nixos/throne: rename from nekoray

nixos/modules/module-list.nix

@@ -269,7 +269,6 @@
   ./programs/nano.nix
   ./programs/nautilus-open-any-terminal.nix
   ./programs/nbd.nix
-  ./programs/nekoray.nix
   ./programs/neovim.nix
   ./programs/nethoscope.nix
   ./programs/nexttrace.nix
@@ -327,6 +326,7 @@
   ./programs/systemtap.nix
   ./programs/tcpdump.nix
   ./programs/television.nix
+  ./programs/throne.nix
   ./programs/thunar.nix
   ./programs/thunderbird.nix
   ./programs/tmux.nix

nixos/modules/programs/throne.nix

@@ -6,20 +6,24 @@
 }:
 
 let
-  cfg = config.programs.nekoray;
+  cfg = config.programs.throne;
 in
 {
-  options = {
-    programs.nekoray = {
-      enable = lib.mkEnableOption "nekoray, a GUI proxy configuration manager";
+  imports = [
+    (lib.mkRenamedOptionModule [ "programs" "nekoray" ] [ "programs" "throne" ])
+  ];
 
-      package = lib.mkPackageOption pkgs "nekoray" { };
+  options = {
+    programs.throne = {
+      enable = lib.mkEnableOption "Throne, a GUI proxy configuration manager";
+
+      package = lib.mkPackageOption pkgs "throne" { };
 
       tunMode = {
-        enable = lib.mkEnableOption "TUN mode of nekoray";
+        enable = lib.mkEnableOption "TUN mode of Throne";
 
         setuid = lib.mkEnableOption ''
-          setting suid bit for nekobox_core to run as root, which is less
+          setting suid bit for throne-core to run as root, which is less
           secure than default setcap method but closer to upstream assumptions.
           Enable this if you find the default setcap method configured in
           this module doesn't work for you
@@ -29,10 +33,11 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+
     environment.systemPackages = [ cfg.package ];
 
-    security.wrappers.nekobox_core = lib.mkIf cfg.tunMode.enable {
-      source = "${cfg.package}/share/nekoray/nekobox_core";
+    security.wrappers.throne-core = lib.mkIf cfg.tunMode.enable {
+      source = "${cfg.package}/share/throne/Core";
       owner = "root";
       group = "root";
       setuid = lib.mkIf cfg.tunMode.setuid true;
@@ -44,7 +49,7 @@ in
 
     # avoid resolvectl password prompt popping up three times
     # https://github.com/SagerNet/sing-tun/blob/0686f8c4f210f4e7039c352d42d762252f9d9cf5/tun_linux.go#L1062
-    # We use a hack here to determine whether the requested process is nekobox_core
+    # We use a hack here to determine whether the requested process is throne-core
     # Detect whether its capabilities contain at least `net_admin` and `net_raw`.
     # This does not reduce security, as we can already bypass `resolved` with them.
     # Alternatives to consider:
@@ -56,9 +61,9 @@ in
     #    change its own cmdline. `/proc/<pid>/exe` is reliable but kernel forbids
     #    checking that entry of process from different users, and polkit runs `spawn`
     #    as an unprivileged user.
-    # 3. Put nekobox_core into a systemd service, and let polkit check service name.
+    # 3. Put throne-core into a systemd service, and let polkit check service name.
     #    This is the most secure and convenient way but requires heavy modification
-    #    to nekoray source code. Would be good to let upstream support that eventually.
+    #    to Throne source code. Would be good to let upstream support that eventually.
     security.polkit.extraConfig =
       lib.mkIf (cfg.tunMode.enable && (!cfg.tunMode.setuid) && config.services.resolved.enable)
         ''