fix: dns in podman containers

fix: deprecations
feat: use sing-box-extended by default
2025-07-18 16:35:39 +03:00 · 2025-07-18 16:20:47 +03:00 · 2025-07-18 16:20:34 +03:00 · 2025-07-18 16:20:07 +03:00
9 changed files with 106 additions and 23 deletions
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1751641756,
-        "narHash": "sha256-5fXKpa5iVpsnsHUhiqMQ1gXdOGwEKc61fXhaMZn7Gb4=",
+        "lastModified": 1752784378,
+        "narHash": "sha256-/SCDPErJkEuKEdZjj9wwyq4otLeyGMU4pe51saRABno=",
        "owner": "AtaraxiaSjel",
        "repo": "nur",
-        "rev": "73e0fbc32ab305d50b84ab351c31604f003b50a8",
+        "rev": "b8efe256d1eba2247ef98b1cc49cf0bab32531d7",
        "type": "github"
      },
      "original": {
@ -1077,6 +1077,7 @@
        "nixpkgs-unstable": "nixpkgs-unstable",
        "quadlet-nix": "quadlet-nix",
        "sops-nix": "sops-nix",
+        "spicetify-nix": "spicetify-nix",
        "srvos": "srvos",
        "walker": "walker"
      }
@ -1122,6 +1123,27 @@
        "type": "github"
      }
    },
+    "spicetify-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems_4"
+      },
+      "locked": {
+        "lastModified": 1752381641,
+        "narHash": "sha256-R2iDZb94RosuCeuIukacZVVXxzWYr4jn/QI/ax15nW8=",
+        "owner": "Gerg-L",
+        "repo": "spicetify-nix",
+        "rev": "8f9fd947c52aa6adb6bafe72516eccf186708954",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Gerg-L",
+        "repo": "spicetify-nix",
+        "type": "github"
+      }
+    },
    "srvos": {
      "inputs": {
        "nixpkgs": [
@ -1188,6 +1210,21 @@
      }
    },
    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_5": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@ -1225,7 +1262,7 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems_4"
+        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1752655476,
--- a/flake.nix
+++ b/flake.nix
@ -65,6 +65,10 @@
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    spicetify-nix = {
+      url = "github:Gerg-L/spicetify-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    srvos = {
      url = "github:nix-community/srvos";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/hosts/redshift/services.nix
+++ b/hosts/redshift/services.nix
@ -13,6 +13,7 @@ let
  cfgOcis = config.services.ocis;
 in
 {
+  environment.systemPackages = [ pkgs.sing-box-extended ];
  # Tailscale exit-node
  services.tailscale = {
    enable = true;
--- a/modules/home/applications/spotify.nix
+++ b/modules/home/applications/spotify.nix
@ -2,24 +2,49 @@
  config,
  lib,
  pkgs,
+  inputs,
  ...
 }:
 let
-  inherit (lib) getExe mkEnableOption mkIf;
+  inherit (lib) mkEnableOption mkIf;
  cfg = config.ataraxia.programs.spotify;
+
+  spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.hostPlatform.system};
 in
 {
+  imports = [ inputs.spicetify-nix.homeManagerModules.default ];
+
  options.ataraxia.programs.spotify = {
    enable = mkEnableOption "Enable spotify program";
+    spicetify = mkEnableOption "Enable spicetify module" // {
+      default = true;
+    };
  };

  config = mkIf cfg.enable {
-    home.packages = with pkgs; [
-      spotifywm
+    programs.spicetify = mkIf cfg.spicetify {
+      enable = true;
+      experimentalFeatures = true;
+      enabledExtensions = with spicePkgs.extensions; [
+        adblockify
+        hidePodcasts
+        shuffle
+      ];
+      theme = spicePkgs.themes.catppuccin;
+      colorScheme = if config ? catppuccin then config.catppuccin.flavor else "mocha";
+      windowManagerPatch = true;
+    };
+
+    home.packages = mkIf (!cfg.spicetify) [
+      pkgs.spotifywm
    ];

    defaultApplications.spotify = {
-      cmd = getExe pkgs.spotifywm;
+      cmd =
+        if cfg.spicetify then
+          "${config.programs.spicetify.spicedSpotify}/bin/spotify"
+        else
+          "${pkgs.spotifywm}/bin/spotify";
      desktop = "spotify";
    };

--- a/modules/home/roles/default.nix
+++ b/modules/home/roles/default.nix
@ -32,7 +32,7 @@ in
  };

  imports = [
-    inputs.nix-index-database.hmModules.nix-index
+    inputs.nix-index-database.homeModules.nix-index
  ];

  config =
--- a/modules/nixos/applications/corectrl.nix
+++ b/modules/nixos/applications/corectrl.nix
@ -16,11 +16,10 @@ in
  };

  config = mkIf cfg.enable {
-    programs.corectrl = {
-      enable = true;
-      gpuOverclock.enable = true;
-      # gpuOverclock.ppfeaturemask = "0xffffffff";
-    };
+    programs.corectrl.enable = true;
+
+    hardware.amdgpu.overdrive.enable = true;
+    # hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";

    home-manager = mkIf useHomeManager {
      users.${defaultUser} = {
--- a/modules/nixos/containers/media-stack/default.nix
+++ b/modules/nixos/containers/media-stack/default.nix
@ -28,7 +28,6 @@ let
    "0.0.0.0:7000:7000"
    "0.0.0.0:7000:7000/udp"
  ];
-  pod-dns = "10.10.10.1";
 in
 {
  imports = [
@ -67,7 +66,6 @@ in

    virtualisation.quadlet.pods.media-stack = {
      podConfig = {
-        dns = [ pod-dns ];
        networks = [ networks.br-services.ref ];
        publishPorts = open-ports;
      };
--- a/modules/nixos/virtualisation/virtualisation.nix
+++ b/modules/nixos/virtualisation/virtualisation.nix
@ -6,7 +6,12 @@
  ...
 }:
 let
-  inherit (lib) mkEnableOption mkIf optionals;
+  inherit (lib)
+    mapAttrs
+    mkEnableOption
+    mkIf
+    optionals
+    ;
  cfg = config.ataraxia.virtualisation;

  defaultUser = config.ataraxia.defaults.users.defaultUser;
@ -75,14 +80,13 @@ in
      spiceUSBRedirection.enable = cfg.libvirt;

      quadlet = {
-        enable = true;
+        enable = cfg.podman;
        autoEscape = true;
        autoUpdate.enable = false;
        networks = {
          br-services.networkConfig = {
-            # TODO: enable dns, fix dns resolution
-            # dns = [ "10.10.10.1" ];
-            disableDns = true;
+            disableDns = false;
+            dns = [ "10.10.10.1" ];
            driver = "bridge";
            ipamDriver = "host-local";
            ipv6 = false;
@ -110,7 +114,22 @@ in
      ];
    };

-    networking.firewall.trustedInterfaces = mkIf cfg.libvirt [ "virbr0" ];
+    networking.firewall = {
+      trustedInterfaces = mkIf cfg.libvirt [ "virbr0" ];
+      interfaces =
+        {
+          "podman*".allowedUDPPorts = mkIf cfg.podman [
+            53
+            5353
+          ];
+        }
+        // mapAttrs (_: _: {
+          allowedUDPPorts = [
+            53
+            5353
+          ];
+        }) config.virtualisation.quadlet.networks;
+    };

    security.unprivilegedUsernsClone = true;

--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -42,7 +42,7 @@ in
  # youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
  # yt-archivist = prev.callPackage ./packages/yt-archivist { };
  yt-dlp = unstable.yt-dlp;
-  sing-box = unstable.sing-box;
+  sing-box = final.sing-box-extended;
  wine = prev.wineWow64Packages.stagingFull;

  # Patch spotify with spotx
Author	SHA1	Message	Date
Dmitriy Kholkin	089cef5e37	fix: dns in podman containers	2025-07-18 16:35:39 +03:00
Dmitriy Kholkin	1def5dd78b	fix: deprecations	2025-07-18 16:20:47 +03:00
Dmitriy Kholkin	239b5825b4	feat: use sing-box-extended by default	2025-07-18 16:20:34 +03:00
Dmitriy Kholkin	516b1b2a38	feat: enable spicetify	2025-07-18 16:20:07 +03:00