summaryrefslogtreecommitdiff
path: root/accounts/gkleen@sif/systemd.nix
diff options
context:
space:
mode:
Diffstat (limited to 'accounts/gkleen@sif/systemd.nix')
-rw-r--r--accounts/gkleen@sif/systemd.nix118
1 files changed, 79 insertions, 39 deletions
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index a89b46c2..90cccc58 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
6 cfg = config.home-manager.users.${userName}; 6 cfg = config.home-manager.users.${userName};
7 7
8 autossh-socks-script = pkgs.writeScript "autossh" '' 8 autossh-socks-script = pkgs.writeScript "autossh" ''
9 #!${pkgs.zsh}/bin/zsh -xe 9 #!${lib.getExe pkgs.zsh} -xe
10 10
11 host="''${1%:*}" 11 host="''${1%:*}"
12 port="''${1#*:}" 12 port="''${1#*:}"
@@ -15,31 +15,29 @@ let
15 cmd=() 15 cmd=()
16 16
17 if [[ -n "''${SSHPASS_SECRET}" ]]; then 17 if [[ -n "''${SSHPASS_SECRET}" ]]; then
18 cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret) 18 cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
19 cmd+=("''${(@s/:/)SSHPASS_SECRET}") 19 cmd+=("''${(@s/:/)SSHPASS_SECRET}")
20 cmd+=(--) 20 cmd+=(--)
21 fi 21 fi
22 22
23 cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}") 23 cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
24 24
25 ( exec -a "''${cmd[1]}" -- ''${cmd} ) & 25 ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
26 pid=$! 26 pid=$!
27 27
28 newpid="" 28 newpid=""
29 i=200 29 i=200
30 while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do 30 while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
31 if ! kill -0 "''${pid}"; then 31 if ! kill -0 "''${pid}"; then
32 wait "''${pid}" 32 wait "''${pid}"
33 exit $? 33 exit $?
34 fi 34 fi
35 [[ "''${i}" -gt 0 ]] || exit 1 35 [[ "''${i}" -gt 0 ]] || exit 1
36 i=$((''${i} - 1)) 36 i=$((''${i} - 1))
37 ${pkgs.coreutils}/bin/sleep 0.1 37 ${lib.getExe' pkgs.coreutils "sleep"} 0.1
38 done 38 done
39 39
40 ${config.systemd.package}/bin/systemd-notify --ready 40 ${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
41
42 wait "''${pid}" "''${newpid}"
43 ''; 41 '';
44in { 42in {
45 tmpfiles.rules = [ 43 tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
48 ]; 46 ];
49 47
50 services = { 48 services = {
51 sync-keepass = { 49 "sync-keepass@" = {
52 Service = { 50 Service = {
53 Type = "oneshot"; 51 Type = "oneshot";
54 WorkingDirectory = "~"; 52 WorkingDirectory = "~";
55 ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" { 53 ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
56 libraries = with pkgs.python3Packages; [ python-dateutil ]; 54 libraries = with pkgs.python3Packages; [ python-dateutil ];
57 } '' 55 } ''
58 import json 56 import json
@@ -61,13 +59,13 @@ in {
61 from datetime import datetime 59 from datetime import datetime
62 from dateutil.tz import tzlocal 60 from dateutil.tz import tzlocal
63 from dateutil.parser import isoparse 61 from dateutil.parser import isoparse
64 from sys import stderr 62 from sys import stderr, argv
65 63
66 64
67 remote_fs = 'surtr' 65 remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
68 remote_file = 'store.kdbx' 66 remote_file = argv[1]
69 target_file = expanduser('~/store.kdbx') 67 target_file = expanduser(f'~/{argv[1]}')
70 meta_file = expanduser('~/.store.kdbx.json') 68 meta_file = expanduser(f'~/.{argv[1]}.json')
71 69
72 upload_time = None 70 upload_time = None
73 our_last_upload_time = None 71 our_last_upload_time = None
@@ -117,7 +115,7 @@ in {
117 do_upload() 115 do_upload()
118 elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501 116 elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501
119 do_download() 117 do_download()
120 ''); 118 ''} \"%I\"";
121 Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ]; 119 Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
122 }; 120 };
123 }; 121 };
@@ -146,7 +144,7 @@ in {
146 Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy"; 144 Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
147 Install.WantedBy = [ "default.target" ]; 145 Install.WantedBy = [ "default.target" ];
148 }; 146 };
149 "autossh-socks@proxy.mathw0h:8119" = { 147 "autossh-socks@proxy.ssh.math.lmu.de:8119" = {
150 Service = { 148 Service = {
151 Type = "notify"; 149 Type = "notify";
152 NotifyAccess = "all"; 150 NotifyAccess = "all";
@@ -154,7 +152,7 @@ in {
154 Restart = "always"; 152 Restart = "always";
155 RestartSec = "23s"; 153 RestartSec = "23s";
156 ExecStart = "${autossh-socks-script} \"%I\""; 154 ExecStart = "${autossh-socks-script} \"%I\"";
157 Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ]; 155 Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
158 }; 156 };
159 Unit = { 157 Unit = {
160 StopWhenUnneeded = true; 158 StopWhenUnneeded = true;
@@ -175,6 +173,38 @@ in {
175 StopWhenUnneeded = true; 173 StopWhenUnneeded = true;
176 }; 174 };
177 }; 175 };
176 "autossh-socks@proxy.mathw0h:8123" = {
177 Service = {
178 Type = "notify";
179 NotifyAccess = "all";
180 WorkingDirectory = "~";
181 Restart = "always";
182 RestartSec = "23s";
183 ExecStart = "${autossh-socks-script} \"%I\"";
184 Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
185 };
186 Unit = {
187 StopWhenUnneeded = true;
188 StartLimitInterval = "180s";
189 StartLimitBurst = 7;
190 };
191 };
192 "autossh-socks@proxy.mathw0e:8125" = {
193 Service = {
194 Type = "notify";
195 NotifyAccess = "all";
196 WorkingDirectory = "~";
197 Restart = "always";
198 RestartSec = "23s";
199 ExecStart = "${autossh-socks-script} \"%I\"";
200 Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
201 };
202 Unit = {
203 StopWhenUnneeded = true;
204 StartLimitInterval = "180s";
205 StartLimitBurst = 7;
206 };
207 };
178 swayidle = { 208 swayidle = {
179 Service = { 209 Service = {
180 RuntimeDirectory = "swayidle"; 210 RuntimeDirectory = "swayidle";
@@ -212,7 +242,7 @@ in {
212 "-${lib.getExe pkgs.playerctl} -a pause" 242 "-${lib.getExe pkgs.playerctl} -a pause"
213 "-${lib.getExe (pkgs.writeShellApplication { 243 "-${lib.getExe (pkgs.writeShellApplication {
214 name = "generate-css"; 244 name = "generate-css";
215 runtimeInputs = with pkgs; [cfg.programs.wpaperd.package jq coreutils imagemagick findutils]; 245 runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
216 text = '' 246 text = ''
217 declare -A monitors 247 declare -A monitors
218 monitors=() 248 monitors=()
@@ -303,21 +333,21 @@ in {
303 ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\""; 333 ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
304 }; 334 };
305 }; 335 };
306 wpaperd = { 336 # wpaperd = {
307 Install = { 337 # Install = {
308 WantedBy = ["graphical-session.target"]; 338 # WantedBy = ["graphical-session.target"];
309 }; 339 # };
310 Unit = { 340 # Unit = {
311 After = [ "graphical-session.target" ]; 341 # After = [ "graphical-session.target" ];
312 PartOf = [ "graphical-session.target" ]; 342 # PartOf = [ "graphical-session.target" ];
313 }; 343 # };
314 Service = { 344 # Service = {
315 ExecStart = lib.getExe cfg.programs.wpaperd.package; 345 # ExecStart = lib.getExe cfg.services.wpaperd.package;
316 Type = "simple"; 346 # Type = "simple";
317 Restart = "always"; 347 # Restart = "always";
318 RestartSec = "2s"; 348 # RestartSec = "2s";
319 }; 349 # };
320 }; 350 # };
321 xembed-sni-proxy = { 351 xembed-sni-proxy = {
322 Unit = { 352 Unit = {
323 PartOf = lib.mkForce ["tray.target"]; 353 PartOf = lib.mkForce ["tray.target"];
@@ -350,13 +380,13 @@ in {
350 }; 380 };
351 } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" { 381 } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
352 Unit = { 382 Unit = {
353 Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"]; 383 BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
354 After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"]; 384 After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
355 }; 385 };
356 Service = { 386 Service = {
357 ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}"; 387 ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
358 }; 388 };
359 }) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]); 389 }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
360 sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" { 390 sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
361 Socket = { 391 Socket = {
362 ListenStream = "%I"; 392 ListenStream = "%I";
@@ -364,7 +394,7 @@ in {
364 Install = { 394 Install = {
365 WantedBy = ["default.target"]; 395 WantedBy = ["default.target"];
366 }; 396 };
367 }) [8118 8120]) // { 397 }) [8118 8120 8122 8124]) // {
368 "yt-dlp" = { 398 "yt-dlp" = {
369 Socket = { 399 Socket = {
370 SocketMode = "0600"; 400 SocketMode = "0600";
@@ -378,7 +408,7 @@ in {
378 }; 408 };
379 }; 409 };
380 timers = { 410 timers = {
381 sync-keepass = { 411 "sync-keepass@store.kdbx" = {
382 Timer = { 412 Timer = {
383 OnActiveSec = "1m"; 413 OnActiveSec = "1m";
384 OnUnitActiveSec = "1m"; 414 OnUnitActiveSec = "1m";
@@ -388,6 +418,16 @@ in {
388 WantedBy = ["default.target"]; 418 WantedBy = ["default.target"];
389 }; 419 };
390 }; 420 };
421 "sync-keepass@rz.kdbx" = {
422 Timer = {
423 OnActiveSec = "1d";
424 OnUnitActiveSec = "1d";
425 };
426
427 Install = {
428 WantedBy = ["default.target"];
429 };
430 };
391 }; 431 };
392 targets = { 432 targets = {
393 graphical-session = { 433 graphical-session = {
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-03 08:18:39 +0000