1 files changed, 154 insertions, 91 deletions
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 119d8cc3..e601b49c 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
  cfg = config.home-manager.users.${userName};
  autossh-socks-script = pkgs.writeScript "autossh" ''
-    #!${pkgs.zsh}/bin/zsh -xe
+    #!${lib.getExe pkgs.zsh} -xe
    host="''${1%:*}"
    port="''${1#*:}"
@@ -15,31 +15,29 @@ let
    cmd=()
    if [[ -n "''${SSHPASS_SECRET}" ]]; then
-      cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
+      cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
      cmd+=("''${(@s/:/)SSHPASS_SECRET}")
      cmd+=(--)
    fi
-    cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")
+    cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
    ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
    pid=$!
    newpid=""
    i=200
-    while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
+    while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
      if ! kill -0 "''${pid}"; then
        wait "''${pid}"
        exit $?
      fi
      [[ "''${i}" -gt 0 ]] || exit 1
      i=$((''${i} - 1))
-      ${pkgs.coreutils}/bin/sleep 0.1
+      ${lib.getExe' pkgs.coreutils "sleep"} 0.1
    done
-    ${config.systemd.package}/bin/systemd-notify --ready
+    ${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
-    wait "''${pid}" "''${newpid}"
  '';
 in {
  tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
  ];
  services = {
-    sync-keepass = {
+    "sync-keepass@" = {
      Service = {
        Type = "oneshot";
        WorkingDirectory = "~";
-        ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {
+        ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
          libraries = with pkgs.python3Packages; [ python-dateutil ];
        } ''
          import json
@@ -61,13 +59,13 @@ in {
          from datetime import datetime
          from dateutil.tz import tzlocal
          from dateutil.parser import isoparse
-          from sys import stderr
+          from sys import stderr, argv
-          remote_fs = 'surtr'
+          remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
-          remote_file = 'store.kdbx'
+          remote_file = argv[1]
-          target_file = expanduser('~/store.kdbx')
+          target_file = expanduser(f'~/{argv[1]}')
-          meta_file = expanduser('~/.store.kdbx.json')
+          meta_file = expanduser(f'~/.{argv[1]}.json')
          upload_time = None
          our_last_upload_time = None
@@ -117,22 +115,14 @@ in {
              do_upload()
          elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time):  # noqa: E501
              do_download()
-        '');
+        ''} \"%I\"";
        Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
      };
    };
    emacs = {
      Unit = {
-        After = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-      };
+        BindsTo = [ "graphical-session.target" ];
-    };
-    dunst = {
-      Service = {
-        ExecStart = lib.mkForce "${cfg.services.dunst.package}/bin/dunst";
-        Restart = "always";
-      };
-      Install = {
-        WantedBy = ["graphical-session.target"];
      };
    };
    keepassxc = {
@@ -144,8 +134,8 @@ in {
        Environment = [ "QT_QPA_PLATFORM=wayland" ];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        BindsTo = [ "graphical-session.target" ];
      };
    };
    mpris-proxy = {
@@ -154,7 +144,7 @@ in {
      Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
      Install.WantedBy = [ "default.target" ];
    };
-    "autossh-socks@proxy.mathw0h:8119" = {
+    "autossh-socks@proxy.ssh.math.lmu.de:8119" = {
      Service = {
        Type = "notify";
        NotifyAccess = "all";
@@ -162,7 +152,7 @@ in {
        Restart = "always";
        RestartSec = "23s";
        ExecStart = "${autossh-socks-script} \"%I\"";
-        Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
+        Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
      };
      Unit = {
        StopWhenUnneeded = true;
@@ -183,9 +173,36 @@ in {
        StopWhenUnneeded = true;
      };
    };
-    swayidle = {
+    "autossh-socks@proxy.mathw0h:8123" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
+      };
+    };
+    "autossh-socks@proxy.mathw0e:8125" = {
      Service = {
-        RuntimeDirectory = "swayidle";
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
      };
    };
    psi-notify = {
@@ -193,8 +210,8 @@ in {
        WantedBy = ["graphical-session.target"];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        PartOf = [ "graphical-session.target" ];
      };
      Service = {
        ExecStart = lib.getExe pkgs.psi-notify;
@@ -207,6 +224,7 @@ in {
    gtklock = {
      Unit = {
        Requisite = ["graphical-session.target"];
+        After = [ "graphical-session.target" ];
        PartOf = ["graphical-session.target"];
      };
      Service = {
@@ -214,53 +232,55 @@ in {
        RuntimeDirectory = "gtklock";
        CacheDirectory = "gtklock";
        ExecStartPre = [
-          "${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
+          "-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
-          "${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"
+          "-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
-          (pkgs.writeShellScript "generate-css" ''
+          "-${lib.getExe pkgs.playerctl} -a pause"
-            set -x
+          "-${lib.getExe (pkgs.writeShellApplication {
-            export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"
+            name = "generate-css";
+            runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
-            declare -A monitors
+            text = ''
-            monitors=()
+              declare -A monitors
-            while IFS= read -r entry; do
+              monitors=()
-                path=$(jq -r ".path" <<<"$entry")
+              while IFS= read -r entry; do
-                [[ -z "$path" || ! -f "$path" ]] && continue
+                  path=$(jq -r ".path" <<<"$entry")
-                blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
+                  [[ -z "$path" || ! -f "$path" ]] && continue
-                monitor=$(jq -r ".display" <<<"$entry")
+                  blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
-                if [[ ! -f "$blurred_path" ]]; then
+                  monitor=$(jq -r ".display" <<<"$entry")
-                    mkdir -p "$(dirname "$blurred_path")"
+                  if [[ ! -f "$blurred_path" ]]; then
-                    magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
+                      mkdir -p "$(dirname "$blurred_path")"
-                fi
+                      magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
-                monitors+=([$monitor]="$blurred_path")
+                  fi
-            done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+                  monitors+=([$monitor]="$blurred_path")
-            wait
+              done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+              # wait
-            cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
+              cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
-              #window-box {
+                #window-box {
-                padding: 64px;
+                  padding: 64px;
-                /* border: 1px solid black; */
+                  /* border: 1px solid black; */
-                border-radius: 4px;
+                  border-radius: 4px;
-                box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
+                  box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
-                /* background-color: white; */
+                  /* background-color: white; */
-                background-color: rgba(0, 0, 0, 0.5);
+                  background-color: rgba(0, 0, 0, 0.5);
+                }
+              ''} "$RUNTIME_DIRECTORY"/style.css
+              for monitor in "''${!monitors[@]}"; do
+              cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
+              window#''${monitor} {
+                background-image: url("''${monitors[$monitor]}");
+                background-repeat: no-repeat;
+                background-size: 100% 100%;
+                background-origin: content-box;
              }
-            ''} "$RUNTIME_DIRECTORY"/style.css
+              EOF
-            for monitor in "''${!monitors[@]}"; do
+              done
-            cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
+            '';
-            window#''${monitor} {
+          })}"
-              background-image: url("''${monitors[$monitor]}");
-              background-repeat: no-repeat;
-              background-size: 100% 100%;
-              background-origin: content-box;
-            }
-            EOF
-            done
-          '')
        ];
        NotifyAccess = "all";
        ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
-          ${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off
+          ${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
-          ${config.systemd.package}/bin/systemd-notify --ready
+          ${lib.getExe' config.systemd.package "systemd-notify"} --ready
        ''}'';
      };
    };
@@ -308,30 +328,60 @@ in {
        ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
      };
    };
-    wpaperd = {
+    # wpaperd = {
-      Install = {
+    #   Install = {
-        WantedBy = ["graphical-session.target"];
+    #     WantedBy = ["graphical-session.target"];
+    #   };
+    #   Unit = {
+    #     After = [ "graphical-session.target" ];
+    #     PartOf = [ "graphical-session.target" ];
+    #   };
+    #   Service = {
+    #     ExecStart = lib.getExe cfg.services.wpaperd.package;
+    #     Type = "simple";
+    #     Restart = "always";
+    #     RestartSec = "2s";
+    #   };
+    # };
+    xembed-sni-proxy = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
      };
+    };
+    poweralertd = {
      Unit = {
-        BindsTo = ["graphical-session-pre.target"];
+        After = ["graphical-session.target"];
-        After = ["graphical-session-pre.target"];
      };
-      Service = {
+    };
-        ExecStart = lib.getExe cfg.programs.wpaperd.package;
+    network-manager-applet = {
-        Type = "simple";
+      Unit = {
-        Restart = "always";
+        PartOf = lib.mkForce ["tray.target"];
-        RestartSec = "2s";
+      };
+    };
+    udiskie = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+    };
+    blueman-applet = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+      Install = {
+        WantedBy = lib.mkForce ["tray.target"];
      };
    };
  } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
      Unit = {
-        Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
+        BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
        After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
      };
      Service = {
-        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";
+        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
+        Restart = "always";
+        RestartSec = "23s";
      };
-  }) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);
+  }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
  sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
    Socket = {
      ListenStream = "%I";
@@ -339,7 +389,7 @@ in {
    Install = {
      WantedBy = ["default.target"];
    };
-  }) [8118 8120]) // {
+  }) [8118 8120 8122 8124]) // {
    "yt-dlp" = {
      Socket = {
        SocketMode = "0600";
@@ -353,7 +403,7 @@ in {
    };
  };
  timers = {
-    sync-keepass = {
+    "sync-keepass@store.kdbx" = {
      Timer = {
        OnActiveSec = "1m";
        OnUnitActiveSec = "1m";
@@ -363,6 +413,16 @@ in {
        WantedBy = ["default.target"];
      };
    };
+    "sync-keepass@rz.kdbx" = {
+      Timer = {
+        OnActiveSec = "1d";
+        OnUnitActiveSec = "1d";
+      };
+      Install = {
+        WantedBy = ["default.target"];
+      };
+    };
  };
  targets = {
    graphical-session = {
@@ -373,6 +433,9 @@ in {
    };
    tray = {
      Unit = {
+        PartOf = [ "graphical-session.target" ];
+        # Requires = [ "waybar.service" ];
+        After = [ "graphical-session.target" ]; # "waybar.service" ];
        Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
      };
    };

diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 119d8cc3..e601b49c 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
6	cfg = config.home-manager.users.${userName};	6	cfg = config.home-manager.users.${userName};
7		7
8	autossh-socks-script = pkgs.writeScript "autossh" ''	8	autossh-socks-script = pkgs.writeScript "autossh" ''
9	#!${pkgs.zsh}/bin/zsh -xe	9	#!${lib.getExe pkgs.zsh} -xe
10		10
11	host="''${1%:*}"	11	host="''${1%:*}"
12	port="''${1#*:}"	12	port="''${1#*:}"
@@ -15,31 +15,29 @@ let
15	cmd=()	15	cmd=()
16		16
17	if [[ -n "''${SSHPASS_SECRET}" ]]; then	17	if [[ -n "''${SSHPASS_SECRET}" ]]; then
18	cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)	18	cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")	19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")
20	cmd+=(--)	20	cmd+=(--)
21	fi	21	fi
22		22
23	cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")	23	cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
24		24
25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &	25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &
26	pid=$!	26	pid=$!
27		27
28	newpid=""	28	newpid=""
29	i=200	29	i=200
30	while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do	30	while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
31	if ! kill -0 "''${pid}"; then	31	if ! kill -0 "''${pid}"; then
32	wait "''${pid}"	32	wait "''${pid}"
33	exit $?	33	exit $?
34	fi	34	fi
35	[[ "''${i}" -gt 0 ]] \|\| exit 1	35	[[ "''${i}" -gt 0 ]] \|\| exit 1
36	i=$((''${i} - 1))	36	i=$((''${i} - 1))
37	${pkgs.coreutils}/bin/sleep 0.1	37	${lib.getExe' pkgs.coreutils "sleep"} 0.1
38	done	38	done
39		39
40	${config.systemd.package}/bin/systemd-notify --ready	40	${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
41
42	wait "''${pid}" "''${newpid}"
43	'';	41	'';
44	in {	42	in {
45	tmpfiles.rules = [	43	tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
48	];	46	];
49		47
50	services = {	48	services = {
51	sync-keepass = {	49	"sync-keepass@" = {
52	Service = {	50	Service = {
53	Type = "oneshot";	51	Type = "oneshot";
54	WorkingDirectory = "~";	52	WorkingDirectory = "~";
55	ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {	53	ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
56	libraries = with pkgs.python3Packages; [ python-dateutil ];	54	libraries = with pkgs.python3Packages; [ python-dateutil ];
57	} ''	55	} ''
58	import json	56	import json
@@ -61,13 +59,13 @@ in {
61	from datetime import datetime	59	from datetime import datetime
62	from dateutil.tz import tzlocal	60	from dateutil.tz import tzlocal
63	from dateutil.parser import isoparse	61	from dateutil.parser import isoparse
64	from sys import stderr	62	from sys import stderr, argv
65		63
66		64
67	remote_fs = 'surtr'	65	remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
68	remote_file = 'store.kdbx'	66	remote_file = argv[1]
69	target_file = expanduser('~/store.kdbx')	67	target_file = expanduser(f'~/{argv[1]}')
70	meta_file = expanduser('~/.store.kdbx.json')	68	meta_file = expanduser(f'~/.{argv[1]}.json')
71		69
72	upload_time = None	70	upload_time = None
73	our_last_upload_time = None	71	our_last_upload_time = None
@@ -117,22 +115,14 @@ in {
117	do_upload()	115	do_upload()
118	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501	116	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501
119	do_download()	117	do_download()
120	'');	118	''} \"%I\"";
121	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];	119	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
122	};	120	};
123	};	121	};
124	emacs = {	122	emacs = {
125	Unit = {	123	Unit = {
126	After = ["graphical-session-pre.target"];	124	After = [ "graphical-session.target" ];
127	};	125	BindsTo = [ "graphical-session.target" ];
128	};
129	dunst = {
130	Service = {
131	ExecStart = lib.mkForce "${cfg.services.dunst.package}/bin/dunst";
132	Restart = "always";
133	};
134	Install = {
135	WantedBy = ["graphical-session.target"];
136	};	126	};
137	};	127	};
138	keepassxc = {	128	keepassxc = {
@@ -144,8 +134,8 @@ in {
144	Environment = [ "QT_QPA_PLATFORM=wayland" ];	134	Environment = [ "QT_QPA_PLATFORM=wayland" ];
145	};	135	};
146	Unit = {	136	Unit = {
147	Requires = ["graphical-session-pre.target"];	137	After = [ "graphical-session.target" ];
148	After = ["graphical-session-pre.target"];	138	BindsTo = [ "graphical-session.target" ];
149	};	139	};
150	};	140	};
151	mpris-proxy = {	141	mpris-proxy = {
@@ -154,7 +144,7 @@ in {
154	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";	144	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
155	Install.WantedBy = [ "default.target" ];	145	Install.WantedBy = [ "default.target" ];
156	};	146	};
157	"autossh-socks@proxy.mathw0h:8119" = {	147	"autossh-socks@proxy.ssh.math.lmu.de:8119" = {
158	Service = {	148	Service = {
159	Type = "notify";	149	Type = "notify";
160	NotifyAccess = "all";	150	NotifyAccess = "all";
@@ -162,7 +152,7 @@ in {
162	Restart = "always";	152	Restart = "always";
163	RestartSec = "23s";	153	RestartSec = "23s";
164	ExecStart = "${autossh-socks-script} \"%I\"";	154	ExecStart = "${autossh-socks-script} \"%I\"";
165	Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];	155	Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
166	};	156	};
167	Unit = {	157	Unit = {
168	StopWhenUnneeded = true;	158	StopWhenUnneeded = true;
@@ -183,9 +173,36 @@ in {
183	StopWhenUnneeded = true;	173	StopWhenUnneeded = true;
184	};	174	};
185	};	175	};
186	swayidle = {	176	"autossh-socks@proxy.mathw0h:8123" = {
		177	Service = {
		178	Type = "notify";
		179	NotifyAccess = "all";
		180	WorkingDirectory = "~";
		181	Restart = "always";
		182	RestartSec = "23s";
		183	ExecStart = "${autossh-socks-script} \"%I\"";
		184	Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
		185	};
		186	Unit = {
		187	StopWhenUnneeded = true;
		188	StartLimitInterval = "180s";
		189	StartLimitBurst = 7;
		190	};
		191	};
		192	"autossh-socks@proxy.mathw0e:8125" = {
187	Service = {	193	Service = {
188	RuntimeDirectory = "swayidle";	194	Type = "notify";
		195	NotifyAccess = "all";
		196	WorkingDirectory = "~";
		197	Restart = "always";
		198	RestartSec = "23s";
		199	ExecStart = "${autossh-socks-script} \"%I\"";
		200	Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
		201	};
		202	Unit = {
		203	StopWhenUnneeded = true;
		204	StartLimitInterval = "180s";
		205	StartLimitBurst = 7;
189	};	206	};
190	};	207	};
191	psi-notify = {	208	psi-notify = {
@@ -193,8 +210,8 @@ in {
193	WantedBy = ["graphical-session.target"];	210	WantedBy = ["graphical-session.target"];
194	};	211	};
195	Unit = {	212	Unit = {
196	Requires = ["graphical-session-pre.target"];	213	After = [ "graphical-session.target" ];
197	After = ["graphical-session-pre.target"];	214	PartOf = [ "graphical-session.target" ];
198	};	215	};
199	Service = {	216	Service = {
200	ExecStart = lib.getExe pkgs.psi-notify;	217	ExecStart = lib.getExe pkgs.psi-notify;
@@ -207,6 +224,7 @@ in {
207	gtklock = {	224	gtklock = {
208	Unit = {	225	Unit = {
209	Requisite = ["graphical-session.target"];	226	Requisite = ["graphical-session.target"];
		227	After = [ "graphical-session.target" ];
210	PartOf = ["graphical-session.target"];	228	PartOf = ["graphical-session.target"];
211	};	229	};
212	Service = {	230	Service = {
@@ -214,53 +232,55 @@ in {
214	RuntimeDirectory = "gtklock";	232	RuntimeDirectory = "gtklock";
215	CacheDirectory = "gtklock";	233	CacheDirectory = "gtklock";
216	ExecStartPre = [	234	ExecStartPre = [
217	"${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"	235	"-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
218	"${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"	236	"-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
219	(pkgs.writeShellScript "generate-css" ''	237	"-${lib.getExe pkgs.playerctl} -a pause"
220	set -x	238	"-${lib.getExe (pkgs.writeShellApplication {
221	export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"	239	name = "generate-css";
222		240	runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
223	declare -A monitors	241	text = ''
224	monitors=()	242	declare -A monitors
225	while IFS= read -r entry; do	243	monitors=()
226	path=$(jq -r ".path" <<<"$entry")	244	while IFS= read -r entry; do
227	[[ -z "$path" \|\| ! -f "$path" ]] && continue	245	path=$(jq -r ".path" <<<"$entry")
228	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"	246	[[ -z "$path" \|\| ! -f "$path" ]] && continue
229	monitor=$(jq -r ".display" <<<"$entry")	247	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"
230	if [[ ! -f "$blurred_path" ]]; then	248	monitor=$(jq -r ".display" <<<"$entry")
231	mkdir -p "$(dirname "$blurred_path")"	249	if [[ ! -f "$blurred_path" ]]; then
232	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &	250	mkdir -p "$(dirname "$blurred_path")"
233	fi	251	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
234	monitors+=([$monitor]="$blurred_path")	252	fi
235	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")	253	monitors+=([$monitor]="$blurred_path")
236	wait	254	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")
		255	# wait
237		256
238	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''	257	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
239	#window-box {	258	#window-box {
240	padding: 64px;	259	padding: 64px;
241	/* border: 1px solid black; */	260	/* border: 1px solid black; */
242	border-radius: 4px;	261	border-radius: 4px;
243	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;	262	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
244	/* background-color: white; */	263	/* background-color: white; */
245	background-color: rgba(0, 0, 0, 0.5);	264	background-color: rgba(0, 0, 0, 0.5);
		265	}
		266	''} "$RUNTIME_DIRECTORY"/style.css
		267	for monitor in "''${!monitors[@]}"; do
		268	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
		269	window#''${monitor} {
		270	background-image: url("''${monitors[$monitor]}");
		271	background-repeat: no-repeat;
		272	background-size: 100% 100%;
		273	background-origin: content-box;
246	}	274	}
247	''} "$RUNTIME_DIRECTORY"/style.css	275	EOF
248	for monitor in "''${!monitors[@]}"; do	276	done
249	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF	277	'';
250	window#''${monitor} {	278	})}"
251	background-image: url("''${monitors[$monitor]}");
252	background-repeat: no-repeat;
253	background-size: 100% 100%;
254	background-origin: content-box;
255	}
256	EOF
257	done
258	'')
259	];	279	];
260	NotifyAccess = "all";	280	NotifyAccess = "all";
261	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''	281	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
262	${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off	282	${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
263	${config.systemd.package}/bin/systemd-notify --ready	283	${lib.getExe' config.systemd.package "systemd-notify"} --ready
264	''}'';	284	''}'';
265	};	285	};
266	};	286	};
@@ -308,30 +328,60 @@ in {
308	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";	328	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
309	};	329	};
310	};	330	};
311	wpaperd = {	331	# wpaperd = {
312	Install = {	332	# Install = {
313	WantedBy = ["graphical-session.target"];	333	# WantedBy = ["graphical-session.target"];
		334	# };
		335	# Unit = {
		336	# After = [ "graphical-session.target" ];
		337	# PartOf = [ "graphical-session.target" ];
		338	# };
		339	# Service = {
		340	# ExecStart = lib.getExe cfg.services.wpaperd.package;
		341	# Type = "simple";
		342	# Restart = "always";
		343	# RestartSec = "2s";
		344	# };
		345	# };
		346	xembed-sni-proxy = {
		347	Unit = {
		348	PartOf = lib.mkForce ["tray.target"];
314	};	349	};
		350	};
		351	poweralertd = {
315	Unit = {	352	Unit = {
316	BindsTo = ["graphical-session-pre.target"];	353	After = ["graphical-session.target"];
317	After = ["graphical-session-pre.target"];
318	};	354	};
319	Service = {	355	};
320	ExecStart = lib.getExe cfg.programs.wpaperd.package;	356	network-manager-applet = {
321	Type = "simple";	357	Unit = {
322	Restart = "always";	358	PartOf = lib.mkForce ["tray.target"];
323	RestartSec = "2s";	359	};
		360	};
		361	udiskie = {
		362	Unit = {
		363	PartOf = lib.mkForce ["tray.target"];
		364	};
		365	};
		366	blueman-applet = {
		367	Unit = {
		368	PartOf = lib.mkForce ["tray.target"];
		369	};
		370	Install = {
		371	WantedBy = lib.mkForce ["tray.target"];
324	};	372	};
325	};	373	};
326	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {	374	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
327	Unit = {	375	Unit = {
328	Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	376	BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
329	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	377	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
330	};	378	};
331	Service = {	379	Service = {
332	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";	380	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
		381	Restart = "always";
		382	RestartSec = "23s";
333	};	383	};
334	}) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);	384	}) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
335	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {	385	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
336	Socket = {	386	Socket = {
337	ListenStream = "%I";	387	ListenStream = "%I";
@@ -339,7 +389,7 @@ in {
339	Install = {	389	Install = {
340	WantedBy = ["default.target"];	390	WantedBy = ["default.target"];
341	};	391	};
342	}) [8118 8120]) // {	392	}) [8118 8120 8122 8124]) // {
343	"yt-dlp" = {	393	"yt-dlp" = {
344	Socket = {	394	Socket = {
345	SocketMode = "0600";	395	SocketMode = "0600";
@@ -353,7 +403,7 @@ in {
353	};	403	};
354	};	404	};
355	timers = {	405	timers = {
356	sync-keepass = {	406	"sync-keepass@store.kdbx" = {
357	Timer = {	407	Timer = {
358	OnActiveSec = "1m";	408	OnActiveSec = "1m";
359	OnUnitActiveSec = "1m";	409	OnUnitActiveSec = "1m";
@@ -363,6 +413,16 @@ in {
363	WantedBy = ["default.target"];	413	WantedBy = ["default.target"];
364	};	414	};
365	};	415	};
		416	"sync-keepass@rz.kdbx" = {
		417	Timer = {
		418	OnActiveSec = "1d";
		419	OnUnitActiveSec = "1d";
		420	};
		421
		422	Install = {
		423	WantedBy = ["default.target"];
		424	};
		425	};
366	};	426	};
367	targets = {	427	targets = {
368	graphical-session = {	428	graphical-session = {
@@ -373,6 +433,9 @@ in {
373	};	433	};
374	tray = {	434	tray = {
375	Unit = {	435	Unit = {
		436	PartOf = [ "graphical-session.target" ];
		437	# Requires = [ "waybar.service" ];
		438	After = [ "graphical-session.target" ]; # "waybar.service" ];
376	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];	439	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
377	};	440	};
378	};	441	};