From ae06e0c8c20cbca8b61a11d811c72964a2249e2e Mon Sep 17 00:00:00 2001 From: GammaKinematics Date: Mon, 30 Mar 2026 17:57:08 +0700 Subject: [PATCH] fix vpn and add rofi toggle --- Hetzner/axiomania.nix | 3 ++- Rofi/Scripts/system.sh | 25 +++++++++++++++++++++++++ configuration.nix | 12 ++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/Hetzner/axiomania.nix b/Hetzner/axiomania.nix index 2fb126e..c235808 100644 --- a/Hetzner/axiomania.nix +++ b/Hetzner/axiomania.nix @@ -11,6 +11,7 @@ networking.firewall = { allowedTCPPorts = [ 22 80 443 2222 ]; allowedUDPPorts = [ 51820 53 ]; # Wireguard, Adguard DNS + checkReversePath = "loose"; # Required for WireGuard NAT }; # ============================================================================ @@ -259,7 +260,7 @@ # NAT for Wireguard clients to access the internet networking.nat = { enable = true; - externalInterface = "ens3"; + externalInterface = "enp1s0"; internalInterfaces = [ "wg0" ]; }; diff --git a/Rofi/Scripts/system.sh b/Rofi/Scripts/system.sh index c8fa3ef..407fe0c 100644 --- a/Rofi/Scripts/system.sh +++ b/Rofi/Scripts/system.sh @@ -35,6 +35,12 @@ get_brightness_external() { fi } get_power_profile() { powerprofilesctl get 2>/dev/null || echo "balanced"; } +get_vpn_status() { + if systemctl is-active wg-quick-wg-vpn &>/dev/null; then echo "vpn" + elif systemctl is-active wg-quick-wg-services &>/dev/null; then echo "services" + else echo "off" + fi +} get_default_sink_id() { wpctl inspect @DEFAULT_AUDIO_SINK@ 2>/dev/null | head -1 | awk '{print $2}' | tr -d ',' @@ -85,6 +91,12 @@ show_main() { echo "󰃟 Brightness" echo "󰤨 WiFi" echo "󰂯 Bluetooth" + local vpn_status=$(get_vpn_status) + case "$vpn_status" in + services) echo "󰒄 VPN: Services" ;; + vpn) echo "󰛳 VPN: Full + AdBlock" ;; + *) echo "󰲛 VPN: Off" ;; + esac echo "󱐋 Power Profile" echo "󰐥 Power" } @@ -177,6 +189,19 @@ handle_main() { case "$SELECTION" in *"Sound"*) show_sound ;; *"Brightness"*) show_brightness ;; + *"VPN:"*) + local vpn_status=$(get_vpn_status) + case "$vpn_status" in + off) busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StartUnit ss wg-quick-wg-services.service replace &>/dev/null ;; + services) + busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StopUnit ss wg-quick-wg-services.service replace &>/dev/null + busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StartUnit ss wg-quick-wg-vpn.service replace &>/dev/null ;; + vpn) + busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StopUnit ss wg-quick-wg-vpn.service replace &>/dev/null + busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StartUnit ss wg-quick-wg-services.service replace &>/dev/null ;; + esac + sleep 1 + show_main ;; *"WiFi"*) coproc (rofi-network-manager &); exit 0 ;; *"Bluetooth"*) coproc (rofi-bluetooth &); exit 0 ;; *"Power Profile"*) show_power_profile ;; diff --git a/configuration.nix b/configuration.nix index e8c6967..46dfa70 100755 --- a/configuration.nix +++ b/configuration.nix @@ -85,6 +85,18 @@ programs.nix-ld.enable = true; + # Allow lebowski to toggle WireGuard without password + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + subject.user == "lebowski" && + (action.lookup("unit") == "wg-quick-wg-services.service" || + action.lookup("unit") == "wg-quick-wg-vpn.service")) { + return polkit.Result.YES; + } + }); + ''; + services.pulseaudio.enable = false; security.rtkit.enable = true;