lebowski/NixOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix vpn and add rofi toggle

Browse source
This commit is contained in:
GammaKinematics 2026-03-30 17:57:08 +07:00
parent 43998b73d7
commit ae06e0c8c2
3 changed files with 39 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Hetzner/axiomania.nix
View file

@ -11,6 +11,7 @@
networking.firewall = {
allowedTCPPorts = [ 22 80 443 2222 ];
allowedUDPPorts = [ 51820 53 ]; # Wireguard, Adguard DNS
checkReversePath = "loose"; # Required for WireGuard NAT
};
# ============================================================================
@ -259,7 +260,7 @@
# NAT for Wireguard clients to access the internet
networking.nat = {
enable = true;
externalInterface = "ens3";
externalInterface = "enp1s0";
internalInterfaces = [ "wg0" ];
};

25
Rofi/Scripts/system.sh
View file

@ -35,6 +35,12 @@ get_brightness_external() {
fi
}
get_power_profile() { powerprofilesctl get 2>/dev/null || echo "balanced"; }
get_vpn_status() {
if systemctl is-active wg-quick-wg-vpn &>/dev/null; then echo "vpn"
elif systemctl is-active wg-quick-wg-services &>/dev/null; then echo "services"
else echo "off"
fi
}
get_default_sink_id() {
wpctl inspect @DEFAULT_AUDIO_SINK@ 2>/dev/null | head -1 | awk '{print $2}' | tr -d ','
@ -85,6 +91,12 @@ show_main() {
echo "󰃟 Brightness"
echo "󰤨 WiFi"
echo "󰂯 Bluetooth"
local vpn_status=$(get_vpn_status)
case "$vpn_status" in
services) echo "󰒄 VPN: Services" ;;
vpn) echo "󰛳 VPN: Full + AdBlock" ;;
*) echo "󰲛 VPN: Off" ;;
esac
echo "󱐋 Power Profile"
echo "󰐥 Power"
}
@ -177,6 +189,19 @@ handle_main() {
case "$SELECTION" in
*"Sound"*) show_sound ;;
*"Brightness"*) show_brightness ;;
*"VPN:"*)
local vpn_status=$(get_vpn_status)
case "$vpn_status" in
off) busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StartUnit ss wg-quick-wg-services.service replace &>/dev/null ;;
services)
busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StopUnit ss wg-quick-wg-services.service replace &>/dev/null
busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StartUnit ss wg-quick-wg-vpn.service replace &>/dev/null ;;
vpn)
busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StopUnit ss wg-quick-wg-vpn.service replace &>/dev/null
busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager StartUnit ss wg-quick-wg-services.service replace &>/dev/null ;;
esac
sleep 1
show_main ;;
*"WiFi"*) coproc (rofi-network-manager &); exit 0 ;;
*"Bluetooth"*) coproc (rofi-bluetooth &); exit 0 ;;
*"Power Profile"*) show_power_profile ;;

12
configuration.nix
View file

@ -85,6 +85,18 @@
programs.nix-ld.enable = true;
# Allow lebowski to toggle WireGuard without password
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
subject.user == "lebowski" &&
(action.lookup("unit") == "wg-quick-wg-services.service" ||
action.lookup("unit") == "wg-quick-wg-vpn.service")) {
return polkit.Result.YES;
}
});
'';
services.pulseaudio.enable = false;
security.rtkit.enable = true;