1 files changed, 170 insertions, 91 deletions
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 119d8cc3..fd4b4cf4 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
  cfg = config.home-manager.users.${userName};
  autossh-socks-script = pkgs.writeScript "autossh" ''
-    #!${pkgs.zsh}/bin/zsh -xe
+    #!${lib.getExe pkgs.zsh} -xe
    host="''${1%:*}"
    port="''${1#*:}"
@@ -15,31 +15,29 @@ let
    cmd=()
    if [[ -n "''${SSHPASS_SECRET}" ]]; then
-      cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
+      cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
      cmd+=("''${(@s/:/)SSHPASS_SECRET}")
      cmd+=(--)
    fi
-    cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")
+    cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
    ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
    pid=$!
    newpid=""
    i=200
-    while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
+    while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
      if ! kill -0 "''${pid}"; then
        wait "''${pid}"
        exit $?
      fi
      [[ "''${i}" -gt 0 ]] || exit 1
      i=$((''${i} - 1))
-      ${pkgs.coreutils}/bin/sleep 0.1
+      ${lib.getExe' pkgs.coreutils "sleep"} 0.1
    done
-    ${config.systemd.package}/bin/systemd-notify --ready
+    ${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
-    wait "''${pid}" "''${newpid}"
  '';
 in {
  tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
  ];
  services = {
-    sync-keepass = {
+    "sync-keepass@" = {
      Service = {
        Type = "oneshot";
        WorkingDirectory = "~";
-        ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {
+        ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
          libraries = with pkgs.python3Packages; [ python-dateutil ];
        } ''
          import json
@@ -61,13 +59,13 @@ in {
          from datetime import datetime
          from dateutil.tz import tzlocal
          from dateutil.parser import isoparse
-          from sys import stderr
+          from sys import stderr, argv
-          remote_fs = 'surtr'
+          remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
-          remote_file = 'store.kdbx'
+          remote_file = argv[1]
-          target_file = expanduser('~/store.kdbx')
+          target_file = expanduser(f'~/{argv[1]}')
-          meta_file = expanduser('~/.store.kdbx.json')
+          meta_file = expanduser(f'~/.{argv[1]}.json')
          upload_time = None
          our_last_upload_time = None
@@ -117,22 +115,14 @@ in {
              do_upload()
          elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time):  # noqa: E501
              do_download()
-        '');
+        ''} \"%I\"";
        Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
      };
    };
    emacs = {
      Unit = {
-        After = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-      };
+        BindsTo = [ "graphical-session.target" ];
-    };
-    dunst = {
-      Service = {
-        ExecStart = lib.mkForce "${cfg.services.dunst.package}/bin/dunst";
-        Restart = "always";
-      };
-      Install = {
-        WantedBy = ["graphical-session.target"];
      };
    };
    keepassxc = {
@@ -144,8 +134,8 @@ in {
        Environment = [ "QT_QPA_PLATFORM=wayland" ];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        BindsTo = [ "graphical-session.target" ];
      };
    };
    mpris-proxy = {
@@ -154,7 +144,7 @@ in {
      Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
      Install.WantedBy = [ "default.target" ];
    };
-    "autossh-socks@proxy.mathw0h:8119" = {
+    "autossh-socks@proxy.ssh.math.lmu.de:8119" = {
      Service = {
        Type = "notify";
        NotifyAccess = "all";
@@ -162,7 +152,7 @@ in {
        Restart = "always";
        RestartSec = "23s";
        ExecStart = "${autossh-socks-script} \"%I\"";
-        Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
+        Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
      };
      Unit = {
        StopWhenUnneeded = true;
@@ -181,11 +171,40 @@ in {
      };
      Unit = {
        StopWhenUnneeded = true;
+        StartLimitInterval = "2s";
+        StartLimitBurst = 25;
+      };
+    };
+    "autossh-socks@proxy.mathw0h:8123" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
      };
    };
-    swayidle = {
+    "autossh-socks@proxy.mathw0e:8125" = {
      Service = {
-        RuntimeDirectory = "swayidle";
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
      };
    };
    psi-notify = {
@@ -193,8 +212,8 @@ in {
        WantedBy = ["graphical-session.target"];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        PartOf = [ "graphical-session.target" ];
      };
      Service = {
        ExecStart = lib.getExe pkgs.psi-notify;
@@ -207,6 +226,7 @@ in {
    gtklock = {
      Unit = {
        Requisite = ["graphical-session.target"];
+        After = [ "graphical-session.target" ];
        PartOf = ["graphical-session.target"];
      };
      Service = {
@@ -214,53 +234,55 @@ in {
        RuntimeDirectory = "gtklock";
        CacheDirectory = "gtklock";
        ExecStartPre = [
-          "${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
+          "-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
-          "${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"
+          "-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
-          (pkgs.writeShellScript "generate-css" ''
+          "-${lib.getExe pkgs.playerctl} -a pause"
-            set -x
+          "-${lib.getExe (pkgs.writeShellApplication {
-            export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"
+            name = "generate-css";
+            runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
-            declare -A monitors
+            text = ''
-            monitors=()
+              declare -A monitors
-            while IFS= read -r entry; do
+              monitors=()
-                path=$(jq -r ".path" <<<"$entry")
+              while IFS= read -r entry; do
-                [[ -z "$path" || ! -f "$path" ]] && continue
+                  path=$(jq -r ".path" <<<"$entry")
-                blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
+                  [[ -z "$path" || ! -f "$path" ]] && continue
-                monitor=$(jq -r ".display" <<<"$entry")
+                  blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
-                if [[ ! -f "$blurred_path" ]]; then
+                  monitor=$(jq -r ".display" <<<"$entry")
-                    mkdir -p "$(dirname "$blurred_path")"
+                  if [[ ! -f "$blurred_path" ]]; then
-                    magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
+                      mkdir -p "$(dirname "$blurred_path")"
-                fi
+                      magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
-                monitors+=([$monitor]="$blurred_path")
+                  fi
-            done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+                  monitors+=([$monitor]="$blurred_path")
-            wait
+              done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+              # wait
-            cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
+              cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
-              #window-box {
+                #window-box {
-                padding: 64px;
+                  padding: 64px;
-                /* border: 1px solid black; */
+                  /* border: 1px solid black; */
-                border-radius: 4px;
+                  border-radius: 4px;
-                box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
+                  box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
-                /* background-color: white; */
+                  /* background-color: white; */
-                background-color: rgba(0, 0, 0, 0.5);
+                  background-color: rgba(0, 0, 0, 0.5);
+                }
+              ''} "$RUNTIME_DIRECTORY"/style.css
+              for monitor in "''${!monitors[@]}"; do
+              cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
+              window#''${monitor} {
+                background-image: url("''${monitors[$monitor]}");
+                background-repeat: no-repeat;
+                background-size: 100% 100%;
+                background-origin: content-box;
              }
-            ''} "$RUNTIME_DIRECTORY"/style.css
+              EOF
-            for monitor in "''${!monitors[@]}"; do
+              done
-            cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
+            '';
-            window#''${monitor} {
+          })}"
-              background-image: url("''${monitors[$monitor]}");
-              background-repeat: no-repeat;
-              background-size: 100% 100%;
-              background-origin: content-box;
-            }
-            EOF
-            done
-          '')
        ];
        NotifyAccess = "all";
        ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
-          ${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off
+          ${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
-          ${config.systemd.package}/bin/systemd-notify --ready
+          ${lib.getExe' config.systemd.package "systemd-notify"} --ready
        ''}'';
      };
    };
@@ -308,38 +330,82 @@ in {
        ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
      };
    };
-    wpaperd = {
+    # wpaperd = {
-      Install = {
+    #   Install = {
-        WantedBy = ["graphical-session.target"];
+    #     WantedBy = ["graphical-session.target"];
+    #   };
+    #   Unit = {
+    #     After = [ "graphical-session.target" ];
+    #     PartOf = [ "graphical-session.target" ];
+    #   };
+    #   Service = {
+    #     ExecStart = lib.getExe cfg.services.wpaperd.package;
+    #     Type = "simple";
+    #     Restart = "always";
+    #     RestartSec = "2s";
+    #   };
+    # };
+    xembed-sni-proxy = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
      };
+    };
+    poweralertd = {
      Unit = {
-        BindsTo = ["graphical-session-pre.target"];
+        After = ["graphical-session.target"];
-        After = ["graphical-session-pre.target"];
      };
-      Service = {
+    };
-        ExecStart = lib.getExe cfg.programs.wpaperd.package;
+    network-manager-applet = {
-        Type = "simple";
+      Unit = {
-        Restart = "always";
+        PartOf = lib.mkForce ["tray.target"];
-        RestartSec = "2s";
+      };
+    };
+    udiskie = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+    };
+    blueman-applet = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+      Install = {
+        WantedBy = lib.mkForce ["tray.target"];
      };
    };
  } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
      Unit = {
-        Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
+        BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
        After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
      };
      Service = {
-        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";
+        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
+        Restart = "always";
+        RestartSec = "23s";
      };
-  }) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);
+  }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
  sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
    Socket = {
      ListenStream = "%I";
+      TriggerLimitIntervalSec = 0;
+      PollLimitIntervalSec = "180s";
+      PollLimitBurst = 6;
    };
    Install = {
      WantedBy = ["default.target"];
    };
-  }) [8118 8120]) // {
+  }) [8118 8122 8124]) // {
+    "proxy-to-autossh-socks@8120" = {
+      Socket = {
+        ListenStream = "%I";
+        TriggerLimitIntervalSec = 0;
+        PollLimitIntervalSec = "2s";
+        PollLimitBurst = 20;
+      };
+      Install = {
+        WantedBy = ["default.target"];
+      };
+    };
    "yt-dlp" = {
      Socket = {
        SocketMode = "0600";
@@ -353,7 +419,7 @@ in {
    };
  };
  timers = {
-    sync-keepass = {
+    "sync-keepass@store.kdbx" = {
      Timer = {
        OnActiveSec = "1m";
        OnUnitActiveSec = "1m";
@@ -363,6 +429,16 @@ in {
        WantedBy = ["default.target"];
      };
    };
+    "sync-keepass@rz.kdbx" = {
+      Timer = {
+        OnActiveSec = "1d";
+        OnUnitActiveSec = "1d";
+      };
+      Install = {
+        WantedBy = ["default.target"];
+      };
+    };
  };
  targets = {
    graphical-session = {
@@ -373,6 +449,9 @@ in {
    };
    tray = {
      Unit = {
+        PartOf = [ "graphical-session.target" ];
+        # Requires = [ "waybar.service" ];
+        After = [ "graphical-session.target" ]; # "waybar.service" ];
        Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
      };
    };

diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 119d8cc3..fd4b4cf4 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
6	cfg = config.home-manager.users.${userName};	6	cfg = config.home-manager.users.${userName};
7		7
8	autossh-socks-script = pkgs.writeScript "autossh" ''	8	autossh-socks-script = pkgs.writeScript "autossh" ''
9	#!${pkgs.zsh}/bin/zsh -xe	9	#!${lib.getExe pkgs.zsh} -xe
10		10
11	host="''${1%:*}"	11	host="''${1%:*}"
12	port="''${1#*:}"	12	port="''${1#*:}"
@@ -15,31 +15,29 @@ let
15	cmd=()	15	cmd=()
16		16
17	if [[ -n "''${SSHPASS_SECRET}" ]]; then	17	if [[ -n "''${SSHPASS_SECRET}" ]]; then
18	cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)	18	cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")	19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")
20	cmd+=(--)	20	cmd+=(--)
21	fi	21	fi
22		22
23	cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")	23	cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
24		24
25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &	25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &
26	pid=$!	26	pid=$!
27		27
28	newpid=""	28	newpid=""
29	i=200	29	i=200
30	while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do	30	while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
31	if ! kill -0 "''${pid}"; then	31	if ! kill -0 "''${pid}"; then
32	wait "''${pid}"	32	wait "''${pid}"
33	exit $?	33	exit $?
34	fi	34	fi
35	[[ "''${i}" -gt 0 ]] \|\| exit 1	35	[[ "''${i}" -gt 0 ]] \|\| exit 1
36	i=$((''${i} - 1))	36	i=$((''${i} - 1))
37	${pkgs.coreutils}/bin/sleep 0.1	37	${lib.getExe' pkgs.coreutils "sleep"} 0.1
38	done	38	done
39		39
40	${config.systemd.package}/bin/systemd-notify --ready	40	${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
41
42	wait "''${pid}" "''${newpid}"
43	'';	41	'';
44	in {	42	in {
45	tmpfiles.rules = [	43	tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
48	];	46	];
49		47
50	services = {	48	services = {
51	sync-keepass = {	49	"sync-keepass@" = {
52	Service = {	50	Service = {
53	Type = "oneshot";	51	Type = "oneshot";
54	WorkingDirectory = "~";	52	WorkingDirectory = "~";
55	ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {	53	ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
56	libraries = with pkgs.python3Packages; [ python-dateutil ];	54	libraries = with pkgs.python3Packages; [ python-dateutil ];
57	} ''	55	} ''
58	import json	56	import json
@@ -61,13 +59,13 @@ in {
61	from datetime import datetime	59	from datetime import datetime
62	from dateutil.tz import tzlocal	60	from dateutil.tz import tzlocal
63	from dateutil.parser import isoparse	61	from dateutil.parser import isoparse
64	from sys import stderr	62	from sys import stderr, argv
65		63
66		64
67	remote_fs = 'surtr'	65	remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
68	remote_file = 'store.kdbx'	66	remote_file = argv[1]
69	target_file = expanduser('~/store.kdbx')	67	target_file = expanduser(f'~/{argv[1]}')
70	meta_file = expanduser('~/.store.kdbx.json')	68	meta_file = expanduser(f'~/.{argv[1]}.json')
71		69
72	upload_time = None	70	upload_time = None
73	our_last_upload_time = None	71	our_last_upload_time = None
@@ -117,22 +115,14 @@ in {
117	do_upload()	115	do_upload()
118	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501	116	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501
119	do_download()	117	do_download()
120	'');	118	''} \"%I\"";
121	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];	119	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
122	};	120	};
123	};	121	};
124	emacs = {	122	emacs = {
125	Unit = {	123	Unit = {
126	After = ["graphical-session-pre.target"];	124	After = [ "graphical-session.target" ];
127	};	125	BindsTo = [ "graphical-session.target" ];
128	};
129	dunst = {
130	Service = {
131	ExecStart = lib.mkForce "${cfg.services.dunst.package}/bin/dunst";
132	Restart = "always";
133	};
134	Install = {
135	WantedBy = ["graphical-session.target"];
136	};	126	};
137	};	127	};
138	keepassxc = {	128	keepassxc = {
@@ -144,8 +134,8 @@ in {
144	Environment = [ "QT_QPA_PLATFORM=wayland" ];	134	Environment = [ "QT_QPA_PLATFORM=wayland" ];
145	};	135	};
146	Unit = {	136	Unit = {
147	Requires = ["graphical-session-pre.target"];	137	After = [ "graphical-session.target" ];
148	After = ["graphical-session-pre.target"];	138	BindsTo = [ "graphical-session.target" ];
149	};	139	};
150	};	140	};
151	mpris-proxy = {	141	mpris-proxy = {
@@ -154,7 +144,7 @@ in {
154	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";	144	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
155	Install.WantedBy = [ "default.target" ];	145	Install.WantedBy = [ "default.target" ];
156	};	146	};
157	"autossh-socks@proxy.mathw0h:8119" = {	147	"autossh-socks@proxy.ssh.math.lmu.de:8119" = {
158	Service = {	148	Service = {
159	Type = "notify";	149	Type = "notify";
160	NotifyAccess = "all";	150	NotifyAccess = "all";
@@ -162,7 +152,7 @@ in {
162	Restart = "always";	152	Restart = "always";
163	RestartSec = "23s";	153	RestartSec = "23s";
164	ExecStart = "${autossh-socks-script} \"%I\"";	154	ExecStart = "${autossh-socks-script} \"%I\"";
165	Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];	155	Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
166	};	156	};
167	Unit = {	157	Unit = {
168	StopWhenUnneeded = true;	158	StopWhenUnneeded = true;
@@ -181,11 +171,40 @@ in {
181	};	171	};
182	Unit = {	172	Unit = {
183	StopWhenUnneeded = true;	173	StopWhenUnneeded = true;
		174	StartLimitInterval = "2s";
		175	StartLimitBurst = 25;
		176	};
		177	};
		178	"autossh-socks@proxy.mathw0h:8123" = {
		179	Service = {
		180	Type = "notify";
		181	NotifyAccess = "all";
		182	WorkingDirectory = "~";
		183	Restart = "always";
		184	RestartSec = "23s";
		185	ExecStart = "${autossh-socks-script} \"%I\"";
		186	Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
		187	};
		188	Unit = {
		189	StopWhenUnneeded = true;
		190	StartLimitInterval = "180s";
		191	StartLimitBurst = 7;
184	};	192	};
185	};	193	};
186	swayidle = {	194	"autossh-socks@proxy.mathw0e:8125" = {
187	Service = {	195	Service = {
188	RuntimeDirectory = "swayidle";	196	Type = "notify";
		197	NotifyAccess = "all";
		198	WorkingDirectory = "~";
		199	Restart = "always";
		200	RestartSec = "23s";
		201	ExecStart = "${autossh-socks-script} \"%I\"";
		202	Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
		203	};
		204	Unit = {
		205	StopWhenUnneeded = true;
		206	StartLimitInterval = "180s";
		207	StartLimitBurst = 7;
189	};	208	};
190	};	209	};
191	psi-notify = {	210	psi-notify = {
@@ -193,8 +212,8 @@ in {
193	WantedBy = ["graphical-session.target"];	212	WantedBy = ["graphical-session.target"];
194	};	213	};
195	Unit = {	214	Unit = {
196	Requires = ["graphical-session-pre.target"];	215	After = [ "graphical-session.target" ];
197	After = ["graphical-session-pre.target"];	216	PartOf = [ "graphical-session.target" ];
198	};	217	};
199	Service = {	218	Service = {
200	ExecStart = lib.getExe pkgs.psi-notify;	219	ExecStart = lib.getExe pkgs.psi-notify;
@@ -207,6 +226,7 @@ in {
207	gtklock = {	226	gtklock = {
208	Unit = {	227	Unit = {
209	Requisite = ["graphical-session.target"];	228	Requisite = ["graphical-session.target"];
		229	After = [ "graphical-session.target" ];
210	PartOf = ["graphical-session.target"];	230	PartOf = ["graphical-session.target"];
211	};	231	};
212	Service = {	232	Service = {
@@ -214,53 +234,55 @@ in {
214	RuntimeDirectory = "gtklock";	234	RuntimeDirectory = "gtklock";
215	CacheDirectory = "gtklock";	235	CacheDirectory = "gtklock";
216	ExecStartPre = [	236	ExecStartPre = [
217	"${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"	237	"-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
218	"${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"	238	"-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
219	(pkgs.writeShellScript "generate-css" ''	239	"-${lib.getExe pkgs.playerctl} -a pause"
220	set -x	240	"-${lib.getExe (pkgs.writeShellApplication {
221	export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"	241	name = "generate-css";
222		242	runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
223	declare -A monitors	243	text = ''
224	monitors=()	244	declare -A monitors
225	while IFS= read -r entry; do	245	monitors=()
226	path=$(jq -r ".path" <<<"$entry")	246	while IFS= read -r entry; do
227	[[ -z "$path" \|\| ! -f "$path" ]] && continue	247	path=$(jq -r ".path" <<<"$entry")
228	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"	248	[[ -z "$path" \|\| ! -f "$path" ]] && continue
229	monitor=$(jq -r ".display" <<<"$entry")	249	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"
230	if [[ ! -f "$blurred_path" ]]; then	250	monitor=$(jq -r ".display" <<<"$entry")
231	mkdir -p "$(dirname "$blurred_path")"	251	if [[ ! -f "$blurred_path" ]]; then
232	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &	252	mkdir -p "$(dirname "$blurred_path")"
233	fi	253	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
234	monitors+=([$monitor]="$blurred_path")	254	fi
235	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")	255	monitors+=([$monitor]="$blurred_path")
236	wait	256	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")
		257	# wait
237		258
238	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''	259	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
239	#window-box {	260	#window-box {
240	padding: 64px;	261	padding: 64px;
241	/* border: 1px solid black; */	262	/* border: 1px solid black; */
242	border-radius: 4px;	263	border-radius: 4px;
243	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;	264	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
244	/* background-color: white; */	265	/* background-color: white; */
245	background-color: rgba(0, 0, 0, 0.5);	266	background-color: rgba(0, 0, 0, 0.5);
		267	}
		268	''} "$RUNTIME_DIRECTORY"/style.css
		269	for monitor in "''${!monitors[@]}"; do
		270	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
		271	window#''${monitor} {
		272	background-image: url("''${monitors[$monitor]}");
		273	background-repeat: no-repeat;
		274	background-size: 100% 100%;
		275	background-origin: content-box;
246	}	276	}
247	''} "$RUNTIME_DIRECTORY"/style.css	277	EOF
248	for monitor in "''${!monitors[@]}"; do	278	done
249	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF	279	'';
250	window#''${monitor} {	280	})}"
251	background-image: url("''${monitors[$monitor]}");
252	background-repeat: no-repeat;
253	background-size: 100% 100%;
254	background-origin: content-box;
255	}
256	EOF
257	done
258	'')
259	];	281	];
260	NotifyAccess = "all";	282	NotifyAccess = "all";
261	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''	283	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
262	${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off	284	${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
263	${config.systemd.package}/bin/systemd-notify --ready	285	${lib.getExe' config.systemd.package "systemd-notify"} --ready
264	''}'';	286	''}'';
265	};	287	};
266	};	288	};
@@ -308,38 +330,82 @@ in {
308	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";	330	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
309	};	331	};
310	};	332	};
311	wpaperd = {	333	# wpaperd = {
312	Install = {	334	# Install = {
313	WantedBy = ["graphical-session.target"];	335	# WantedBy = ["graphical-session.target"];
		336	# };
		337	# Unit = {
		338	# After = [ "graphical-session.target" ];
		339	# PartOf = [ "graphical-session.target" ];
		340	# };
		341	# Service = {
		342	# ExecStart = lib.getExe cfg.services.wpaperd.package;
		343	# Type = "simple";
		344	# Restart = "always";
		345	# RestartSec = "2s";
		346	# };
		347	# };
		348	xembed-sni-proxy = {
		349	Unit = {
		350	PartOf = lib.mkForce ["tray.target"];
314	};	351	};
		352	};
		353	poweralertd = {
315	Unit = {	354	Unit = {
316	BindsTo = ["graphical-session-pre.target"];	355	After = ["graphical-session.target"];
317	After = ["graphical-session-pre.target"];
318	};	356	};
319	Service = {	357	};
320	ExecStart = lib.getExe cfg.programs.wpaperd.package;	358	network-manager-applet = {
321	Type = "simple";	359	Unit = {
322	Restart = "always";	360	PartOf = lib.mkForce ["tray.target"];
323	RestartSec = "2s";	361	};
		362	};
		363	udiskie = {
		364	Unit = {
		365	PartOf = lib.mkForce ["tray.target"];
		366	};
		367	};
		368	blueman-applet = {
		369	Unit = {
		370	PartOf = lib.mkForce ["tray.target"];
		371	};
		372	Install = {
		373	WantedBy = lib.mkForce ["tray.target"];
324	};	374	};
325	};	375	};
326	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {	376	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
327	Unit = {	377	Unit = {
328	Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	378	BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
329	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	379	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
330	};	380	};
331	Service = {	381	Service = {
332	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";	382	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
		383	Restart = "always";
		384	RestartSec = "23s";
333	};	385	};
334	}) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);	386	}) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
335	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {	387	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
336	Socket = {	388	Socket = {
337	ListenStream = "%I";	389	ListenStream = "%I";
		390	TriggerLimitIntervalSec = 0;
		391	PollLimitIntervalSec = "180s";
		392	PollLimitBurst = 6;
338	};	393	};
339	Install = {	394	Install = {
340	WantedBy = ["default.target"];	395	WantedBy = ["default.target"];
341	};	396	};
342	}) [8118 8120]) // {	397	}) [8118 8122 8124]) // {
		398	"proxy-to-autossh-socks@8120" = {
		399	Socket = {
		400	ListenStream = "%I";
		401	TriggerLimitIntervalSec = 0;
		402	PollLimitIntervalSec = "2s";
		403	PollLimitBurst = 20;
		404	};
		405	Install = {
		406	WantedBy = ["default.target"];
		407	};
		408	};
343	"yt-dlp" = {	409	"yt-dlp" = {
344	Socket = {	410	Socket = {
345	SocketMode = "0600";	411	SocketMode = "0600";
@@ -353,7 +419,7 @@ in {
353	};	419	};
354	};	420	};
355	timers = {	421	timers = {
356	sync-keepass = {	422	"sync-keepass@store.kdbx" = {
357	Timer = {	423	Timer = {
358	OnActiveSec = "1m";	424	OnActiveSec = "1m";
359	OnUnitActiveSec = "1m";	425	OnUnitActiveSec = "1m";
@@ -363,6 +429,16 @@ in {
363	WantedBy = ["default.target"];	429	WantedBy = ["default.target"];
364	};	430	};
365	};	431	};
		432	"sync-keepass@rz.kdbx" = {
		433	Timer = {
		434	OnActiveSec = "1d";
		435	OnUnitActiveSec = "1d";
		436	};
		437
		438	Install = {
		439	WantedBy = ["default.target"];
		440	};
		441	};
366	};	442	};
367	targets = {	443	targets = {
368	graphical-session = {	444	graphical-session = {
@@ -373,6 +449,9 @@ in {
373	};	449	};
374	tray = {	450	tray = {
375	Unit = {	451	Unit = {
		452	PartOf = [ "graphical-session.target" ];
		453	# Requires = [ "waybar.service" ];
		454	After = [ "graphical-session.target" ]; # "waybar.service" ];
376	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];	455	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
377	};	456	};
378	};	457	};