{ pkgs, lib, config, userName, ... }: let inherit (lib) listToAttrs nameValuePair; xmobar = import ./xmobar pkgs.haskellPackages; cfg = config.home-manager.users.${userName}; autossh-socks-script = pkgs.writeScript "autossh" '' #!${pkgs.zsh}/bin/zsh -xe host="''${1%:*}" port="''${1#*:}" typeset -a cmd cmd=() if [[ -n "''${SSHPASS_SECRET}" ]]; then cmd+=(${pkgs.sshpassSecret}/bin/sshpass-secret) cmd+=("''${(@s/:/)SSHPASS_SECRET}") cmd+=(--) fi cmd+=(${pkgs.openssh}/bin/ssh -vN -D localhost:''${port} "''${host}") ( exec -a "''${cmd[1]}" -- ''${cmd} ) & pid=$! newpid="" i=200 while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do if ! kill -0 "''${pid}"; then wait "''${pid}" exit $? fi [[ "''${i}" -gt 0 ]] || exit 1 i=$((''${i} - 1)) ${pkgs.coreutils}/bin/sleep 0.1 done ${pkgs.systemd}/bin/systemd-notify --ready wait "''${pid}" "''${newpid}" ''; in { services = { sync-keepass = { Service = { Type = "oneshot"; WorkingDirectory = "~"; ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" {} '' import json import subprocess # from datetime import datetime res = None with subprocess.Popen(['rclone', 'lsjson', 'surtr:store.kdbx'], stdout=subprocess.PIPE) as proc: # noqa: E501 res = json.load(proc.stdout) print(res) ''); Environment = [ "RCLONE_PASSWORD_COMMAND=\"${pkgs.coreutils}/bin/cat ${config.sops.secrets.gkleen-rclone.path}\"" "PATH=${pkgs.rclone}/bin" ]; }; }; emacs = { Unit = { After = ["graphical-session-pre.target"]; }; }; taffybar = { Service = { Environment = with pkgs; "PATH=${worktime}/bin:${systemd}/bin"; }; }; dunst = { Service = { Restart = "always"; }; Install = { WantedBy = ["graphical-session.target"]; }; }; xiccd = { Service = { Type = "simple"; WorkingDirectory = "~"; ExecStart = "${pkgs.xiccd}/bin/xiccd"; Restart = "always"; }; }; "autossh-socks@proxy.mathw0h:8119" = { Service = { Type = "notify"; NotifyAccess = "all"; WorkingDirectory = "~"; Restart = "always"; RestartSec = "23s"; ExecStart = "${autossh-socks-script} \"%I\""; Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ]; }; Unit = { StopWhenUnneeded = true; StartLimitInterval = "180s"; StartLimitBurst = 7; }; }; "autossh-socks@proxy.vidhar:8121" = { Service = { Type = "notify"; NotifyAccess = "all"; WorkingDirectory = "~"; Restart = "always"; RestartSec = "2s"; ExecStart = "${autossh-socks-script} \"%I\""; }; Unit = { StopWhenUnneeded = true; }; }; } // listToAttrs (map ({host, port}: nameValuePair "proxy-to-autossh-socks@${toString port}" { Unit = { Requires = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"]; After = ["autossh-socks@${host}:${toString (port + 1)}.service" "proxy-to-autossh-socks@${toString port}.socket"]; }; Service = { ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=10s localhost:${toString (port + 1)}"; }; }) [{ host = "proxy.mathw0h"; port = 8118; } { host = "proxy.vidhar"; port = 8120; }]); sockets = listToAttrs (map (port: nameValuePair "proxy-to-autossh-socks@${toString port}" { Socket = { ListenStream = "%I"; }; Install = { WantedBy = ["default.target"]; }; }) [8118 8120]); timers = { sync-keepass = { Timer = { OnActiveSec = "1m"; OnUnitActiveSec = "1m"; }; Install = { WantedBy = ["default.target"]; }; }; }; targets = { graphical-session = { Unit = { BindsTo = ["default.target"]; After = ["basic.target"]; }; }; }; }