From 4c0991c7e1a7670526ec2331c0def1a5ae46e918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 17:10:30 +0200 Subject: [PATCH] Put always hibernate behind a flag Hibernation is now a core option: ``` pub-solar.core.hibernation.enable = true; ``` And there's a paranoia mode, that keeps the disk encrypted as much as possible by enabling hibernation and removing the options for sleep, screen locking. Idle locking now hibernates, and it does it on very short notice. --- modules/core/boot.nix | 10 ++++- modules/paranoia/default.nix | 24 +++++++++++ .../config/config.d/custom-keybindings.conf | 19 --------- .../sway/config/config.d/mode_system.conf.nix | 21 ++++++++++ modules/sway/default.nix | 40 ++++++++++--------- modules/sway/gammastep.service.nix | 2 +- modules/sway/libinput-gestures.service.nix | 2 +- modules/sway/mako.service.nix | 2 +- modules/sway/sway-session.target.nix | 2 +- modules/sway/sway.service.nix | 2 +- modules/sway/swayidle.service.nix | 15 +++++-- modules/sway/waybar.service.nix | 2 +- modules/sway/xsettingsd.service.nix | 2 +- modules/sway/ydotool.service.nix | 2 +- pkgs/default.nix | 1 + pkgs/swaylock-bg.nix | 20 ++++++++++ 16 files changed, 115 insertions(+), 51 deletions(-) create mode 100644 modules/paranoia/default.nix create mode 100644 modules/sway/config/config.d/mode_system.conf.nix create mode 100644 pkgs/swaylock-bg.nix diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 99b6d76..6f93fab 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -16,6 +16,14 @@ in description = "Whether it should be assumed that there is a cryptroot device"; }; + options.pub-solar.core.hibernation = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; + }; + }; + config = { boot = { # Enable plymouth for better experience of booting @@ -30,7 +38,7 @@ in }; }; - resumeDevice = "/swapfile"; + resumeDevice = mkIf cfg.core.hibernation.enable "/swapfile"; loader.systemd-boot.enable = true; diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix new file mode 100644 index 0000000..ec530fc --- /dev/null +++ b/modules/paranoia/default.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.paranoia; +in +{ + options.pub-solar.paranoia = { + enable = mkOption { + description = '' + Only offer hibernation instead of screen locking and sleeping. This only makes sense + if your hard drive is encrypted, and ensures that the contents of your drive are + encrypted if you are not actively using the device. + ''; + default = false; + type = types.bool; + }; + }; + + config = mkIf cfg.enable { + pub-solar.core.allow-hibernation = true; + }; +} diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index fdeac97..659a466 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -31,22 +31,3 @@ bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep # Launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher bindsym $mod+Space exec $menu - -# Set shut down, restart and locking features -set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown -bindsym $mod+0 mode "$mode_system" -mode "$mode_system" { - bindsym e exec swaymsg exit, mode "default" -#======= - bindsym l exec swaylock-bg, mode "default" - bindsym e exec systemctl --user stop graphical-session.target, mode "default" - bindsym s exec systemctl suspend, mode "default" -#>>>>>>> main - bindsym h exec systemctl hibernate, mode "default" - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" - - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" -} diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix new file mode 100644 index 0000000..ef11a46 --- /dev/null +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -0,0 +1,21 @@ +{ psCfg, ... }: '' +# Set shut down, restart and locking features +set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown +bindsym $mod+0 mode "$mode_system" +mode "$mode_system" { + bindsym e exec swaymsg exit, mode "default" +'' + (if !psCfg.core.allow-hibernation then '' + bindsym h exec systemctl hibernate, mode "default" +'' else "") + + (if !psCfg.paranoia.enable then '' + bindsym l exec swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" +'' else "") + '' + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" + + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" +} +'' diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 59b6ff0..2872a3b 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -2,25 +2,26 @@ with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.sway; in { options.pub-solar.sway = { enable = mkEnableOption "Life in boxes"; - }; - options.pub-solar.sway.terminal = mkOption { - type = types.nullOr types.str; - default = "alacritty"; - description = "Choose sway's default terminal"; - }; - options.pub-solar.sway.v4l2loopback.enable = mkOption { - type = types.bool; - default = true; - description = "WebCam streaming tool"; + + terminal = mkOption { + type = types.nullOr types.str; + default = "alacritty"; + description = "Choose sway's default terminal"; + }; + + v4l2loopback.enable = mkOption { + type = types.bool; + default = true; + description = "WebCam streaming tool"; + }; }; - config = mkIf cfg.enable (mkMerge [ - (mkIf (cfg.v4l2loopback.enable) { + config = mkIf psCfg.sway.enable (mkMerge [ + (mkIf (psCfg.sway.v4l2loopback.enable) { boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; boot.kernelModules = [ "v4l2loopback" ]; boot.extraModprobeConfig = '' @@ -84,18 +85,19 @@ in programs.waybar.enable = true; #programs.waybar.systemd.enable = true; - systemd.user.services.mako = import ./mako.service.nix pkgs; - systemd.user.services.sway = import ./sway.service.nix pkgs; - systemd.user.services.swayidle = import ./swayidle.service.nix pkgs; - systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs; - systemd.user.services.waybar = import ./waybar.service.nix pkgs; - systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs; + systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; }; + systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; }; + systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; }; + systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; }; + systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; }; + systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; }; xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.config.nix { inherit psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; }; diff --git a/modules/sway/gammastep.service.nix b/modules/sway/gammastep.service.nix index f59edf0..3960d1a 100644 --- a/modules/sway/gammastep.service.nix +++ b/modules/sway/gammastep.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "set color temperature of display according to time of day"; diff --git a/modules/sway/libinput-gestures.service.nix b/modules/sway/libinput-gestures.service.nix index c4c860d..798d10d 100644 --- a/modules/sway/libinput-gestures.service.nix +++ b/modules/sway/libinput-gestures.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Actions gestures on your touchpad using libinput"; diff --git a/modules/sway/mako.service.nix b/modules/sway/mako.service.nix index 190b986..b155e14 100644 --- a/modules/sway/mako.service.nix +++ b/modules/sway/mako.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Lightweight Wayland notification daemon"; diff --git a/modules/sway/sway-session.target.nix b/modules/sway/sway-session.target.nix index 3eb4d24..7b25376 100644 --- a/modules/sway/sway-session.target.nix +++ b/modules/sway/sway-session.target.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway compositor session"; diff --git a/modules/sway/sway.service.nix b/modules/sway/sway.service.nix index 95efc3e..0d0d782 100644 --- a/modules/sway/sway.service.nix +++ b/modules/sway/sway.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway - SirCmpwn's Wayland window manager"; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 61f3259..3b87c61 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, psCfg, ... }: { Unit = { Description = "Idle manager for Wayland"; @@ -10,9 +10,16 @@ pkgs: Service = { Type = "simple"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; - ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 150 'swaymsg "output * dpms off"' \ - timeout 300 'systemctl hibernate' \ + ExecStart = if psCfg.paranoia.enable then '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 120 'swaymsg "output * dpms off"' \ + timeout 150 'systemctl hibernate' \ + '' else '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 600 'swaylock-bg' \ + timeout 900 'swaymsg "output * dpms off"' \ + resume 'swaymsg "output * dpms on"' \ + before-sleep 'swaylock-bg' ''; }; Install = { diff --git a/modules/sway/waybar.service.nix b/modules/sway/waybar.service.nix index ee5e893..98b8ed3 100644 --- a/modules/sway/waybar.service.nix +++ b/modules/sway/waybar.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors."; diff --git a/modules/sway/xsettingsd.service.nix b/modules/sway/xsettingsd.service.nix index 0d729cb..db3e842 100644 --- a/modules/sway/xsettingsd.service.nix +++ b/modules/sway/xsettingsd.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "X Settings Daemon"; diff --git a/modules/sway/ydotool.service.nix b/modules/sway/ydotool.service.nix index d53bfcd..24b6443 100644 --- a/modules/sway/ydotool.service.nix +++ b/modules/sway/ydotool.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "ydotool - Generic command-line automation tool (no X!)"; diff --git a/pkgs/default.nix b/pkgs/default.nix index 1b04f37..28e513b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,6 +12,7 @@ with final; { s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); + swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); diff --git a/pkgs/swaylock-bg.nix b/pkgs/swaylock-bg.nix new file mode 100644 index 0000000..b55c32a --- /dev/null +++ b/pkgs/swaylock-bg.nix @@ -0,0 +1,20 @@ +self: with self; '' + # Dependencies: + # swaylock + + # Make sure we aren't running twice + RUNNING=$(ps -A | grep swaylock | wc -l) + if [ $RUNNING -ne 0 ]; then + exit 0 + fi + + IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg + LOCKARGS="" + + for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'` + do + LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" + IMAGES="''${IMAGES} ''${IMAGE}" + done + exec ${swaylock}/bin/swaylock $LOCKARGS +''