1 files changed, 164 insertions, 93 deletions
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index 33bf7ef2..18c2315f 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
  cfg = config.home-manager.users.${userName};
  autossh-socks-script = pkgs.writeScript "autossh" ''
-    #!${pkgs.zsh}/bin/zsh -xe
+    #!${lib.getExe pkgs.zsh} -xe
    host="''${1%:*}"
    port="''${1#*:}"
@@ -15,31 +15,29 @@ let
    cmd=()
    if [[ -n "''${SSHPASS_SECRET}" ]]; then
-      cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)
+      cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
      cmd+=("''${(@s/:/)SSHPASS_SECRET}")
      cmd+=(--)
    fi
-    cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")
+    cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
    ( exec -a "''${cmd[1]}" -- ''${cmd} ) &
    pid=$!
    newpid=""
    i=200
-    while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
+    while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
      if ! kill -0 "''${pid}"; then
        wait "''${pid}"
        exit $?
      fi
      [[ "''${i}" -gt 0 ]] || exit 1
      i=$((''${i} - 1))
-      ${pkgs.coreutils}/bin/sleep 0.1
+      ${lib.getExe' pkgs.coreutils "sleep"} 0.1
    done
-    ${config.systemd.package}/bin/systemd-notify --ready
+    ${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
-    wait "''${pid}" "''${newpid}"
  '';
 in {
  tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
  ];
  services = {
-    sync-keepass = {
+    "sync-keepass@" = {
      Service = {
        Type = "oneshot";
        WorkingDirectory = "~";
-        ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {
+        ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
          libraries = with pkgs.python3Packages; [ python-dateutil ];
        } ''
          import json
@@ -61,13 +59,13 @@ in {
          from datetime import datetime
          from dateutil.tz import tzlocal
          from dateutil.parser import isoparse
-          from sys import stderr
+          from sys import stderr, argv
-          remote_fs = 'surtr'
+          remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
-          remote_file = 'store.kdbx'
+          remote_file = argv[1]
-          target_file = expanduser('~/store.kdbx')
+          target_file = expanduser(f'~/{argv[1]}')
-          meta_file = expanduser('~/.store.kdbx.json')
+          meta_file = expanduser(f'~/.{argv[1]}.json')
          upload_time = None
          our_last_upload_time = None
@@ -117,22 +115,14 @@ in {
              do_upload()
          elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time):  # noqa: E501
              do_download()
-        '');
+        ''} \"%I\"";
        Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
      };
    };
    emacs = {
      Unit = {
-        After = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-      };
+        BindsTo = [ "graphical-session.target" ];
-    };
-    dunst = {
-      Service = {
-        ExecStart = lib.mkForce "${cfg.services.dunst.package}/bin/dunst";
-        Restart = "always";
-      };
-      Install = {
-        WantedBy = ["graphical-session.target"];
      };
    };
    keepassxc = {
@@ -144,8 +134,8 @@ in {
        Environment = [ "QT_QPA_PLATFORM=wayland" ];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        BindsTo = [ "graphical-session.target" ];
      };
    };
    mpris-proxy = {
@@ -154,7 +144,7 @@ in {
      Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
      Install.WantedBy = [ "default.target" ];
    };
-    "autossh-socks@proxy.mathw0h:8119" = {
+    "autossh-socks@proxy.ssh.math.lmu.de:8119" = {
      Service = {
        Type = "notify";
        NotifyAccess = "all";
@@ -162,7 +152,7 @@ in {
        Restart = "always";
        RestartSec = "23s";
        ExecStart = "${autossh-socks-script} \"%I\"";
-        Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
+        Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
      };
      Unit = {
        StopWhenUnneeded = true;
@@ -183,6 +173,38 @@ in {
        StopWhenUnneeded = true;
      };
    };
+    "autossh-socks@proxy.mathw0h:8123" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
+      };
+    };
+    "autossh-socks@proxy.mathw0e:8125" = {
+      Service = {
+        Type = "notify";
+        NotifyAccess = "all";
+        WorkingDirectory = "~";
+        Restart = "always";
+        RestartSec = "23s";
+        ExecStart = "${autossh-socks-script} \"%I\"";
+        Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
+      };
+      Unit = {
+        StopWhenUnneeded = true;
+        StartLimitInterval = "180s";
+        StartLimitBurst = 7;
+      };
+    };
    swayidle = {
      Service = {
        RuntimeDirectory = "swayidle";
@@ -193,8 +215,8 @@ in {
        WantedBy = ["graphical-session.target"];
      };
      Unit = {
-        Requires = ["graphical-session-pre.target"];
+        After = [ "graphical-session.target" ];
-        After = ["graphical-session-pre.target"];
+        PartOf = [ "graphical-session.target" ];
      };
      Service = {
        ExecStart = lib.getExe pkgs.psi-notify;
@@ -204,23 +226,10 @@ in {
        WatchdogSec = "2s";
      };
    };
-    polkit-gnome-authentication-agent-1 = {
-      Install = {
-        WantedBy = ["graphical-session.target"];
-      };
-      Unit = {
-        PartOf = ["graphical-session.target"];
-        Requires = ["graphical-session-pre.target"];
-        After = ["graphical-session-pre.target"];
-      };
-      Service = {
-        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
-        Restart = "on-failure";
-      };
-    };
    gtklock = {
      Unit = {
        Requisite = ["graphical-session.target"];
+        After = [ "graphical-session.target" ];
        PartOf = ["graphical-session.target"];
      };
      Service = {
@@ -228,53 +237,55 @@ in {
        RuntimeDirectory = "gtklock";
        CacheDirectory = "gtklock";
        ExecStartPre = [
-          "${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
+          "-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
-          "${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"
+          "-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
-          (pkgs.writeShellScript "generate-css" ''
+          "-${lib.getExe pkgs.playerctl} -a pause"
-            set -x
+          "-${lib.getExe (pkgs.writeShellApplication {
-            export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"
+            name = "generate-css";
+            runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
+            text = ''
+              declare -A monitors
+              monitors=()
+              while IFS= read -r entry; do
+                  path=$(jq -r ".path" <<<"$entry")
+                  [[ -z "$path" || ! -f "$path" ]] && continue
+                  blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
+                  monitor=$(jq -r ".display" <<<"$entry")
+                  if [[ ! -f "$blurred_path" ]]; then
+                      mkdir -p "$(dirname "$blurred_path")"
+                      magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
+                  fi
+                  monitors+=([$monitor]="$blurred_path")
+              done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+              # wait
-            declare -A monitors
+              cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
-            monitors=()
+                #window-box {
-            while IFS= read -r entry; do
+                  padding: 64px;
-                path=$(jq -r ".path" <<<"$entry")
+                  /* border: 1px solid black; */
-                [[ -z "$path" || ! -f "$path" ]] && continue
+                  border-radius: 4px;
-                blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" | cut -d' ' -f1)"."''${path##*.}"
+                  box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
-                monitor=$(jq -r ".display" <<<"$entry")
+                  /* background-color: white; */
-                if [[ ! -f "$blurred_path" ]]; then
+                  background-color: rgba(0, 0, 0, 0.5);
-                    mkdir -p "$(dirname "$blurred_path")"
+                }
-                    magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
+              ''} "$RUNTIME_DIRECTORY"/style.css
-                fi
+              for monitor in "''${!monitors[@]}"; do
-                monitors+=([$monitor]="$blurred_path")
+              cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
-            done < <(wpaperctl all-wallpapers -j | jq -c ".[]")
+              window#''${monitor} {
-            wait
+                background-image: url("''${monitors[$monitor]}");
+                background-repeat: no-repeat;
-            cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
+                background-size: 100% 100%;
-              #window-box {
+                background-origin: content-box;
-                padding: 64px;
-                /* border: 1px solid black; */
-                border-radius: 4px;
-                box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
-                /* background-color: white; */
-                background-color: rgba(0, 0, 0, 0.5);
              }
-            ''} "$RUNTIME_DIRECTORY"/style.css
+              EOF
-            for monitor in "''${!monitors[@]}"; do
+              done
-            cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
+            '';
-            window#''${monitor} {
+          })}"
-              background-image: url("''${monitors[$monitor]}");
-              background-repeat: no-repeat;
-              background-size: 100% 100%;
-              background-origin: content-box;
-            }
-            EOF
-            done
-          '')
        ];
        NotifyAccess = "all";
        ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
-          ${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off
+          ${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
-          ${config.systemd.package}/bin/systemd-notify --ready
+          ${lib.getExe' config.systemd.package "systemd-notify"} --ready
        ''}'';
      };
    };
@@ -322,15 +333,62 @@ in {
        ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
      };
    };
+    # wpaperd = {
+    #   Install = {
+    #     WantedBy = ["graphical-session.target"];
+    #   };
+    #   Unit = {
+    #     After = [ "graphical-session.target" ];
+    #     PartOf = [ "graphical-session.target" ];
+    #   };
+    #   Service = {
+    #     ExecStart = lib.getExe cfg.services.wpaperd.package;
+    #     Type = "simple";
+    #     Restart = "always";
+    #     RestartSec = "2s";
+    #   };
+    # };
+    xembed-sni-proxy = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+        BindsTo = ["xwayland-satellite.service"];
+        After = ["xwayland-satellite.service"];
+      };
+    };
+    poweralertd = {
+      Unit = {
+        After = ["graphical-session.target"];
+      };
+    };
+    network-manager-applet = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+    };
+    udiskie = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+    };
+    blueman-applet = {
+      Unit = {
+        PartOf = lib.mkForce ["tray.target"];
+      };
+      Install = {
+        WantedBy = lib.mkForce ["tray.target"];
+      };
+    };
  } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
      Unit = {
-        Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
+        BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
        After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
      };
      Service = {
-        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";
+        ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
+        Restart = "always";
+        RestartSec = "23s";
      };
-  }) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);
+  }) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
  sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
    Socket = {
      ListenStream = "%I";
@@ -338,7 +396,7 @@ in {
    Install = {
      WantedBy = ["default.target"];
    };
-  }) [8118 8120]) // {
+  }) [8118 8120 8122 8124]) // {
    "yt-dlp" = {
      Socket = {
        SocketMode = "0600";
@@ -352,7 +410,7 @@ in {
    };
  };
  timers = {
-    sync-keepass = {
+    "sync-keepass@store.kdbx" = {
      Timer = {
        OnActiveSec = "1m";
        OnUnitActiveSec = "1m";
@@ -362,6 +420,16 @@ in {
        WantedBy = ["default.target"];
      };
    };
+    "sync-keepass@rz.kdbx" = {
+      Timer = {
+        OnActiveSec = "1d";
+        OnUnitActiveSec = "1d";
+      };
+      Install = {
+        WantedBy = ["default.target"];
+      };
+    };
  };
  targets = {
    graphical-session = {
@@ -372,6 +440,9 @@ in {
    };
    tray = {
      Unit = {
+        PartOf = [ "graphical-session.target" ];
+        Requires = [ "waybar.service" ];
+        After = [ "graphical-session.target" "waybar.service" ];
        Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
      };
    };

diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 33bf7ef2..18c2315f 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix
@@ -6,7 +6,7 @@ let
6	cfg = config.home-manager.users.${userName};	6	cfg = config.home-manager.users.${userName};
7		7
8	autossh-socks-script = pkgs.writeScript "autossh" ''	8	autossh-socks-script = pkgs.writeScript "autossh" ''
9	#!${pkgs.zsh}/bin/zsh -xe	9	#!${lib.getExe pkgs.zsh} -xe
10		10
11	host="''${1%:*}"	11	host="''${1%:*}"
12	port="''${1#*:}"	12	port="''${1#*:}"
@@ -15,31 +15,29 @@ let
15	cmd=()	15	cmd=()
16		16
17	if [[ -n "''${SSHPASS_SECRET}" ]]; then	17	if [[ -n "''${SSHPASS_SECRET}" ]]; then
18	cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret)	18	cmd+=(${lib.getExe' pkgs.sshpassSecret "sshpass-secret"})
19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")	19	cmd+=("''${(@s/:/)SSHPASS_SECRET}")
20	cmd+=(--)	20	cmd+=(--)
21	fi	21	fi
22		22
23	cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}")	23	cmd+=(${lib.getExe' pkgs.openssh "ssh"} -vN -D 127.0.0.1:''${port} "''${host}")
24		24
25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &	25	( exec -a "''${cmd[1]}" -- ''${cmd} ) &
26	pid=$!	26	pid=$!
27		27
28	newpid=""	28	newpid=""
29	i=200	29	i=200
30	while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do	30	while ! newpid=$(${lib.getExe pkgs.lsof} -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
31	if ! kill -0 "''${pid}"; then	31	if ! kill -0 "''${pid}"; then
32	wait "''${pid}"	32	wait "''${pid}"
33	exit $?	33	exit $?
34	fi	34	fi
35	[[ "''${i}" -gt 0 ]] \|\| exit 1	35	[[ "''${i}" -gt 0 ]] \|\| exit 1
36	i=$((''${i} - 1))	36	i=$((''${i} - 1))
37	${pkgs.coreutils}/bin/sleep 0.1	37	${lib.getExe' pkgs.coreutils "sleep"} 0.1
38	done	38	done
39		39
40	${config.systemd.package}/bin/systemd-notify --ready	40	${lib.getExe' config.systemd.package "systemd-notify"} --pid=''${newpid} --ready
41
42	wait "''${pid}" "''${newpid}"
43	'';	41	'';
44	in {	42	in {
45	tmpfiles.rules = [	43	tmpfiles.rules = [
@@ -48,11 +46,11 @@ in {
48	];	46	];
49		47
50	services = {	48	services = {
51	sync-keepass = {	49	"sync-keepass@" = {
52	Service = {	50	Service = {
53	Type = "oneshot";	51	Type = "oneshot";
54	WorkingDirectory = "~";	52	WorkingDirectory = "~";
55	ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {	53	ExecStart = "${pkgs.writers.writePython3 "sync-keepass" {
56	libraries = with pkgs.python3Packages; [ python-dateutil ];	54	libraries = with pkgs.python3Packages; [ python-dateutil ];
57	} ''	55	} ''
58	import json	56	import json
@@ -61,13 +59,13 @@ in {
61	from datetime import datetime	59	from datetime import datetime
62	from dateutil.tz import tzlocal	60	from dateutil.tz import tzlocal
63	from dateutil.parser import isoparse	61	from dateutil.parser import isoparse
64	from sys import stderr	62	from sys import stderr, argv
65		63
66		64
67	remote_fs = 'surtr'	65	remote_fs = 'surtr' if argv[1] == 'store.kdbx' else 'mathcloud'
68	remote_file = 'store.kdbx'	66	remote_file = argv[1]
69	target_file = expanduser('~/store.kdbx')	67	target_file = expanduser(f'~/{argv[1]}')
70	meta_file = expanduser('~/.store.kdbx.json')	68	meta_file = expanduser(f'~/.{argv[1]}.json')
71		69
72	upload_time = None	70	upload_time = None
73	our_last_upload_time = None	71	our_last_upload_time = None
@@ -117,22 +115,14 @@ in {
117	do_upload()	115	do_upload()
118	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501	116	elif upload_time is not None and (mod_time is None or upload_time > mod_time) and (our_last_upload_time is None or upload_time > our_last_upload_time): # noqa: E501
119	do_download()	117	do_download()
120	'');	118	''} \"%I\"";
121	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];	119	Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ];
122	};	120	};
123	};	121	};
124	emacs = {	122	emacs = {
125	Unit = {	123	Unit = {
126	After = ["graphical-session-pre.target"];	124	After = [ "graphical-session.target" ];
127	};	125	BindsTo = [ "graphical-session.target" ];
128	};
129	dunst = {
130	Service = {
131	ExecStart = lib.mkForce "${cfg.services.dunst.package}/bin/dunst";
132	Restart = "always";
133	};
134	Install = {
135	WantedBy = ["graphical-session.target"];
136	};	126	};
137	};	127	};
138	keepassxc = {	128	keepassxc = {
@@ -144,8 +134,8 @@ in {
144	Environment = [ "QT_QPA_PLATFORM=wayland" ];	134	Environment = [ "QT_QPA_PLATFORM=wayland" ];
145	};	135	};
146	Unit = {	136	Unit = {
147	Requires = ["graphical-session-pre.target"];	137	After = [ "graphical-session.target" ];
148	After = ["graphical-session-pre.target"];	138	BindsTo = [ "graphical-session.target" ];
149	};	139	};
150	};	140	};
151	mpris-proxy = {	141	mpris-proxy = {
@@ -154,7 +144,7 @@ in {
154	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";	144	Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
155	Install.WantedBy = [ "default.target" ];	145	Install.WantedBy = [ "default.target" ];
156	};	146	};
157	"autossh-socks@proxy.mathw0h:8119" = {	147	"autossh-socks@proxy.ssh.math.lmu.de:8119" = {
158	Service = {	148	Service = {
159	Type = "notify";	149	Type = "notify";
160	NotifyAccess = "all";	150	NotifyAccess = "all";
@@ -162,7 +152,7 @@ in {
162	Restart = "always";	152	Restart = "always";
163	RestartSec = "23s";	153	RestartSec = "23s";
164	ExecStart = "${autossh-socks-script} \"%I\"";	154	ExecStart = "${autossh-socks-script} \"%I\"";
165	Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];	155	Environment = [ "SSHPASS_SECRET=gkleen@ssh.math.lmu.de" ];
166	};	156	};
167	Unit = {	157	Unit = {
168	StopWhenUnneeded = true;	158	StopWhenUnneeded = true;
@@ -183,6 +173,38 @@ in {
183	StopWhenUnneeded = true;	173	StopWhenUnneeded = true;
184	};	174	};
185	};	175	};
		176	"autossh-socks@proxy.mathw0h:8123" = {
		177	Service = {
		178	Type = "notify";
		179	NotifyAccess = "all";
		180	WorkingDirectory = "~";
		181	Restart = "always";
		182	RestartSec = "23s";
		183	ExecStart = "${autossh-socks-script} \"%I\"";
		184	Environment = [ "SSHPASS_SECRET=gkleen@mathw0h.mathinst.loc" ];
		185	};
		186	Unit = {
		187	StopWhenUnneeded = true;
		188	StartLimitInterval = "180s";
		189	StartLimitBurst = 7;
		190	};
		191	};
		192	"autossh-socks@proxy.mathw0e:8125" = {
		193	Service = {
		194	Type = "notify";
		195	NotifyAccess = "all";
		196	WorkingDirectory = "~";
		197	Restart = "always";
		198	RestartSec = "23s";
		199	ExecStart = "${autossh-socks-script} \"%I\"";
		200	Environment = [ "SSHPASS_SECRET=gkleen@mathw0e.mathinst.loc" ];
		201	};
		202	Unit = {
		203	StopWhenUnneeded = true;
		204	StartLimitInterval = "180s";
		205	StartLimitBurst = 7;
		206	};
		207	};
186	swayidle = {	208	swayidle = {
187	Service = {	209	Service = {
188	RuntimeDirectory = "swayidle";	210	RuntimeDirectory = "swayidle";
@@ -193,8 +215,8 @@ in {
193	WantedBy = ["graphical-session.target"];	215	WantedBy = ["graphical-session.target"];
194	};	216	};
195	Unit = {	217	Unit = {
196	Requires = ["graphical-session-pre.target"];	218	After = [ "graphical-session.target" ];
197	After = ["graphical-session-pre.target"];	219	PartOf = [ "graphical-session.target" ];
198	};	220	};
199	Service = {	221	Service = {
200	ExecStart = lib.getExe pkgs.psi-notify;	222	ExecStart = lib.getExe pkgs.psi-notify;
@@ -204,23 +226,10 @@ in {
204	WatchdogSec = "2s";	226	WatchdogSec = "2s";
205	};	227	};
206	};	228	};
207	polkit-gnome-authentication-agent-1 = {
208	Install = {
209	WantedBy = ["graphical-session.target"];
210	};
211	Unit = {
212	PartOf = ["graphical-session.target"];
213	Requires = ["graphical-session-pre.target"];
214	After = ["graphical-session-pre.target"];
215	};
216	Service = {
217	ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
218	Restart = "on-failure";
219	};
220	};
221	gtklock = {	229	gtklock = {
222	Unit = {	230	Unit = {
223	Requisite = ["graphical-session.target"];	231	Requisite = ["graphical-session.target"];
		232	After = [ "graphical-session.target" ];
224	PartOf = ["graphical-session.target"];	233	PartOf = ["graphical-session.target"];
225	};	234	};
226	Service = {	235	Service = {
@@ -228,53 +237,55 @@ in {
228	RuntimeDirectory = "gtklock";	237	RuntimeDirectory = "gtklock";
229	CacheDirectory = "gtklock";	238	CacheDirectory = "gtklock";
230	ExecStartPre = [	239	ExecStartPre = [
231	"${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"	240	"-${lib.getExe' pkgs.libsForQt5.qt5.qttools.bin "qdbus"} org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow.lockAllDatabases"
232	"${config.systemd.package}/bin/systemctl --user stop gpg-agent.service"	241	"-${lib.getExe' config.systemd.package "systemctl"} --user stop gpg-agent.service"
233	(pkgs.writeShellScript "generate-css" ''	242	"-${lib.getExe pkgs.playerctl} -a pause"
234	set -x	243	"-${lib.getExe (pkgs.writeShellApplication {
235	export PATH="${lib.makeBinPath [cfg.programs.wpaperd.package pkgs.jq pkgs.coreutils pkgs.imagemagick pkgs.findutils]}:$PATH"	244	name = "generate-css";
		245	runtimeInputs = with pkgs; [cfg.services.wpaperd.package jq coreutils imagemagick findutils];
		246	text = ''
		247	declare -A monitors
		248	monitors=()
		249	while IFS= read -r entry; do
		250	path=$(jq -r ".path" <<<"$entry")
		251	[[ -z "$path" \|\| ! -f "$path" ]] && continue
		252	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"
		253	monitor=$(jq -r ".display" <<<"$entry")
		254	if [[ ! -f "$blurred_path" ]]; then
		255	mkdir -p "$(dirname "$blurred_path")"
		256	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &
		257	fi
		258	monitors+=([$monitor]="$blurred_path")
		259	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")
		260	# wait
236		261
237	declare -A monitors	262	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''
238	monitors=()	263	#window-box {
239	while IFS= read -r entry; do	264	padding: 64px;
240	path=$(jq -r ".path" <<<"$entry")	265	/* border: 1px solid black; */
241	[[ -z "$path" \|\| ! -f "$path" ]] && continue	266	border-radius: 4px;
242	blurred_path="$CACHE_DIRECTORY"/"$(b2sum -l 128 <<<"$path" \| cut -d' ' -f1)"."''${path##*.}"	267	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
243	monitor=$(jq -r ".display" <<<"$entry")	268	/* background-color: white; */
244	if [[ ! -f "$blurred_path" ]]; then	269	background-color: rgba(0, 0, 0, 0.5);
245	mkdir -p "$(dirname "$blurred_path")"	270	}
246	magick "$path" -filter Gaussian -resize 6.25% -define filter:sigma=2.5 -resize 1600% "$blurred_path" &	271	''} "$RUNTIME_DIRECTORY"/style.css
247	fi	272	for monitor in "''${!monitors[@]}"; do
248	monitors+=([$monitor]="$blurred_path")	273	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF
249	done < <(wpaperctl all-wallpapers -j \| jq -c ".[]")	274	window#''${monitor} {
250	wait	275	background-image: url("''${monitors[$monitor]}");
251		276	background-repeat: no-repeat;
252	cp --no-preserve=mode ${pkgs.writeText "gtklock.css" ''	277	background-size: 100% 100%;
253	#window-box {	278	background-origin: content-box;
254	padding: 64px;
255	/* border: 1px solid black; */
256	border-radius: 4px;
257	box-shadow: rgba(0, 0, 0, 0.8) 0px 4px 12px;
258	/* background-color: white; */
259	background-color: rgba(0, 0, 0, 0.5);
260	}	279	}
261	''} "$RUNTIME_DIRECTORY"/style.css	280	EOF
262	for monitor in "''${!monitors[@]}"; do	281	done
263	cat >>"$RUNTIME_DIRECTORY"/style.css <<EOF	282	'';
264	window#''${monitor} {	283	})}"
265	background-image: url("''${monitors[$monitor]}");
266	background-repeat: no-repeat;
267	background-size: 100% 100%;
268	background-origin: content-box;
269	}
270	EOF
271	done
272	'')
273	];	284	];
274	NotifyAccess = "all";	285	NotifyAccess = "all";
275	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''	286	ExecStart = ''${lib.getExe pkgs.gtklock} -s "''${RUNTIME_DIRECTORY}/style.css" -L ${pkgs.writeShellScript "after-lock" ''
276	${cfg.wayland.windowManager.hyprland.package}/bin/hyprctl dispatch dpms off	287	${lib.getExe cfg.programs.niri.package} msg action power-off-monitors
277	${config.systemd.package}/bin/systemd-notify --ready	288	${lib.getExe' config.systemd.package "systemd-notify"} --ready
278	''}'';	289	''}'';
279	};	290	};
280	};	291	};
@@ -322,15 +333,62 @@ in {
322	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";	333	ExecStopPost = "${pkgs.coreutils}/bin/rm -rfv \"$CACHE_DIRECTORY\"";
323	};	334	};
324	};	335	};
		336	# wpaperd = {
		337	# Install = {
		338	# WantedBy = ["graphical-session.target"];
		339	# };
		340	# Unit = {
		341	# After = [ "graphical-session.target" ];
		342	# PartOf = [ "graphical-session.target" ];
		343	# };
		344	# Service = {
		345	# ExecStart = lib.getExe cfg.services.wpaperd.package;
		346	# Type = "simple";
		347	# Restart = "always";
		348	# RestartSec = "2s";
		349	# };
		350	# };
		351	xembed-sni-proxy = {
		352	Unit = {
		353	PartOf = lib.mkForce ["tray.target"];
		354	BindsTo = ["xwayland-satellite.service"];
		355	After = ["xwayland-satellite.service"];
		356	};
		357	};
		358	poweralertd = {
		359	Unit = {
		360	After = ["graphical-session.target"];
		361	};
		362	};
		363	network-manager-applet = {
		364	Unit = {
		365	PartOf = lib.mkForce ["tray.target"];
		366	};
		367	};
		368	udiskie = {
		369	Unit = {
		370	PartOf = lib.mkForce ["tray.target"];
		371	};
		372	};
		373	blueman-applet = {
		374	Unit = {
		375	PartOf = lib.mkForce ["tray.target"];
		376	};
		377	Install = {
		378	WantedBy = lib.mkForce ["tray.target"];
		379	};
		380	};
325	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {	381	} // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" {
326	Unit = {	382	Unit = {
327	Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	383	BindsTo = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
328	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];	384	After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"];
329	};	385	};
330	Service = {	386	Service = {
331	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}";	387	ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd --exit-idle-time=60s 127.0.0.1:${toString (port + 1)}";
		388	Restart = "always";
		389	RestartSec = "23s";
332	};	390	};
333	}) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]);	391	}) [{ host = "proxy.ssh.math.lmu.de"; port = 8118; } { host = "proxy.vidhar"; port = 8120; } { host = "proxy.mathw0h"; port = 8122; } { host = "proxy.mathw0e"; port = 8124; }]);
334	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {	392	sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" {
335	Socket = {	393	Socket = {
336	ListenStream = "%I";	394	ListenStream = "%I";
@@ -338,7 +396,7 @@ in {
338	Install = {	396	Install = {
339	WantedBy = ["default.target"];	397	WantedBy = ["default.target"];
340	};	398	};
341	}) [8118 8120]) // {	399	}) [8118 8120 8122 8124]) // {
342	"yt-dlp" = {	400	"yt-dlp" = {
343	Socket = {	401	Socket = {
344	SocketMode = "0600";	402	SocketMode = "0600";
@@ -352,7 +410,7 @@ in {
352	};	410	};
353	};	411	};
354	timers = {	412	timers = {
355	sync-keepass = {	413	"sync-keepass@store.kdbx" = {
356	Timer = {	414	Timer = {
357	OnActiveSec = "1m";	415	OnActiveSec = "1m";
358	OnUnitActiveSec = "1m";	416	OnUnitActiveSec = "1m";
@@ -362,6 +420,16 @@ in {
362	WantedBy = ["default.target"];	420	WantedBy = ["default.target"];
363	};	421	};
364	};	422	};
		423	"sync-keepass@rz.kdbx" = {
		424	Timer = {
		425	OnActiveSec = "1d";
		426	OnUnitActiveSec = "1d";
		427	};
		428
		429	Install = {
		430	WantedBy = ["default.target"];
		431	};
		432	};
365	};	433	};
366	targets = {	434	targets = {
367	graphical-session = {	435	graphical-session = {
@@ -372,6 +440,9 @@ in {
372	};	440	};
373	tray = {	441	tray = {
374	Unit = {	442	Unit = {
		443	PartOf = [ "graphical-session.target" ];
		444	Requires = [ "waybar.service" ];
		445	After = [ "graphical-session.target" "waybar.service" ];
375	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];	446	Wants = ["blueman-applet.service" "udiskie.service" "network-manager-applet.service"];
376	};	447	};
377	};	448	};