4 files changed, 107 insertions, 49 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix
index 4f4897f5..70a5c9f2 100644
--- a/accounts/gkleen@sif/default.nix
+++ b/accounts/gkleen@sif/default.nix
@@ -59,30 +59,6 @@ let
    wrapProgram $out/bin/zulip \
      --add-flags '--force-device-scale-factor=1.6'
  '';
-  sshpassSecret = pkgs.writeScriptBin "sshpass-secret" ''
-    #!${pkgs.zsh}/bin/zsh -e
-    typeset -a cmd
-    cmd=()
-    while
-      if [[ "$#" -le 0 ]]; then
-        echo "Insufficient arguments" >&2
-        exit 2
-      fi
-      arg="''${1}"
-      shift
-    do
-      [[ "''${arg}" == '--' ]] && break
-      user=''${arg%@*}
-      host=''${arg#*@}
-      exec {fdnum}< <(${pkgs.gnome.libsecret}/bin/secret-tool lookup service sshpass host "''${host}" user "''${user}")
-      cmd+=(${pkgs.sshpass}/bin/sshpass -d ''${fdnum} -P "''${user}@''${host}'s password:")
-    done
-    cmd+=($@)
-    exec -a ''${cmd[1]} -- $cmd
-  '';
 in {
  imports = with flake.nixosModules.userProfiles.${userName}; [
    mpv yt-dlp
@@ -329,7 +305,7 @@ in {
      keyboard = {
        layout = "us";
        variant = "dvp";
-        options = [ "ctl:nocaps" ];
+        options = [ "ctl:nocaps" "compose:caps" ];
      };
    };
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index b1ac2a05..06b9ccaa 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -287,6 +287,24 @@
    { hostname = "mathw0h.mathinst.loc";
      proxyJump = "mathw0g";
    };
+  "proxy.mathw0g" =
+    { hostname = "mathw0g.math.lmu.de";
+      extraOptions = {
+        ControlPath = "none";
+        ServerAliveCountMax = "3";
+        ServerAliveInterval = "1";
+      };
+    };
+  "proxy.mathw0h" =
+    { hostname = "mathw0h.mathinst.loc";
+      proxyJump = "proxy.mathw0g";
+      extraOptions = {
+        ControlPath = "none";
+        ExitOnForwardFailure = "yes";
+        ServerAliveCountMax = "3";
+        ServerAliveInterval = "1";
+      };
+    };
  "vrt-kvm04" =
    { hostname = "vrt-kvm04";
      proxyJump = "mathw0e";
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 56965b74..4ebecb93 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -2,6 +2,36 @@
 let
  xmobar = import ./xmobar pkgs.haskellPackages;
  cfg = config.home-manager.users.${userName};
+  autossh-socks-script = pkgs.writeScript "autossh" ''
+    #!${pkgs.zsh}/bin/zsh -xe
+    host="''${1%:*}"
+    port="''${1#*:}"
+    typeset -a cmd
+    cmd=()
+    if [[ -n "''${SSHPASS_SECRET}" ]]; then
+      cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
+      cmd+=("''${(@s/:/)SSHPASS_SECRET}")
+      cmd+=(--)
+    fi
+    cmd+=(${pkgs.openssh}/bin/ssh -vvN -D localhost:''${port} "''${host}")
+    ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
+    pid=$!
+    ${pkgs.systemd}/bin/systemd-notify --pid="''${pid}"
+    while ! ${pkgs.netcat-openbsd.nc}/bin/nc -z -v localhost ''${port}; do
+      ${pkgs.coreutils}/bin/sleep 0.1
+    done
+    ${pkgs.systemd}/bin/systemd-notify --ready
+    wait "''${pid}"
+  '';
 in {
  services = {
    sync-keepass = {
@@ -16,30 +46,6 @@ in {
        After = ["graphical-session-pre.target"];
      };
    };
-    # trayer = {
-    #   Service = {
-    #     Type = "simple";
-    #     WorkingDirectory = "~";
-    #     ExecStart = "${pkgs.trayer}/bin/trayer --edge top --align right --SetDockType true --SetPartialStrut true --expand true --width 8 --tint 0x000000 --alpha 0 --transparent true --height 32 --monitor primary";
-    #     Restart = "always";
-    #   };
-    #   Install = {
-    #     WantedBy = ["graphical-session.target"];
-    #   };
-    # };
-    # xmobar = {
-    #   Service = {
-    #     Type = "simple";
-    #     WorkingDirectory = "~";
-    #     ExecStart = "${xmobar}/bin/xmobar";
-    #     Restart = "always";
-    #     Environment = "PATH=${pkgs.worktime}/bin:${pkgs.openssh}/bin";
-    #   };
-    #   Install = {
-    #     WantedBy = ["graphical-session.target"];
-    #   };
-    # };
    taffybar = {
      Service = {
        Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin";
@@ -61,6 +67,38 @@ in {
        Restart = "always";
      };
    };
+    "autossh-socks@proxy.mathw0h:8119" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+      };
+    };
+    "proxy-to-autossh-socks@8118" = {
+      Unit = {
+        Requires = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"];
+        After = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"];
+      };
+      Service = {
+        ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:8119";
+      };
+    };
+  };
+  sockets = {
+    "proxy-to-autossh-socks@8118" = {
+      Socket = {
+        ListenStream = "%I";
+      };
+      Install = {
+        WantedBy = ["default.target"];
+      };
+    };
  };
  timers = {
    sync-keepass = {
diff --git a/overlays/sshpass-secret.nix b/overlays/sshpass-secret.nix
new file mode 100644
index 00000000..cfd19afe
--- /dev/null
+++ b/overlays/sshpass-secret.nix
@@ -0,0 +1,26 @@
+final: prev: {
+  sshpassSecret = prev.writeScriptBin "sshpass-secret" ''
+    #!${final.zsh}/bin/zsh -e
+    typeset -a cmd
+    cmd=()
+    while
+      if [[ "$#" -le 0 ]]; then
+        echo "Insufficient arguments" >&2
+        exit 2
+      fi
+      arg="''${1}"
+      shift
+    do
+      [[ "''${arg}" == '--' ]] && break
+      user=''${arg%@*}
+      host=''${arg#*@}
+      exec {fdnum}< <(${final.gnome.libsecret}/bin/secret-tool lookup service sshpass host "''${host}" user "''${user}")
+      cmd+=(${final.sshpass}/bin/sshpass -d ''${fdnum} -P "''${user}@''${host}'s password:")
+    done
+    cmd+=($@)
+    exec -a ''${cmd[1]} -- $cmd
+  '';
+}

diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 4f4897f5..70a5c9f2 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix
@@ -59,30 +59,6 @@ let
59	wrapProgram $out/bin/zulip \	59	wrapProgram $out/bin/zulip \
60	--add-flags '--force-device-scale-factor=1.6'	60	--add-flags '--force-device-scale-factor=1.6'
61	'';	61	'';
62	sshpassSecret = pkgs.writeScriptBin "sshpass-secret" ''
63	#!${pkgs.zsh}/bin/zsh -e
64
65	typeset -a cmd
66	cmd=()
67
68	while
69	if [[ "$#" -le 0 ]]; then
70	echo "Insufficient arguments" >&2
71	exit 2
72	fi
73	arg="''${1}"
74	shift
75	do
76	[[ "''${arg}" == '--' ]] && break
77	user=''${arg%@*}
78	host=''${arg#*@}
79	exec {fdnum}< <(${pkgs.gnome.libsecret}/bin/secret-tool lookup service sshpass host "''${host}" user "''${user}")
80	cmd+=(${pkgs.sshpass}/bin/sshpass -d ''${fdnum} -P "''${user}@''${host}'s password:")
81	done
82
83	cmd+=($@)
84	exec -a ''${cmd[1]} -- $cmd
85	'';
86	in {	62	in {
87	imports = with flake.nixosModules.userProfiles.${userName}; [	63	imports = with flake.nixosModules.userProfiles.${userName}; [
88	mpv yt-dlp	64	mpv yt-dlp
@@ -329,7 +305,7 @@ in {
329	keyboard = {	305	keyboard = {
330	layout = "us";	306	layout = "us";
331	variant = "dvp";	307	variant = "dvp";
332	options = [ "ctl:nocaps" ];	308	options = [ "ctl:nocaps" "compose:caps" ];
333	};	309	};
334	};	310	};
335		311


diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index b1ac2a05..06b9ccaa 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -287,6 +287,24 @@
287	{ hostname = "mathw0h.mathinst.loc";	287	{ hostname = "mathw0h.mathinst.loc";
288	proxyJump = "mathw0g";	288	proxyJump = "mathw0g";
289	};	289	};
		290	"proxy.mathw0g" =
		291	{ hostname = "mathw0g.math.lmu.de";
		292	extraOptions = {
		293	ControlPath = "none";
		294	ServerAliveCountMax = "3";
		295	ServerAliveInterval = "1";
		296	};
		297	};
		298	"proxy.mathw0h" =
		299	{ hostname = "mathw0h.mathinst.loc";
		300	proxyJump = "proxy.mathw0g";
		301	extraOptions = {
		302	ControlPath = "none";
		303	ExitOnForwardFailure = "yes";
		304	ServerAliveCountMax = "3";
		305	ServerAliveInterval = "1";
		306	};
		307	};
290	"vrt-kvm04" =	308	"vrt-kvm04" =
291	{ hostname = "vrt-kvm04";	309	{ hostname = "vrt-kvm04";
292	proxyJump = "mathw0e";	310	proxyJump = "mathw0e";


diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 56965b74..4ebecb93 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix
@@ -2,6 +2,36 @@
2	let	2	let
3	xmobar = import ./xmobar pkgs.haskellPackages;	3	xmobar = import ./xmobar pkgs.haskellPackages;
4	cfg = config.home-manager.users.${userName};	4	cfg = config.home-manager.users.${userName};
		5
		6	autossh-socks-script = pkgs.writeScript "autossh" ''
		7	#!${pkgs.zsh}/bin/zsh -xe
		8
		9	host="''${1%:*}"
		10	port="''${1#*:}"
		11
		12	typeset -a cmd
		13	cmd=()
		14
		15	if [[ -n "''${SSHPASS_SECRET}" ]]; then
		16	cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
		17	cmd+=("''${(@s/:/)SSHPASS_SECRET}")
		18	cmd+=(--)
		19	fi
		20
		21	cmd+=(${pkgs.openssh}/bin/ssh -vvN -D localhost:''${port} "''${host}")
		22
		23	( exec -a "''${cmd[1]}" -- ''${cmd} ) &
		24	pid=$!
		25	${pkgs.systemd}/bin/systemd-notify --pid="''${pid}"
		26
		27	while ! ${pkgs.netcat-openbsd.nc}/bin/nc -z -v localhost ''${port}; do
		28	${pkgs.coreutils}/bin/sleep 0.1
		29	done
		30
		31	${pkgs.systemd}/bin/systemd-notify --ready
		32
		33	wait "''${pid}"
		34	'';
5	in {	35	in {
6	services = {	36	services = {
7	sync-keepass = {	37	sync-keepass = {
@@ -16,30 +46,6 @@ in {
16	After = ["graphical-session-pre.target"];	46	After = ["graphical-session-pre.target"];
17	};	47	};
18	};	48	};
19	# trayer = {
20	# Service = {
21	# Type = "simple";
22	# WorkingDirectory = "~";
23	# ExecStart = "${pkgs.trayer}/bin/trayer --edge top --align right --SetDockType true --SetPartialStrut true --expand true --width 8 --tint 0x000000 --alpha 0 --transparent true --height 32 --monitor primary";
24	# Restart = "always";
25	# };
26	# Install = {
27	# WantedBy = ["graphical-session.target"];
28	# };
29	# };
30	# xmobar = {
31	# Service = {
32	# Type = "simple";
33	# WorkingDirectory = "~";
34	# ExecStart = "${xmobar}/bin/xmobar";
35	# Restart = "always";
36	# Environment = "PATH=${pkgs.worktime}/bin:${pkgs.openssh}/bin";
37
38	# };
39	# Install = {
40	# WantedBy = ["graphical-session.target"];
41	# };
42	# };
43	taffybar = {	49	taffybar = {
44	Service = {	50	Service = {
45	Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin";	51	Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin";
@@ -61,6 +67,38 @@ in {
61	Restart = "always";	67	Restart = "always";
62	};	68	};
63	};	69	};
		70	"autossh-socks@proxy.mathw0h:8119" = {
		71	Service = {
		72	Type = "notify";
		73	NotifyAccess = "all";
		74	WorkingDirectory = "~";
		75	Restart = "always";
		76	ExecStart = "${autossh-socks-script} \"%I\"";
		77	Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
		78	};
		79	Unit = {
		80	StopWhenUnneeded = true;
		81	};
		82	};
		83	"proxy-to-autossh-socks@8118" = {
		84	Unit = {
		85	Requires = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"];
		86	After = ["autossh-socks@proxy.mathw0h:8119.service" "proxy-to-autossh-socks@8118.socket"];
		87	};
		88	Service = {
		89	ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:8119";
		90	};
		91	};
		92	};
		93	sockets = {
		94	"proxy-to-autossh-socks@8118" = {
		95	Socket = {
		96	ListenStream = "%I";
		97	};
		98	Install = {
		99	WantedBy = ["default.target"];
		100	};
		101	};
64	};	102	};
65	timers = {	103	timers = {
66	sync-keepass = {	104	sync-keepass = {


diff --git a/overlays/sshpass-secret.nix b/overlays/sshpass-secret.nix new file mode 100644 index 00000000..cfd19afe --- /dev/null +++ b/overlays/sshpass-secret.nix
@@ -0,0 +1,26 @@
		1	final: prev: {
		2	sshpassSecret = prev.writeScriptBin "sshpass-secret" ''
		3	#!${final.zsh}/bin/zsh -e
		4
		5	typeset -a cmd
		6	cmd=()
		7
		8	while
		9	if [[ "$#" -le 0 ]]; then
		10	echo "Insufficient arguments" >&2
		11	exit 2
		12	fi
		13	arg="''${1}"
		14	shift
		15	do
		16	[[ "''${arg}" == '--' ]] && break
		17	user=''${arg%@*}
		18	host=''${arg#*@}
		19	exec {fdnum}< <(${final.gnome.libsecret}/bin/secret-tool lookup service sshpass host "''${host}" user "''${user}")
		20	cmd+=(${final.sshpass}/bin/sshpass -d ''${fdnum} -P "''${user}@''${host}'s password:")
		21	done
		22
		23	cmd+=($@)
		24	exec -a ''${cmd[1]} -- $cmd
		25	'';
		26	}