1 files changed, 157 insertions, 80 deletions
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index cefcf4ea..90cccc58 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
  cfg = config.home-manager.users.${userName};
  autossh-socks-script = pkgs.writeScript "autossh" ''
-    #!${pkgs.zsh}/bin/zsh -xe
+    #!${lib.getExe pkgs.zsh} -xe
    host="''${1%:*}"
    port="''${1#*:}"
@@ -15,31 +15,29 @@ let
    cmd=()
    if [[ -n "''${SSHPASS_SECRET}" ]]; then
-      cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
+      cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
      cmd+=("''${(@s/:/)SSHPASS_SECRET}")
      cmd+=(--)
    fi
-    cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")
+    cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
    ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
    pid=$!
    newpid=""
    i=200
-    while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
+    while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
      if ! kill -0 "''${pid}"; then
        wait "''${pid}"
        exit $?
      fi
      [[ "''${i}" -gt 0 ]] || exit 1
      i=$((''${i} - 1))
-      ${pkgs.coreutils}/bin/sleep 0.1
+      ${lib.getExe' pkgs.coreutils "sleep"} 0.1
    done
-    ${config.systemd.package}/bin/systemd-notify --ready
+    ${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
-    wait "''${pid}" "''${newpid}"
  '';
 in {
  tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
  ];
  services = {
-    sync-keepass = {
+    "sync-keepass@" = {
      Service = {
        Type = "oneshot";
        WorkingDirectory = "~";
-        ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {
+        ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
          libraries = with pkgs.python3Packages; [ python-dateutil ];
        } ''
          import json
@@ -61,13 +59,13 @@ in {
          from datetime import datetime
          from dateutil.tz import tzlocal
          from dateutil.parser import isoparse
-          from sys import stderr
+          from sys import stderr, argv
-          remote_fs = 'surtr'
+          remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
-          remote_file = 'store.kdbx'
+          remote_file = argv[1]
-          target_file = expanduser('~/store.kdbx')
+          target_file = expanduser(f'~/{argv[1]}')
-          meta_file = expanduser('~/.store.kdbx.json')
+          meta_file = expanduser(f'~/.{argv[1]}.json')
          upload_time = None
          our_last_upload_time = None
@@ -117,13 +115,14 @@ in {
              do_upload()
          elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time):  # noqa: E501
              do_download()
-        '');
+        ''} \"%I\"";
        Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
      };
    };
    emacs = {
      Unit = {
-        After = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
+        BindsTo = [ "graphical-session.target" ];
      };
    };
    keepassxc = {
@@ -135,8 +134,8 @@ in {
        Environment = [ "QT_QPA_PLATFORM=wayland" ];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        BindsTo = [ "graphical-session.target" ];
      };
    };
    mpris-proxy = {
@@ -145,7 +144,7 @@ in {
      Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
      Install.WantedBy = [ "default.target" ];
    };
-    "autossh-socks@proxy.mathw0h:8119" = {
+    "autossh-socks@proxy.ssh.math.lmu.de:8119" = {
      Service = {
        Type = "notify";
        NotifyAccess = "all";
@@ -153,7 +152,7 @@ in {
        Restart = "always";
        RestartSec = "23s";
        ExecStart = "${autossh-socks-script} \"%I\"";
-        Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
+        Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
      };
      Unit = {
        StopWhenUnneeded = true;
@@ -174,6 +173,38 @@ in {
        StopWhenUnneeded = true;
      };
    };
+    "autossh-socks@proxy.mathw0h:8123" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
+      };
+    };
+    "autossh-socks@proxy.mathw0e:8125" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
+      };
+    };
    swayidle = {
      Service = {
        RuntimeDirectory = "swayidle";
@@ -184,8 +215,8 @@ in {
        WantedBy = ["graphical-session.target"];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        PartOf = [ "graphical-session.target" ];
      };
      Service = {
        ExecStart = lib.getExe pkgs.psi-notify;
@@ -198,6 +229,7 @@ in {
    gtklock = {
      Unit = {
        Requisite = ["graphical-session.target"];
+        After = [ "graphical-session.target" ];
        PartOf = ["graphical-session.target"];
      };
      Service = {
@@ -205,53 +237,55 @@ in {
        RuntimeDirectory = "gtklock";
        CacheDirectory = "gtklock";
        ExecStartPre = [
-          "${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
+          "-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
-          "${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"
+          "-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
-          (pkgs.writeShellScript "generate-css" ''
+          "-${lib.getExe pkgs.playerctl} -a pause"
-            set -x
+          "-${lib.getExe (pkgs.writeShellApplication {
-            export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"
+            name = "generate-css";
+            runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
+            text = ''
+              declare -A monitors
+              monitors=()
+              while IFS= read -r entry; do
+                  path=$(jq -r ".path" <<<"$entry")
+                  [[ -z "$path" || ! -f "$path" ]] && continue
+                  blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
+                  monitor=$(jq -r ".display" <<<"$entry")
+                  if [[ ! -f "$blurred_path" ]]; then
+                      mkdir -p "$(dirname "$blurred_path")"
+                      magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
+                  fi
+                  monitors+=([$monitor]="$blurred_path")
+              done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+              # wait
-            declare -A monitors
+              cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
-            monitors=()
+                #window-box {
-            while IFS= read -r entry; do
+                  padding: 64px;
-                path=$(jq -r ".path" <<<"$entry")
+                  /* border: 1px solid black; */
-                [[ -z "$path" || ! -f "$path" ]] && continue
+                  border-radius: 4px;
-                blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
+                  box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
-                monitor=$(jq -r ".display" <<<"$entry")
+                  /* background-color: white; */
-                if [[ ! -f "$blurred_path" ]]; then
+                  background-color: rgba(0, 0, 0, 0.5);
-                    mkdir -p "$(dirname "$blurred_path")"
+                }
-                    magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
+              ''} "$RUNTIME_DIRECTORY"/style.css
-                fi
+              for monitor in "''${!monitors[@]}"; do
-                monitors+=([$monitor]="$blurred_path")
+              cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
-            done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+              window#''${monitor} {
-            wait
+                background-image: url("''${monitors[$monitor]}");
+                background-repeat: no-repeat;
-            cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
+                background-size: 100% 100%;
-              #window-box {
+                background-origin: content-box;
-                padding: 64px;
-                /* border: 1px solid black; */
-                border-radius: 4px;
-                box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
-                /* background-color: white; */
-                background-color: rgba(0, 0, 0, 0.5);
              }
-            ''} "$RUNTIME_DIRECTORY"/style.css
+              EOF
-            for monitor in "''${!monitors[@]}"; do
+              done
-            cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
+            '';
-            window#''${monitor} {
+          })}"
-              background-image: url("''${monitors[$monitor]}");
-              background-repeat: no-repeat;
-              background-size: 100% 100%;
-              background-origin: content-box;
-            }
-            EOF
-            done
-          '')
        ];
        NotifyAccess = "all";
        ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
-          ${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off
+          ${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
-          ${config.systemd.package}/bin/systemd-notify --ready
+          ${lib.getExe' config.systemd.package "systemd-notify"} --ready
        ''}'';
      };
    };
@@ -299,30 +333,60 @@ in {
        ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
      };
    };
-    wpaperd = {
+    # wpaperd = {
-      Install = {
+    #   Install = {
-        WantedBy = ["graphical-session.target"];
+    #     WantedBy = ["graphical-session.target"];
+    #   };
+    #   Unit = {
+    #     After = [ "graphical-session.target" ];
+    #     PartOf = [ "graphical-session.target" ];
+    #   };
+    #   Service = {
+    #     ExecStart = lib.getExe cfg.services.wpaperd.package;
+    #     Type = "simple";
+    #     Restart = "always";
+    #     RestartSec = "2s";
+    #   };
+    # };
+    xembed-sni-proxy = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+        BindsTo = ["xwayland-satellite.service"];
+        After = ["xwayland-satellite.service"];
      };
+    };
+    poweralertd = {
      Unit = {
-        BindsTo = ["graphical-session-pre.target"];
+        After = ["graphical-session.target"];
-        After = ["graphical-session-pre.target"];
      };
-      Service = {
+    };
-        ExecStart = lib.getExe cfg.programs.wpaperd.package;
+    network-manager-applet = {
-        Type = "simple";
+      Unit = {
-        Restart = "always";
+        PartOf = lib.mkForce ["tray.target"];
-        RestartSec = "2s";
+      };
+    };
+    udiskie = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+    };
+    blueman-applet = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+      Install = {
+        WantedBy = lib.mkForce ["tray.target"];
      };
    };
  } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
      Unit = {
-        Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
+        BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
        After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
      };
      Service = {
-        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";
+        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
      };
-  }) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);
+  }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
  sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
    Socket = {
      ListenStream = "%I";
@@ -330,7 +394,7 @@ in {
    Install = {
      WantedBy = ["default.target"];
    };
-  }) [8118 8120]) // {
+  }) [8118 8120 8122 8124]) // {
    "yt-dlp" = {
      Socket = {
        SocketMode = "0600";
@@ -344,7 +408,7 @@ in {
    };
  };
  timers = {
-    sync-keepass = {
+    "sync-keepass@store.kdbx" = {
      Timer = {
        OnActiveSec = "1m";
        OnUnitActiveSec = "1m";
@@ -354,6 +418,16 @@ in {
        WantedBy = ["default.target"];
      };
    };
+    "sync-keepass@rz.kdbx" = {
+      Timer = {
+        OnActiveSec = "1d";
+        OnUnitActiveSec = "1d";
+      };
+      Install = {
+        WantedBy = ["default.target"];
+      };
+    };
  };
  targets = {
    graphical-session = {
@@ -364,6 +438,9 @@ in {
    };
    tray = {
      Unit = {
+        PartOf = [ "graphical-session.target" ];
+        Requires = [ "waybar.service" ];
+        After = [ "graphical-session.target" "waybar.service" ];
        Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
      };
    };

diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index cefcf4ea..90cccc58 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
6	cfg = config.home-manager.users.${userName};	6	cfg = config.home-manager.users.${userName};
7		7
8	autossh-socks-script = pkgs.writeScript "autossh" ''	8	autossh-socks-script = pkgs.writeScript "autossh" ''
9	#!${pkgs.zsh}/bin/zsh -xe	9	#!${lib.getExe pkgs.zsh} -xe
10		10
11	host="''${1%:*}"	11	host="''${1%:*}"
12	port="''${1#*:}"	12	port="''${1#*:}"
@@ -15,31 +15,29 @@ let
15	cmd=()	15	cmd=()
16		16
17	if [[ -n "''${SSHPASS_SECRET}" ]]; then	17	if [[ -n "''${SSHPASS_SECRET}" ]]; then
18	cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)	18	cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")	19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")
20	cmd+=(--)	20	cmd+=(--)
21	fi	21	fi
22		22
23	cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")	23	cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
24		24
25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &	25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &
26	pid=$!	26	pid=$!
27		27
28	newpid=""	28	newpid=""
29	i=200	29	i=200
30	while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do	30	while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
31	if ! kill -0 "''${pid}"; then	31	if ! kill -0 "''${pid}"; then
32	wait "''${pid}"	32	wait "''${pid}"
33	exit $?	33	exit $?
34	fi	34	fi
35	[[ "''${i}" -gt 0 ]] \|\| exit 1	35	[[ "''${i}" -gt 0 ]] \|\| exit 1
36	i=$((''${i} - 1))	36	i=$((''${i} - 1))
37	${pkgs.coreutils}/bin/sleep 0.1	37	${lib.getExe' pkgs.coreutils "sleep"} 0.1
38	done	38	done
39		39
40	${config.systemd.package}/bin/systemd-notify --ready	40	${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
41
42	wait "''${pid}" "''${newpid}"
43	'';	41	'';
44	in {	42	in {
45	tmpfiles.rules = [	43	tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
48	];	46	];
49		47
50	services = {	48	services = {
51	sync-keepass = {	49	"sync-keepass@" = {
52	Service = {	50	Service = {
53	Type = "oneshot";	51	Type = "oneshot";
54	WorkingDirectory = "~";	52	WorkingDirectory = "~";
55	ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {	53	ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
56	libraries = with pkgs.python3Packages; [ python-dateutil ];	54	libraries = with pkgs.python3Packages; [ python-dateutil ];
57	} ''	55	} ''
58	import json	56	import json
@@ -61,13 +59,13 @@ in {
61	from datetime import datetime	59	from datetime import datetime
62	from dateutil.tz import tzlocal	60	from dateutil.tz import tzlocal
63	from dateutil.parser import isoparse	61	from dateutil.parser import isoparse
64	from sys import stderr	62	from sys import stderr, argv
65		63
66		64
67	remote_fs = 'surtr'	65	remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
68	remote_file = 'store.kdbx'	66	remote_file = argv[1]
69	target_file = expanduser('~/store.kdbx')	67	target_file = expanduser(f'~/{argv[1]}')
70	meta_file = expanduser('~/.store.kdbx.json')	68	meta_file = expanduser(f'~/.{argv[1]}.json')
71		69
72	upload_time = None	70	upload_time = None
73	our_last_upload_time = None	71	our_last_upload_time = None
@@ -117,13 +115,14 @@ in {
117	do_upload()	115	do_upload()
118	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501	116	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501
119	do_download()	117	do_download()
120	'');	118	''} \"%I\"";
121	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];	119	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
122	};	120	};
123	};	121	};
124	emacs = {	122	emacs = {
125	Unit = {	123	Unit = {
126	After = ["graphical-session-pre.target"];	124	After = [ "graphical-session.target" ];
		125	BindsTo = [ "graphical-session.target" ];
127	};	126	};
128	};	127	};
129	keepassxc = {	128	keepassxc = {
@@ -135,8 +134,8 @@ in {
135	Environment = [ "QT_QPA_PLATFORM=wayland" ];	134	Environment = [ "QT_QPA_PLATFORM=wayland" ];
136	};	135	};
137	Unit = {	136	Unit = {
138	Requires = ["graphical-session-pre.target"];	137	After = [ "graphical-session.target" ];
139	After = ["graphical-session-pre.target"];	138	BindsTo = [ "graphical-session.target" ];
140	};	139	};
141	};	140	};
142	mpris-proxy = {	141	mpris-proxy = {
@@ -145,7 +144,7 @@ in {
145	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";	144	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
146	Install.WantedBy = [ "default.target" ];	145	Install.WantedBy = [ "default.target" ];
147	};	146	};
148	"autossh-socks@proxy.mathw0h:8119" = {	147	"autossh-socks@proxy.ssh.math.lmu.de:8119" = {
149	Service = {	148	Service = {
150	Type = "notify";	149	Type = "notify";
151	NotifyAccess = "all";	150	NotifyAccess = "all";
@@ -153,7 +152,7 @@ in {
153	Restart = "always";	152	Restart = "always";
154	RestartSec = "23s";	153	RestartSec = "23s";
155	ExecStart = "${autossh-socks-script} \"%I\"";	154	ExecStart = "${autossh-socks-script} \"%I\"";
156	Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];	155	Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
157	};	156	};
158	Unit = {	157	Unit = {
159	StopWhenUnneeded = true;	158	StopWhenUnneeded = true;
@@ -174,6 +173,38 @@ in {
174	StopWhenUnneeded = true;	173	StopWhenUnneeded = true;
175	};	174	};
176	};	175	};
		176	"autossh-socks@proxy.mathw0h:8123" = {
		177	Service = {
		178	Type = "notify";
		179	NotifyAccess = "all";
		180	WorkingDirectory = "~";
		181	Restart = "always";
		182	RestartSec = "23s";
		183	ExecStart = "${autossh-socks-script} \"%I\"";
		184	Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
		185	};
		186	Unit = {
		187	StopWhenUnneeded = true;
		188	StartLimitInterval = "180s";
		189	StartLimitBurst = 7;
		190	};
		191	};
		192	"autossh-socks@proxy.mathw0e:8125" = {
		193	Service = {
		194	Type = "notify";
		195	NotifyAccess = "all";
		196	WorkingDirectory = "~";
		197	Restart = "always";
		198	RestartSec = "23s";
		199	ExecStart = "${autossh-socks-script} \"%I\"";
		200	Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
		201	};
		202	Unit = {
		203	StopWhenUnneeded = true;
		204	StartLimitInterval = "180s";
		205	StartLimitBurst = 7;
		206	};
		207	};
177	swayidle = {	208	swayidle = {
178	Service = {	209	Service = {
179	RuntimeDirectory = "swayidle";	210	RuntimeDirectory = "swayidle";
@@ -184,8 +215,8 @@ in {
184	WantedBy = ["graphical-session.target"];	215	WantedBy = ["graphical-session.target"];
185	};	216	};
186	Unit = {	217	Unit = {
187	Requires = ["graphical-session-pre.target"];	218	After = [ "graphical-session.target" ];
188	After = ["graphical-session-pre.target"];	219	PartOf = [ "graphical-session.target" ];
189	};	220	};
190	Service = {	221	Service = {
191	ExecStart = lib.getExe pkgs.psi-notify;	222	ExecStart = lib.getExe pkgs.psi-notify;
@@ -198,6 +229,7 @@ in {
198	gtklock = {	229	gtklock = {
199	Unit = {	230	Unit = {
200	Requisite = ["graphical-session.target"];	231	Requisite = ["graphical-session.target"];
		232	After = [ "graphical-session.target" ];
201	PartOf = ["graphical-session.target"];	233	PartOf = ["graphical-session.target"];
202	};	234	};
203	Service = {	235	Service = {
@@ -205,53 +237,55 @@ in {
205	RuntimeDirectory = "gtklock";	237	RuntimeDirectory = "gtklock";
206	CacheDirectory = "gtklock";	238	CacheDirectory = "gtklock";
207	ExecStartPre = [	239	ExecStartPre = [
208	"${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"	240	"-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
209	"${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"	241	"-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
210	(pkgs.writeShellScript "generate-css" ''	242	"-${lib.getExe pkgs.playerctl} -a pause"
211	set -x	243	"-${lib.getExe (pkgs.writeShellApplication {
212	export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"	244	name = "generate-css";
		245	runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
		246	text = ''
		247	declare -A monitors
		248	monitors=()
		249	while IFS= read -r entry; do
		250	path=$(jq -r ".path" <<<"$entry")
		251	[[ -z "$path" \|\| ! -f "$path" ]] && continue
		252	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"
		253	monitor=$(jq -r ".display" <<<"$entry")
		254	if [[ ! -f "$blurred_path" ]]; then
		255	mkdir -p "$(dirname "$blurred_path")"
		256	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
		257	fi
		258	monitors+=([$monitor]="$blurred_path")
		259	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")
		260	# wait
213		261
214	declare -A monitors	262	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
215	monitors=()	263	#window-box {
216	while IFS= read -r entry; do	264	padding: 64px;
217	path=$(jq -r ".path" <<<"$entry")	265	/* border: 1px solid black; */
218	[[ -z "$path" \|\| ! -f "$path" ]] && continue	266	border-radius: 4px;
219	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"	267	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
220	monitor=$(jq -r ".display" <<<"$entry")	268	/* background-color: white; */
221	if [[ ! -f "$blurred_path" ]]; then	269	background-color: rgba(0, 0, 0, 0.5);
222	mkdir -p "$(dirname "$blurred_path")"	270	}
223	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &	271	''} "$RUNTIME_DIRECTORY"/style.css
224	fi	272	for monitor in "''${!monitors[@]}"; do
225	monitors+=([$monitor]="$blurred_path")	273	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
226	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")	274	window#''${monitor} {
227	wait	275	background-image: url("''${monitors[$monitor]}");
228		276	background-repeat: no-repeat;
229	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''	277	background-size: 100% 100%;
230	#window-box {	278	background-origin: content-box;
231	padding: 64px;
232	/* border: 1px solid black; */
233	border-radius: 4px;
234	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
235	/* background-color: white; */
236	background-color: rgba(0, 0, 0, 0.5);
237	}	279	}
238	''} "$RUNTIME_DIRECTORY"/style.css	280	EOF
239	for monitor in "''${!monitors[@]}"; do	281	done
240	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF	282	'';
241	window#''${monitor} {	283	})}"
242	background-image: url("''${monitors[$monitor]}");
243	background-repeat: no-repeat;
244	background-size: 100% 100%;
245	background-origin: content-box;
246	}
247	EOF
248	done
249	'')
250	];	284	];
251	NotifyAccess = "all";	285	NotifyAccess = "all";
252	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''	286	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
253	${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off	287	${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
254	${config.systemd.package}/bin/systemd-notify --ready	288	${lib.getExe' config.systemd.package "systemd-notify"} --ready
255	''}'';	289	''}'';
256	};	290	};
257	};	291	};
@@ -299,30 +333,60 @@ in {
299	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";	333	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
300	};	334	};
301	};	335	};
302	wpaperd = {	336	# wpaperd = {
303	Install = {	337	# Install = {
304	WantedBy = ["graphical-session.target"];	338	# WantedBy = ["graphical-session.target"];
		339	# };
		340	# Unit = {
		341	# After = [ "graphical-session.target" ];
		342	# PartOf = [ "graphical-session.target" ];
		343	# };
		344	# Service = {
		345	# ExecStart = lib.getExe cfg.services.wpaperd.package;
		346	# Type = "simple";
		347	# Restart = "always";
		348	# RestartSec = "2s";
		349	# };
		350	# };
		351	xembed-sni-proxy = {
		352	Unit = {
		353	PartOf = lib.mkForce ["tray.target"];
		354	BindsTo = ["xwayland-satellite.service"];
		355	After = ["xwayland-satellite.service"];
305	};	356	};
		357	};
		358	poweralertd = {
306	Unit = {	359	Unit = {
307	BindsTo = ["graphical-session-pre.target"];	360	After = ["graphical-session.target"];
308	After = ["graphical-session-pre.target"];
309	};	361	};
310	Service = {	362	};
311	ExecStart = lib.getExe cfg.programs.wpaperd.package;	363	network-manager-applet = {
312	Type = "simple";	364	Unit = {
313	Restart = "always";	365	PartOf = lib.mkForce ["tray.target"];
314	RestartSec = "2s";	366	};
		367	};
		368	udiskie = {
		369	Unit = {
		370	PartOf = lib.mkForce ["tray.target"];
		371	};
		372	};
		373	blueman-applet = {
		374	Unit = {
		375	PartOf = lib.mkForce ["tray.target"];
		376	};
		377	Install = {
		378	WantedBy = lib.mkForce ["tray.target"];
315	};	379	};
316	};	380	};
317	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {	381	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
318	Unit = {	382	Unit = {
319	Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	383	BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
320	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	384	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
321	};	385	};
322	Service = {	386	Service = {
323	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";	387	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
324	};	388	};
325	}) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);	389	}) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
326	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {	390	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
327	Socket = {	391	Socket = {
328	ListenStream = "%I";	392	ListenStream = "%I";
@@ -330,7 +394,7 @@ in {
330	Install = {	394	Install = {
331	WantedBy = ["default.target"];	395	WantedBy = ["default.target"];
332	};	396	};
333	}) [8118 8120]) // {	397	}) [8118 8120 8122 8124]) // {
334	"yt-dlp" = {	398	"yt-dlp" = {
335	Socket = {	399	Socket = {
336	SocketMode = "0600";	400	SocketMode = "0600";
@@ -344,7 +408,7 @@ in {
344	};	408	};
345	};	409	};
346	timers = {	410	timers = {
347	sync-keepass = {	411	"sync-keepass@store.kdbx" = {
348	Timer = {	412	Timer = {
349	OnActiveSec = "1m";	413	OnActiveSec = "1m";
350	OnUnitActiveSec = "1m";	414	OnUnitActiveSec = "1m";
@@ -354,6 +418,16 @@ in {
354	WantedBy = ["default.target"];	418	WantedBy = ["default.target"];
355	};	419	};
356	};	420	};
		421	"sync-keepass@rz.kdbx" = {
		422	Timer = {
		423	OnActiveSec = "1d";
		424	OnUnitActiveSec = "1d";
		425	};
		426
		427	Install = {
		428	WantedBy = ["default.target"];
		429	};
		430	};
357	};	431	};
358	targets = {	432	targets = {
359	graphical-session = {	433	graphical-session = {
@@ -364,6 +438,9 @@ in {
364	};	438	};
365	tray = {	439	tray = {
366	Unit = {	440	Unit = {
		441	PartOf = [ "graphical-session.target" ];
		442	Requires = [ "waybar.service" ];
		443	After = [ "graphical-session.target" "waybar.service" ];
367	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];	444	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
368	};	445	};
369	};	446	};