1 files changed, 159 insertions, 80 deletions
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index cefcf4ea..18c2315f 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
  cfg = config.home-manager.users.${userName};
  autossh-socks-script = pkgs.writeScript "autossh" ''
-    #!${pkgs.zsh}/bin/zsh -xe
+    #!${lib.getExe pkgs.zsh} -xe
    host="''${1%:*}"
    port="''${1#*:}"
@@ -15,31 +15,29 @@ let
    cmd=()
    if [[ -n "''${SSHPASS_SECRET}" ]]; then
-      cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
+      cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
      cmd+=("''${(@s/:/)SSHPASS_SECRET}")
      cmd+=(--)
    fi
-    cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")
+    cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
    ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
    pid=$!
    newpid=""
    i=200
-    while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
+    while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
      if ! kill -0 "''${pid}"; then
        wait "''${pid}"
        exit $?
      fi
      [[ "''${i}" -gt 0 ]] || exit 1
      i=$((''${i} - 1))
-      ${pkgs.coreutils}/bin/sleep 0.1
+      ${lib.getExe' pkgs.coreutils "sleep"} 0.1
    done
-    ${config.systemd.package}/bin/systemd-notify --ready
+    ${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
-    wait "''${pid}" "''${newpid}"
  '';
 in {
  tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
  ];
  services = {
-    sync-keepass = {
+    "sync-keepass@" = {
      Service = {
        Type = "oneshot";
        WorkingDirectory = "~";
-        ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {
+        ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
          libraries = with pkgs.python3Packages; [ python-dateutil ];
        } ''
          import json
@@ -61,13 +59,13 @@ in {
          from datetime import datetime
          from dateutil.tz import tzlocal
          from dateutil.parser import isoparse
-          from sys import stderr
+          from sys import stderr, argv
-          remote_fs = 'surtr'
+          remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
-          remote_file = 'store.kdbx'
+          remote_file = argv[1]
-          target_file = expanduser('~/store.kdbx')
+          target_file = expanduser(f'~/{argv[1]}')
-          meta_file = expanduser('~/.store.kdbx.json')
+          meta_file = expanduser(f'~/.{argv[1]}.json')
          upload_time = None
          our_last_upload_time = None
@@ -117,13 +115,14 @@ in {
              do_upload()
          elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time):  # noqa: E501
              do_download()
-        '');
+        ''} \"%I\"";
        Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
      };
    };
    emacs = {
      Unit = {
-        After = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
+        BindsTo = [ "graphical-session.target" ];
      };
    };
    keepassxc = {
@@ -135,8 +134,8 @@ in {
        Environment = [ "QT_QPA_PLATFORM=wayland" ];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        BindsTo = [ "graphical-session.target" ];
      };
    };
    mpris-proxy = {
@@ -145,7 +144,7 @@ in {
      Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
      Install.WantedBy = [ "default.target" ];
    };
-    "autossh-socks@proxy.mathw0h:8119" = {
+    "autossh-socks@proxy.ssh.math.lmu.de:8119" = {
      Service = {
        Type = "notify";
        NotifyAccess = "all";
@@ -153,7 +152,7 @@ in {
        Restart = "always";
        RestartSec = "23s";
        ExecStart = "${autossh-socks-script} \"%I\"";
-        Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
+        Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
      };
      Unit = {
        StopWhenUnneeded = true;
@@ -174,6 +173,38 @@ in {
        StopWhenUnneeded = true;
      };
    };
+    "autossh-socks@proxy.mathw0h:8123" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
+      };
+    };
+    "autossh-socks@proxy.mathw0e:8125" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
+      };
+    };
    swayidle = {
      Service = {
        RuntimeDirectory = "swayidle";
@@ -184,8 +215,8 @@ in {
        WantedBy = ["graphical-session.target"];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        PartOf = [ "graphical-session.target" ];
      };
      Service = {
        ExecStart = lib.getExe pkgs.psi-notify;
@@ -198,6 +229,7 @@ in {
    gtklock = {
      Unit = {
        Requisite = ["graphical-session.target"];
+        After = [ "graphical-session.target" ];
        PartOf = ["graphical-session.target"];
      };
      Service = {
@@ -205,53 +237,55 @@ in {
        RuntimeDirectory = "gtklock";
        CacheDirectory = "gtklock";
        ExecStartPre = [
-          "${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
+          "-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
-          "${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"
+          "-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
-          (pkgs.writeShellScript "generate-css" ''
+          "-${lib.getExe pkgs.playerctl} -a pause"
-            set -x
+          "-${lib.getExe (pkgs.writeShellApplication {
-            export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"
+            name = "generate-css";
+            runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
-            declare -A monitors
+            text = ''
-            monitors=()
+              declare -A monitors
-            while IFS= read -r entry; do
+              monitors=()
-                path=$(jq -r ".path" <<<"$entry")
+              while IFS= read -r entry; do
-                [[ -z "$path" || ! -f "$path" ]] && continue
+                  path=$(jq -r ".path" <<<"$entry")
-                blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
+                  [[ -z "$path" || ! -f "$path" ]] && continue
-                monitor=$(jq -r ".display" <<<"$entry")
+                  blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
-                if [[ ! -f "$blurred_path" ]]; then
+                  monitor=$(jq -r ".display" <<<"$entry")
-                    mkdir -p "$(dirname "$blurred_path")"
+                  if [[ ! -f "$blurred_path" ]]; then
-                    magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
+                      mkdir -p "$(dirname "$blurred_path")"
-                fi
+                      magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
-                monitors+=([$monitor]="$blurred_path")
+                  fi
-            done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+                  monitors+=([$monitor]="$blurred_path")
-            wait
+              done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+              # wait
-            cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
+              cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
-              #window-box {
+                #window-box {
-                padding: 64px;
+                  padding: 64px;
-                /* border: 1px solid black; */
+                  /* border: 1px solid black; */
-                border-radius: 4px;
+                  border-radius: 4px;
-                box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
+                  box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
-                /* background-color: white; */
+                  /* background-color: white; */
-                background-color: rgba(0, 0, 0, 0.5);
+                  background-color: rgba(0, 0, 0, 0.5);
+                }
+              ''} "$RUNTIME_DIRECTORY"/style.css
+              for monitor in "''${!monitors[@]}"; do
+              cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
+              window#''${monitor} {
+                background-image: url("''${monitors[$monitor]}");
+                background-repeat: no-repeat;
+                background-size: 100% 100%;
+                background-origin: content-box;
              }
-            ''} "$RUNTIME_DIRECTORY"/style.css
+              EOF
-            for monitor in "''${!monitors[@]}"; do
+              done
-            cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
+            '';
-            window#''${monitor} {
+          })}"
-              background-image: url("''${monitors[$monitor]}");
-              background-repeat: no-repeat;
-              background-size: 100% 100%;
-              background-origin: content-box;
-            }
-            EOF
-            done
-          '')
        ];
        NotifyAccess = "all";
        ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
-          ${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off
+          ${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
-          ${config.systemd.package}/bin/systemd-notify --ready
+          ${lib.getExe' config.systemd.package "systemd-notify"} --ready
        ''}'';
      };
    };
@@ -299,30 +333,62 @@ in {
        ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
      };
    };
-    wpaperd = {
+    # wpaperd = {
-      Install = {
+    #   Install = {
-        WantedBy = ["graphical-session.target"];
+    #     WantedBy = ["graphical-session.target"];
+    #   };
+    #   Unit = {
+    #     After = [ "graphical-session.target" ];
+    #     PartOf = [ "graphical-session.target" ];
+    #   };
+    #   Service = {
+    #     ExecStart = lib.getExe cfg.services.wpaperd.package;
+    #     Type = "simple";
+    #     Restart = "always";
+    #     RestartSec = "2s";
+    #   };
+    # };
+    xembed-sni-proxy = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+        BindsTo = ["xwayland-satellite.service"];
+        After = ["xwayland-satellite.service"];
      };
+    };
+    poweralertd = {
      Unit = {
-        BindsTo = ["graphical-session-pre.target"];
+        After = ["graphical-session.target"];
-        After = ["graphical-session-pre.target"];
      };
-      Service = {
+    };
-        ExecStart = lib.getExe cfg.programs.wpaperd.package;
+    network-manager-applet = {
-        Type = "simple";
+      Unit = {
-        Restart = "always";
+        PartOf = lib.mkForce ["tray.target"];
-        RestartSec = "2s";
+      };
+    };
+    udiskie = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+    };
+    blueman-applet = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+      Install = {
+        WantedBy = lib.mkForce ["tray.target"];
      };
    };
  } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
      Unit = {
-        Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
+        BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
        After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
      };
      Service = {
-        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";
+        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
+        Restart = "always";
+        RestartSec = "23s";
      };
-  }) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);
+  }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
  sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
    Socket = {
      ListenStream = "%I";
@@ -330,7 +396,7 @@ in {
    Install = {
      WantedBy = ["default.target"];
    };
-  }) [8118 8120]) // {
+  }) [8118 8120 8122 8124]) // {
    "yt-dlp" = {
      Socket = {
        SocketMode = "0600";
@@ -344,7 +410,7 @@ in {
    };
  };
  timers = {
-    sync-keepass = {
+    "sync-keepass@store.kdbx" = {
      Timer = {
        OnActiveSec = "1m";
        OnUnitActiveSec = "1m";
@@ -354,6 +420,16 @@ in {
        WantedBy = ["default.target"];
      };
    };
+    "sync-keepass@rz.kdbx" = {
+      Timer = {
+        OnActiveSec = "1d";
+        OnUnitActiveSec = "1d";
+      };
+      Install = {
+        WantedBy = ["default.target"];
+      };
+    };
  };
  targets = {
    graphical-session = {
@@ -364,6 +440,9 @@ in {
    };
    tray = {
      Unit = {
+        PartOf = [ "graphical-session.target" ];
+        Requires = [ "waybar.service" ];
+        After = [ "graphical-session.target" "waybar.service" ];
        Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
      };
    };

diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index cefcf4ea..18c2315f 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
6	cfg = config.home-manager.users.${userName};	6	cfg = config.home-manager.users.${userName};
7		7
8	autossh-socks-script = pkgs.writeScript "autossh" ''	8	autossh-socks-script = pkgs.writeScript "autossh" ''
9	#!${pkgs.zsh}/bin/zsh -xe	9	#!${lib.getExe pkgs.zsh} -xe
10		10
11	host="''${1%:*}"	11	host="''${1%:*}"
12	port="''${1#*:}"	12	port="''${1#*:}"
@@ -15,31 +15,29 @@ let
15	cmd=()	15	cmd=()
16		16
17	if [[ -n "''${SSHPASS_SECRET}" ]]; then	17	if [[ -n "''${SSHPASS_SECRET}" ]]; then
18	cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)	18	cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")	19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")
20	cmd+=(--)	20	cmd+=(--)
21	fi	21	fi
22		22
23	cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")	23	cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
24		24
25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &	25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &
26	pid=$!	26	pid=$!
27		27
28	newpid=""	28	newpid=""
29	i=200	29	i=200
30	while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do	30	while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
31	if ! kill -0 "''${pid}"; then	31	if ! kill -0 "''${pid}"; then
32	wait "''${pid}"	32	wait "''${pid}"
33	exit $?	33	exit $?
34	fi	34	fi
35	[[ "''${i}" -gt 0 ]] \|\| exit 1	35	[[ "''${i}" -gt 0 ]] \|\| exit 1
36	i=$((''${i} - 1))	36	i=$((''${i} - 1))
37	${pkgs.coreutils}/bin/sleep 0.1	37	${lib.getExe' pkgs.coreutils "sleep"} 0.1
38	done	38	done
39		39
40	${config.systemd.package}/bin/systemd-notify --ready	40	${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
41
42	wait "''${pid}" "''${newpid}"
43	'';	41	'';
44	in {	42	in {
45	tmpfiles.rules = [	43	tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
48	];	46	];
49		47
50	services = {	48	services = {
51	sync-keepass = {	49	"sync-keepass@" = {
52	Service = {	50	Service = {
53	Type = "oneshot";	51	Type = "oneshot";
54	WorkingDirectory = "~";	52	WorkingDirectory = "~";
55	ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {	53	ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
56	libraries = with pkgs.python3Packages; [ python-dateutil ];	54	libraries = with pkgs.python3Packages; [ python-dateutil ];
57	} ''	55	} ''
58	import json	56	import json
@@ -61,13 +59,13 @@ in {
61	from datetime import datetime	59	from datetime import datetime
62	from dateutil.tz import tzlocal	60	from dateutil.tz import tzlocal
63	from dateutil.parser import isoparse	61	from dateutil.parser import isoparse
64	from sys import stderr	62	from sys import stderr, argv
65		63
66		64
67	remote_fs = 'surtr'	65	remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
68	remote_file = 'store.kdbx'	66	remote_file = argv[1]
69	target_file = expanduser('~/store.kdbx')	67	target_file = expanduser(f'~/{argv[1]}')
70	meta_file = expanduser('~/.store.kdbx.json')	68	meta_file = expanduser(f'~/.{argv[1]}.json')
71		69
72	upload_time = None	70	upload_time = None
73	our_last_upload_time = None	71	our_last_upload_time = None
@@ -117,13 +115,14 @@ in {
117	do_upload()	115	do_upload()
118	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501	116	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501
119	do_download()	117	do_download()
120	'');	118	''} \"%I\"";
121	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];	119	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
122	};	120	};
123	};	121	};
124	emacs = {	122	emacs = {
125	Unit = {	123	Unit = {
126	After = ["graphical-session-pre.target"];	124	After = [ "graphical-session.target" ];
		125	BindsTo = [ "graphical-session.target" ];
127	};	126	};
128	};	127	};
129	keepassxc = {	128	keepassxc = {
@@ -135,8 +134,8 @@ in {
135	Environment = [ "QT_QPA_PLATFORM=wayland" ];	134	Environment = [ "QT_QPA_PLATFORM=wayland" ];
136	};	135	};
137	Unit = {	136	Unit = {
138	Requires = ["graphical-session-pre.target"];	137	After = [ "graphical-session.target" ];
139	After = ["graphical-session-pre.target"];	138	BindsTo = [ "graphical-session.target" ];
140	};	139	};
141	};	140	};
142	mpris-proxy = {	141	mpris-proxy = {
@@ -145,7 +144,7 @@ in {
145	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";	144	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
146	Install.WantedBy = [ "default.target" ];	145	Install.WantedBy = [ "default.target" ];
147	};	146	};
148	"autossh-socks@proxy.mathw0h:8119" = {	147	"autossh-socks@proxy.ssh.math.lmu.de:8119" = {
149	Service = {	148	Service = {
150	Type = "notify";	149	Type = "notify";
151	NotifyAccess = "all";	150	NotifyAccess = "all";
@@ -153,7 +152,7 @@ in {
153	Restart = "always";	152	Restart = "always";
154	RestartSec = "23s";	153	RestartSec = "23s";
155	ExecStart = "${autossh-socks-script} \"%I\"";	154	ExecStart = "${autossh-socks-script} \"%I\"";
156	Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];	155	Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
157	};	156	};
158	Unit = {	157	Unit = {
159	StopWhenUnneeded = true;	158	StopWhenUnneeded = true;
@@ -174,6 +173,38 @@ in {
174	StopWhenUnneeded = true;	173	StopWhenUnneeded = true;
175	};	174	};
176	};	175	};
		176	"autossh-socks@proxy.mathw0h:8123" = {
		177	Service = {
		178	Type = "notify";
		179	NotifyAccess = "all";
		180	WorkingDirectory = "~";
		181	Restart = "always";
		182	RestartSec = "23s";
		183	ExecStart = "${autossh-socks-script} \"%I\"";
		184	Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
		185	};
		186	Unit = {
		187	StopWhenUnneeded = true;
		188	StartLimitInterval = "180s";
		189	StartLimitBurst = 7;
		190	};
		191	};
		192	"autossh-socks@proxy.mathw0e:8125" = {
		193	Service = {
		194	Type = "notify";
		195	NotifyAccess = "all";
		196	WorkingDirectory = "~";
		197	Restart = "always";
		198	RestartSec = "23s";
		199	ExecStart = "${autossh-socks-script} \"%I\"";
		200	Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
		201	};
		202	Unit = {
		203	StopWhenUnneeded = true;
		204	StartLimitInterval = "180s";
		205	StartLimitBurst = 7;
		206	};
		207	};
177	swayidle = {	208	swayidle = {
178	Service = {	209	Service = {
179	RuntimeDirectory = "swayidle";	210	RuntimeDirectory = "swayidle";
@@ -184,8 +215,8 @@ in {
184	WantedBy = ["graphical-session.target"];	215	WantedBy = ["graphical-session.target"];
185	};	216	};
186	Unit = {	217	Unit = {
187	Requires = ["graphical-session-pre.target"];	218	After = [ "graphical-session.target" ];
188	After = ["graphical-session-pre.target"];	219	PartOf = [ "graphical-session.target" ];
189	};	220	};
190	Service = {	221	Service = {
191	ExecStart = lib.getExe pkgs.psi-notify;	222	ExecStart = lib.getExe pkgs.psi-notify;
@@ -198,6 +229,7 @@ in {
198	gtklock = {	229	gtklock = {
199	Unit = {	230	Unit = {
200	Requisite = ["graphical-session.target"];	231	Requisite = ["graphical-session.target"];
		232	After = [ "graphical-session.target" ];
201	PartOf = ["graphical-session.target"];	233	PartOf = ["graphical-session.target"];
202	};	234	};
203	Service = {	235	Service = {
@@ -205,53 +237,55 @@ in {
205	RuntimeDirectory = "gtklock";	237	RuntimeDirectory = "gtklock";
206	CacheDirectory = "gtklock";	238	CacheDirectory = "gtklock";
207	ExecStartPre = [	239	ExecStartPre = [
208	"${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"	240	"-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
209	"${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"	241	"-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
210	(pkgs.writeShellScript "generate-css" ''	242	"-${lib.getExe pkgs.playerctl} -a pause"
211	set -x	243	"-${lib.getExe (pkgs.writeShellApplication {
212	export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"	244	name = "generate-css";
213		245	runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
214	declare -A monitors	246	text = ''
215	monitors=()	247	declare -A monitors
216	while IFS= read -r entry; do	248	monitors=()
217	path=$(jq -r ".path" <<<"$entry")	249	while IFS= read -r entry; do
218	[[ -z "$path" \|\| ! -f "$path" ]] && continue	250	path=$(jq -r ".path" <<<"$entry")
219	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"	251	[[ -z "$path" \|\| ! -f "$path" ]] && continue
220	monitor=$(jq -r ".display" <<<"$entry")	252	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"
221	if [[ ! -f "$blurred_path" ]]; then	253	monitor=$(jq -r ".display" <<<"$entry")
222	mkdir -p "$(dirname "$blurred_path")"	254	if [[ ! -f "$blurred_path" ]]; then
223	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &	255	mkdir -p "$(dirname "$blurred_path")"
224	fi	256	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
225	monitors+=([$monitor]="$blurred_path")	257	fi
226	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")	258	monitors+=([$monitor]="$blurred_path")
227	wait	259	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")
		260	# wait
228		261
229	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''	262	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
230	#window-box {	263	#window-box {
231	padding: 64px;	264	padding: 64px;
232	/* border: 1px solid black; */	265	/* border: 1px solid black; */
233	border-radius: 4px;	266	border-radius: 4px;
234	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;	267	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
235	/* background-color: white; */	268	/* background-color: white; */
236	background-color: rgba(0, 0, 0, 0.5);	269	background-color: rgba(0, 0, 0, 0.5);
		270	}
		271	''} "$RUNTIME_DIRECTORY"/style.css
		272	for monitor in "''${!monitors[@]}"; do
		273	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
		274	window#''${monitor} {
		275	background-image: url("''${monitors[$monitor]}");
		276	background-repeat: no-repeat;
		277	background-size: 100% 100%;
		278	background-origin: content-box;
237	}	279	}
238	''} "$RUNTIME_DIRECTORY"/style.css	280	EOF
239	for monitor in "''${!monitors[@]}"; do	281	done
240	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF	282	'';
241	window#''${monitor} {	283	})}"
242	background-image: url("''${monitors[$monitor]}");
243	background-repeat: no-repeat;
244	background-size: 100% 100%;
245	background-origin: content-box;
246	}
247	EOF
248	done
249	'')
250	];	284	];
251	NotifyAccess = "all";	285	NotifyAccess = "all";
252	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''	286	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
253	${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off	287	${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
254	${config.systemd.package}/bin/systemd-notify --ready	288	${lib.getExe' config.systemd.package "systemd-notify"} --ready
255	''}'';	289	''}'';
256	};	290	};
257	};	291	};
@@ -299,30 +333,62 @@ in {
299	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";	333	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
300	};	334	};
301	};	335	};
302	wpaperd = {	336	# wpaperd = {
303	Install = {	337	# Install = {
304	WantedBy = ["graphical-session.target"];	338	# WantedBy = ["graphical-session.target"];
		339	# };
		340	# Unit = {
		341	# After = [ "graphical-session.target" ];
		342	# PartOf = [ "graphical-session.target" ];
		343	# };
		344	# Service = {
		345	# ExecStart = lib.getExe cfg.services.wpaperd.package;
		346	# Type = "simple";
		347	# Restart = "always";
		348	# RestartSec = "2s";
		349	# };
		350	# };
		351	xembed-sni-proxy = {
		352	Unit = {
		353	PartOf = lib.mkForce ["tray.target"];
		354	BindsTo = ["xwayland-satellite.service"];
		355	After = ["xwayland-satellite.service"];
305	};	356	};
		357	};
		358	poweralertd = {
306	Unit = {	359	Unit = {
307	BindsTo = ["graphical-session-pre.target"];	360	After = ["graphical-session.target"];
308	After = ["graphical-session-pre.target"];
309	};	361	};
310	Service = {	362	};
311	ExecStart = lib.getExe cfg.programs.wpaperd.package;	363	network-manager-applet = {
312	Type = "simple";	364	Unit = {
313	Restart = "always";	365	PartOf = lib.mkForce ["tray.target"];
314	RestartSec = "2s";	366	};
		367	};
		368	udiskie = {
		369	Unit = {
		370	PartOf = lib.mkForce ["tray.target"];
		371	};
		372	};
		373	blueman-applet = {
		374	Unit = {
		375	PartOf = lib.mkForce ["tray.target"];
		376	};
		377	Install = {
		378	WantedBy = lib.mkForce ["tray.target"];
315	};	379	};
316	};	380	};
317	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {	381	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
318	Unit = {	382	Unit = {
319	Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	383	BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
320	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	384	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
321	};	385	};
322	Service = {	386	Service = {
323	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";	387	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
		388	Restart = "always";
		389	RestartSec = "23s";
324	};	390	};
325	}) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);	391	}) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
326	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {	392	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
327	Socket = {	393	Socket = {
328	ListenStream = "%I";	394	ListenStream = "%I";
@@ -330,7 +396,7 @@ in {
330	Install = {	396	Install = {
331	WantedBy = ["default.target"];	397	WantedBy = ["default.target"];
332	};	398	};
333	}) [8118 8120]) // {	399	}) [8118 8120 8122 8124]) // {
334	"yt-dlp" = {	400	"yt-dlp" = {
335	Socket = {	401	Socket = {
336	SocketMode = "0600";	402	SocketMode = "0600";
@@ -344,7 +410,7 @@ in {
344	};	410	};
345	};	411	};
346	timers = {	412	timers = {
347	sync-keepass = {	413	"sync-keepass@store.kdbx" = {
348	Timer = {	414	Timer = {
349	OnActiveSec = "1m";	415	OnActiveSec = "1m";
350	OnUnitActiveSec = "1m";	416	OnUnitActiveSec = "1m";
@@ -354,6 +420,16 @@ in {
354	WantedBy = ["default.target"];	420	WantedBy = ["default.target"];
355	};	421	};
356	};	422	};
		423	"sync-keepass@rz.kdbx" = {
		424	Timer = {
		425	OnActiveSec = "1d";
		426	OnUnitActiveSec = "1d";
		427	};
		428
		429	Install = {
		430	WantedBy = ["default.target"];
		431	};
		432	};
357	};	433	};
358	targets = {	434	targets = {
359	graphical-session = {	435	graphical-session = {
@@ -364,6 +440,9 @@ in {
364	};	440	};
365	tray = {	441	tray = {
366	Unit = {	442	Unit = {
		443	PartOf = [ "graphical-session.target" ];
		444	Requires = [ "waybar.service" ];
		445	After = [ "graphical-session.target" "waybar.service" ];
367	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];	446	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
368	};	447	};
369	};	448	};