = '' programs.zsh.initContent = ''
# Quickly restart Hyprland session (graceful logout) # Quickly restart Hyprland session (graceful logout)
alias hypr-restart='loginctl terminate-session' alias hypr-restart='loginctl terminate-session'
# SSH tunnel functions for transparent system-wide SOCKS proxy via redsocks
function tunnel-on() {
if [[ -z "$1" ]]; then
echo "Usage: tunnel-on <host>"
return 1
fi
local host="$1"
local port=1080 # SOCKS port
local redsocks_port=12345 # Redsocks local port
# Check if there's already an active tunnel
local existing_tunnel=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$existing_tunnel" ]]; then
echo "Existing tunnel detected. Switching to $host..."
echo "Stopping current tunnel..."
pkill -f "ssh -D $port"
sleep 1
fi
echo "Starting SOCKS tunnel to $host on port $port..."
# Start SSH tunnel in background
ssh -D $port -N -f "$host"
if [[ $? -ne 0 ]]; then
echo " Failed to establish tunnel to $host"
return 1
fi
echo " Tunnel established"
# Start redsocks
echo "Starting redsocks transparent proxy..."
redsocks -c ~/.config/redsocks/redsocks.conf
if [[ $? -ne 0 ]]; then
echo " Failed to start redsocks"
pkill -f "ssh -D $port"
return 1
fi
echo " Redsocks started"
# Configure iptables rules for transparent proxying
echo "Configuring iptables rules..."
# Create REDSOCKS chain if it doesn't exist
sudo iptables -t nat -N REDSOCKS 2>/dev/null || sudo iptables -t nat -F REDSOCKS
# Exclude localhost networks
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
# Redirect all other TCP traffic to redsocks
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports $redsocks_port
# Apply the REDSOCKS chain to OUTPUT
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
echo " System-wide proxy enabled (localhost:$port -> $host)"
echo "All TCP traffic is now routed through the SSH tunnel"
}
function tunnel-off() {
local port=1080
echo "Removing iptables rules..."
# Remove REDSOCKS chain from OUTPUT
sudo iptables -t nat -D OUTPUT -p tcp -j REDSOCKS 2>/dev/null
# Flush and delete REDSOCKS chain
sudo iptables -t nat -F REDSOCKS 2>/dev/null
sudo iptables -t nat -X REDSOCKS 2>/dev/null
echo " iptables rules removed"
echo "Stopping redsocks..."
pkill -f "redsocks -c"
echo " Redsocks stopped"
echo "Stopping SSH tunnels..."
pkill -f "ssh -D $port"
echo " SSH tunnels stopped"
echo "System-wide proxy disabled"
}
function tunnel-status() {
local port=1080
local redsocks_port=12345
echo "=== SSH Tunnel Status ==="
local tunnels=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$tunnels" ]]; then
echo " Active SSH tunnel:"
echo "$tunnels"
else
echo " No active SSH tunnels"
fi
echo ""
echo "=== Redsocks Status ==="
local redsocks=$(ps aux | grep -E "redsocks -c" | grep -v grep)
if [[ -n "$redsocks" ]]; then
echo " Redsocks running:"
echo "$redsocks"
else
echo " Redsocks not running"
fi
echo ""
echo "=== iptables REDSOCKS Chain ==="
if sudo iptables -t nat -L REDSOCKS -n 2>/dev/null | grep -q "Chain REDSOCKS"; then
echo " REDSOCKS chain exists:"
sudo iptables -t nat -L REDSOCKS -n --line-numbers
else
echo " REDSOCKS chain not configured"
fi
echo ""
echo "=== Network Test ==="
echo "Your current IP (via proxy if enabled):"
timeout 5 curl -s https://api.ipify.org 2>/dev/null || echo "Failed to fetch IP"
}
''; '';
# Cursor theme configuration # Cursor theme configuration