From 578f05b4f16e2aed4a1a862e764c981081aff72d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Wed, 12 Jan 2022 17:39:16 +0100 Subject: [PATCH 01/23] Always hibernate --- .../config/config.d/custom-keybindings.conf | 4 +--- modules/sway/swayidle.service.nix | 8 +++----- pkgs/default.nix | 1 - pkgs/swaylock-bg.nix | 20 ------------------- 4 files changed, 4 insertions(+), 29 deletions(-) delete mode 100644 pkgs/swaylock-bg.nix diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 6218d90..46fae96 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -33,12 +33,10 @@ set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" bindsym $mod+Space exec $menu # Set shut down, restart and locking features -set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutdown +set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown bindsym $mod+0 mode "$mode_system" mode "$mode_system" { - bindsym l exec swaylock-bg, mode "default" bindsym e exec swaymsg exit, mode "default" - bindsym s exec systemctl suspend, mode "default" bindsym h exec systemctl hibernate, mode "default" bindsym r exec systemctl reboot, mode "default" bindsym Shift+s exec systemctl poweroff, mode "default" diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 597a877..549f153 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -9,12 +9,10 @@ pkgs: }; Service = { Type = "simple"; - Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin:${pkgs.swaylock-bg}/bin"; + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 600 'swaylock-bg' \ - timeout 900 'swaymsg "output * dpms off"' \ - resume 'swaymsg "output * dpms on"' \ - before-sleep 'swaylock-bg' + timeout 300 'swaymsg "output * dpms off"' \ + timeout 600 'systemctl hibernate' \ ''; }; Install = { diff --git a/pkgs/default.nix b/pkgs/default.nix index 312e685..d8a86fd 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,7 +12,6 @@ with final; { s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); - swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); diff --git a/pkgs/swaylock-bg.nix b/pkgs/swaylock-bg.nix deleted file mode 100644 index b55c32a..0000000 --- a/pkgs/swaylock-bg.nix +++ /dev/null @@ -1,20 +0,0 @@ -self: with self; '' - # Dependencies: - # swaylock - - # Make sure we aren't running twice - RUNNING=$(ps -A | grep swaylock | wc -l) - if [ $RUNNING -ne 0 ]; then - exit 0 - fi - - IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg - LOCKARGS="" - - for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'` - do - LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" - IMAGES="''${IMAGES} ''${IMAGE}" - done - exec ${swaylock}/bin/swaylock $LOCKARGS -'' From d2f8a2d837904cecc978bbc3b5a77026e73b9bda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 23:56:02 +0200 Subject: [PATCH 02/23] Remove swaylock-bg from install list --- modules/sway/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 83f407e..8842653 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -75,7 +75,6 @@ in xsettingsd ydotool - swaylock-bg sway-launcher import-gtk-settings s From 4b828cd91f8063047efcfce3c453465300c6e527 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 1 May 2022 17:04:29 +0200 Subject: [PATCH 03/23] Shorten time until hibernate --- modules/sway/swayidle.service.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 549f153..61f3259 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -11,8 +11,8 @@ pkgs: Type = "simple"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 300 'swaymsg "output * dpms off"' \ - timeout 600 'systemctl hibernate' \ + timeout 150 'swaymsg "output * dpms off"' \ + timeout 300 'systemctl hibernate' \ ''; }; Install = { From 0c4987ede101bd0348e599409626e74314f43ffd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 1 May 2022 17:29:21 +0200 Subject: [PATCH 04/23] Add resume device --- .../config/config.d/custom-keybindings.conf | 2 +- modules/x-os/boot.nix | 24 +++++++++++-------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 157ae8e..172b7e5 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -23,7 +23,7 @@ bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' bindsym $mod+Shift+m exec mu bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf -# Screenshofts +# Screenshots bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Shift+p exec grim ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep 0.5s && flameshot gui )" diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 0633bec..268f154 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -10,18 +10,22 @@ in description = "Feature flag for iso builds"; }; config = { - # Enable plymouth for better experience of booting - boot.plymouth.enable = true; + boot = { + # Enable plymouth for better experience of booting + plymouth.enable = true; - # Mount / luks device in initrd - # Allow fstrim to work on it. - # The ! makes this enabled by default - boot.initrd = mkIf (!cfg.iso-options.enable) { - luks.devices."cryptroot" = { - allowDiscards = true; + # Mount / luks device in initrd + # Allow fstrim to work on it. + # The ! makes this enabled by default + initrd = mkIf (!cfg.iso-options.enable) { + luks.devices."cryptroot" = { + allowDiscards = true; + }; }; - }; - boot.loader.systemd-boot.enable = true; + resumeDevice = "/swapfile"; + + loader.systemd-boot.enable = true; + }; }; } From 4c0991c7e1a7670526ec2331c0def1a5ae46e918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 17:10:30 +0200 Subject: [PATCH 05/23] Put always hibernate behind a flag Hibernation is now a core option: ``` pub-solar.core.hibernation.enable = true; ``` And there's a paranoia mode, that keeps the disk encrypted as much as possible by enabling hibernation and removing the options for sleep, screen locking. Idle locking now hibernates, and it does it on very short notice. --- modules/core/boot.nix | 10 ++++- modules/paranoia/default.nix | 24 +++++++++++ .../config/config.d/custom-keybindings.conf | 19 --------- .../sway/config/config.d/mode_system.conf.nix | 21 ++++++++++ modules/sway/default.nix | 40 ++++++++++--------- modules/sway/gammastep.service.nix | 2 +- modules/sway/libinput-gestures.service.nix | 2 +- modules/sway/mako.service.nix | 2 +- modules/sway/sway-session.target.nix | 2 +- modules/sway/sway.service.nix | 2 +- modules/sway/swayidle.service.nix | 15 +++++-- modules/sway/waybar.service.nix | 2 +- modules/sway/xsettingsd.service.nix | 2 +- modules/sway/ydotool.service.nix | 2 +- pkgs/default.nix | 1 + pkgs/swaylock-bg.nix | 20 ++++++++++ 16 files changed, 115 insertions(+), 51 deletions(-) create mode 100644 modules/paranoia/default.nix create mode 100644 modules/sway/config/config.d/mode_system.conf.nix create mode 100644 pkgs/swaylock-bg.nix diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 99b6d76..6f93fab 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -16,6 +16,14 @@ in description = "Whether it should be assumed that there is a cryptroot device"; }; + options.pub-solar.core.hibernation = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; + }; + }; + config = { boot = { # Enable plymouth for better experience of booting @@ -30,7 +38,7 @@ in }; }; - resumeDevice = "/swapfile"; + resumeDevice = mkIf cfg.core.hibernation.enable "/swapfile"; loader.systemd-boot.enable = true; diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix new file mode 100644 index 0000000..ec530fc --- /dev/null +++ b/modules/paranoia/default.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.paranoia; +in +{ + options.pub-solar.paranoia = { + enable = mkOption { + description = '' + Only offer hibernation instead of screen locking and sleeping. This only makes sense + if your hard drive is encrypted, and ensures that the contents of your drive are + encrypted if you are not actively using the device. + ''; + default = false; + type = types.bool; + }; + }; + + config = mkIf cfg.enable { + pub-solar.core.allow-hibernation = true; + }; +} diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index fdeac97..659a466 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -31,22 +31,3 @@ bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep # Launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher bindsym $mod+Space exec $menu - -# Set shut down, restart and locking features -set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown -bindsym $mod+0 mode "$mode_system" -mode "$mode_system" { - bindsym e exec swaymsg exit, mode "default" -#======= - bindsym l exec swaylock-bg, mode "default" - bindsym e exec systemctl --user stop graphical-session.target, mode "default" - bindsym s exec systemctl suspend, mode "default" -#>>>>>>> main - bindsym h exec systemctl hibernate, mode "default" - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" - - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" -} diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix new file mode 100644 index 0000000..ef11a46 --- /dev/null +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -0,0 +1,21 @@ +{ psCfg, ... }: '' +# Set shut down, restart and locking features +set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown +bindsym $mod+0 mode "$mode_system" +mode "$mode_system" { + bindsym e exec swaymsg exit, mode "default" +'' + (if !psCfg.core.allow-hibernation then '' + bindsym h exec systemctl hibernate, mode "default" +'' else "") + + (if !psCfg.paranoia.enable then '' + bindsym l exec swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" +'' else "") + '' + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" + + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" +} +'' diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 59b6ff0..2872a3b 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -2,25 +2,26 @@ with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.sway; in { options.pub-solar.sway = { enable = mkEnableOption "Life in boxes"; - }; - options.pub-solar.sway.terminal = mkOption { - type = types.nullOr types.str; - default = "alacritty"; - description = "Choose sway's default terminal"; - }; - options.pub-solar.sway.v4l2loopback.enable = mkOption { - type = types.bool; - default = true; - description = "WebCam streaming tool"; + + terminal = mkOption { + type = types.nullOr types.str; + default = "alacritty"; + description = "Choose sway's default terminal"; + }; + + v4l2loopback.enable = mkOption { + type = types.bool; + default = true; + description = "WebCam streaming tool"; + }; }; - config = mkIf cfg.enable (mkMerge [ - (mkIf (cfg.v4l2loopback.enable) { + config = mkIf psCfg.sway.enable (mkMerge [ + (mkIf (psCfg.sway.v4l2loopback.enable) { boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; boot.kernelModules = [ "v4l2loopback" ]; boot.extraModprobeConfig = '' @@ -84,18 +85,19 @@ in programs.waybar.enable = true; #programs.waybar.systemd.enable = true; - systemd.user.services.mako = import ./mako.service.nix pkgs; - systemd.user.services.sway = import ./sway.service.nix pkgs; - systemd.user.services.swayidle = import ./swayidle.service.nix pkgs; - systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs; - systemd.user.services.waybar = import ./waybar.service.nix pkgs; - systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs; + systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; }; + systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; }; + systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; }; + systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; }; + systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; }; + systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; }; xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.config.nix { inherit psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; }; diff --git a/modules/sway/gammastep.service.nix b/modules/sway/gammastep.service.nix index f59edf0..3960d1a 100644 --- a/modules/sway/gammastep.service.nix +++ b/modules/sway/gammastep.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "set color temperature of display according to time of day"; diff --git a/modules/sway/libinput-gestures.service.nix b/modules/sway/libinput-gestures.service.nix index c4c860d..798d10d 100644 --- a/modules/sway/libinput-gestures.service.nix +++ b/modules/sway/libinput-gestures.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Actions gestures on your touchpad using libinput"; diff --git a/modules/sway/mako.service.nix b/modules/sway/mako.service.nix index 190b986..b155e14 100644 --- a/modules/sway/mako.service.nix +++ b/modules/sway/mako.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Lightweight Wayland notification daemon"; diff --git a/modules/sway/sway-session.target.nix b/modules/sway/sway-session.target.nix index 3eb4d24..7b25376 100644 --- a/modules/sway/sway-session.target.nix +++ b/modules/sway/sway-session.target.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway compositor session"; diff --git a/modules/sway/sway.service.nix b/modules/sway/sway.service.nix index 95efc3e..0d0d782 100644 --- a/modules/sway/sway.service.nix +++ b/modules/sway/sway.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway - SirCmpwn's Wayland window manager"; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 61f3259..3b87c61 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, psCfg, ... }: { Unit = { Description = "Idle manager for Wayland"; @@ -10,9 +10,16 @@ pkgs: Service = { Type = "simple"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; - ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 150 'swaymsg "output * dpms off"' \ - timeout 300 'systemctl hibernate' \ + ExecStart = if psCfg.paranoia.enable then '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 120 'swaymsg "output * dpms off"' \ + timeout 150 'systemctl hibernate' \ + '' else '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 600 'swaylock-bg' \ + timeout 900 'swaymsg "output * dpms off"' \ + resume 'swaymsg "output * dpms on"' \ + before-sleep 'swaylock-bg' ''; }; Install = { diff --git a/modules/sway/waybar.service.nix b/modules/sway/waybar.service.nix index ee5e893..98b8ed3 100644 --- a/modules/sway/waybar.service.nix +++ b/modules/sway/waybar.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors."; diff --git a/modules/sway/xsettingsd.service.nix b/modules/sway/xsettingsd.service.nix index 0d729cb..db3e842 100644 --- a/modules/sway/xsettingsd.service.nix +++ b/modules/sway/xsettingsd.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "X Settings Daemon"; diff --git a/modules/sway/ydotool.service.nix b/modules/sway/ydotool.service.nix index d53bfcd..24b6443 100644 --- a/modules/sway/ydotool.service.nix +++ b/modules/sway/ydotool.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "ydotool - Generic command-line automation tool (no X!)"; diff --git a/pkgs/default.nix b/pkgs/default.nix index 1b04f37..28e513b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,6 +12,7 @@ with final; { s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); + swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); diff --git a/pkgs/swaylock-bg.nix b/pkgs/swaylock-bg.nix new file mode 100644 index 0000000..b55c32a --- /dev/null +++ b/pkgs/swaylock-bg.nix @@ -0,0 +1,20 @@ +self: with self; '' + # Dependencies: + # swaylock + + # Make sure we aren't running twice + RUNNING=$(ps -A | grep swaylock | wc -l) + if [ $RUNNING -ne 0 ]; then + exit 0 + fi + + IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg + LOCKARGS="" + + for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'` + do + LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" + IMAGES="''${IMAGES} ''${IMAGE}" + done + exec ${swaylock}/bin/swaylock $LOCKARGS +'' From 762e78677b39b722dbd12990025d9d3b5e943df7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 17:15:50 +0200 Subject: [PATCH 06/23] Fix hibernation enabling in paranoia mode --- modules/paranoia/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index ec530fc..19c470a 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -19,6 +19,6 @@ in }; config = mkIf cfg.enable { - pub-solar.core.allow-hibernation = true; + pub-solar.core.hibernate.enable = true; }; } From ca4262b84f341b97cd4a179bde3740d42bc61052 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 17:20:09 +0200 Subject: [PATCH 07/23] Fix hibernation enabling in paranoia mode --- modules/paranoia/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index 19c470a..bb31976 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -19,6 +19,6 @@ in }; config = mkIf cfg.enable { - pub-solar.core.hibernate.enable = true; + pub-solar.core.hibernation.enable = true; }; } From aabe96a3357e35056f7f5a68f023d10ec820ecfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 18:11:25 +0200 Subject: [PATCH 08/23] Fix hibernation config --- modules/core/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 6f93fab..1512289 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -38,7 +38,7 @@ in }; }; - resumeDevice = mkIf cfg.core.hibernation.enable "/swapfile"; + resumeDevice = mkIf cfg.hibernation.enable "/swapfile"; loader.systemd-boot.enable = true; From ba6dfdcf533c690333b4fc31e76a41d722b0ff8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 19:48:45 +0200 Subject: [PATCH 09/23] Fix sway mode_system config import --- modules/sway/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 469e5cf..dd0e605 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -98,7 +98,7 @@ in xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; - xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.config.nix { inherit psCfg; }; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; }; From 46992c46d6521dd74c81a937ad1c1465578cbe30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 19:59:01 +0200 Subject: [PATCH 10/23] Add parameter for swapfile offset --- modules/core/boot.nix | 21 +++++++++++- .../sway/config/config.d/mode_system.conf.nix | 32 +++++++++---------- 2 files changed, 36 insertions(+), 17 deletions(-) diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 1512289..9df859e 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -22,6 +22,18 @@ in default = false; description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; }; + + resumeDevice = mkOption { + type = types.str; + default = "/swapfile"; + description = "The location of the hibernation resume swap file."; + }; + + resumeOffset = mkOption { + type = types.nullOr types.number; + default = null; + description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file"; + }; }; config = { @@ -38,7 +50,14 @@ in }; }; - resumeDevice = mkIf cfg.hibernation.enable "/swapfile"; + + resumeDevice = mkIf cfg.hibernation.enable cfg.hibernation.resumeDevice; + kernelParams = mkIf cfg.hibernation.enable [ + "resume=${cfg.hibernation.resumeDevice}" + ] ++ ( + if (cfg.hibernation.resumeOffset == null) then builtins.abort "config.pub-solar.hibernation.resumeOffset has to be set if config.pub-solar.hibernation.enable is true." + else [ "resume_offset=${cfg.hibernation.resumeOffset}" ] + ); loader.systemd-boot.enable = true; diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix index ef11a46..c505a9f 100644 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -1,21 +1,21 @@ { psCfg, ... }: '' -# Set shut down, restart and locking features -set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown -bindsym $mod+0 mode "$mode_system" -mode "$mode_system" { - bindsym e exec swaymsg exit, mode "default" -'' + (if !psCfg.core.allow-hibernation then '' - bindsym h exec systemctl hibernate, mode "default" + # Set shut down, restart and locking features + set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown + bindsym $mod+0 mode "$mode_system" + mode "$mode_system" { + bindsym e exec swaymsg exit, mode "default" +'' + (if !psCfg.core.hibernation.enable then '' + bindsym h exec systemctl hibernate, mode "default" '' else "") - + (if !psCfg.paranoia.enable then '' - bindsym l exec swaylock-bg, mode "default" - bindsym s exec systemctl suspend, mode "default" ++ (if !psCfg.paranoia.enable then '' + bindsym l exec swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" '' else "") + '' - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" -} + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" + } '' From f9b7c9e3c9181debb9ad6fe944a4bf94a4d0e0cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 20:09:38 +0200 Subject: [PATCH 11/23] Fix build --- modules/core/boot.nix | 29 --------------------------- modules/core/default.nix | 1 + modules/core/hibernation.nix | 38 ++++++++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 29 deletions(-) create mode 100644 modules/core/hibernation.nix diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 9df859e..10f67dc 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -16,26 +16,6 @@ in description = "Whether it should be assumed that there is a cryptroot device"; }; - options.pub-solar.core.hibernation = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; - }; - - resumeDevice = mkOption { - type = types.str; - default = "/swapfile"; - description = "The location of the hibernation resume swap file."; - }; - - resumeOffset = mkOption { - type = types.nullOr types.number; - default = null; - description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file"; - }; - }; - config = { boot = { # Enable plymouth for better experience of booting @@ -50,15 +30,6 @@ in }; }; - - resumeDevice = mkIf cfg.hibernation.enable cfg.hibernation.resumeDevice; - kernelParams = mkIf cfg.hibernation.enable [ - "resume=${cfg.hibernation.resumeDevice}" - ] ++ ( - if (cfg.hibernation.resumeOffset == null) then builtins.abort "config.pub-solar.hibernation.resumeOffset has to be set if config.pub-solar.hibernation.enable is true." - else [ "resume_offset=${cfg.hibernation.resumeOffset}" ] - ); - loader.systemd-boot.enable = true; # Use latest LTS linux kernel by default diff --git a/modules/core/default.nix b/modules/core/default.nix index 7b16826..80ca492 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -8,6 +8,7 @@ in { imports = [ ./boot.nix + ./hibernation.nix ./fonts.nix ./i18n.nix ./networking.nix diff --git a/modules/core/hibernation.nix b/modules/core/hibernation.nix new file mode 100644 index 0000000..c0e912f --- /dev/null +++ b/modules/core/hibernation.nix @@ -0,0 +1,38 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.pub-solar.core.hibernation; +in +{ + options.pub-solar.core.hibernation = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; + }; + + resumeDevice = mkOption { + type = types.str; + default = "/swapfile"; + description = "The location of the hibernation resume swap file."; + }; + + resumeOffset = mkOption { + type = types.nullOr types.int; + default = null; + description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file"; + }; + }; + + config = { + boot = mkIf cfg.enable { + resumeDevice = cfg.resumeDevice; + kernelParams = [ + "resume=${cfg.resumeDevice}" + ] ++ ( + if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true." + else [ "resume_offset=${cfg.resumeOffset}" ] + ); + }; + }; +} From 1ea4523bd1be9365649acdf4e676bfe2d40e2b43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 20:29:38 +0200 Subject: [PATCH 12/23] Fix droppie backup ssh service and build --- hosts/droppie/droppie.nix | 2 +- pkgs/default.nix | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix index 8918cde..b828d74 100644 --- a/hosts/droppie/droppie.nix +++ b/hosts/droppie/droppie.nix @@ -33,7 +33,7 @@ in }; serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 cloud.pub.solar"; + ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar"; Restart = "always"; RestartSec = "5s"; }; diff --git a/pkgs/default.nix b/pkgs/default.nix index 6e70e21..d308f64 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -19,9 +19,5 @@ with final; { wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final); - - # ps-fixes - scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final); - drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); } From 116f9301c4fe9510d709cac3f5c1914917c01391 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 18 Aug 2022 11:54:02 +0200 Subject: [PATCH 13/23] Don't hand over USB devices --- hosts/chocolatebar/virtualisation/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/chocolatebar/virtualisation/default.nix b/hosts/chocolatebar/virtualisation/default.nix index bea0d38..730e5a9 100644 --- a/hosts/chocolatebar/virtualisation/default.nix +++ b/hosts/chocolatebar/virtualisation/default.nix @@ -6,7 +6,7 @@ let createService = import ./create-service.nix; isolateGPU = "rx550x"; - handOverUSBDevices = true; + handOverUSBDevices = false; isolateAnyGPU = isolateGPU != null; in From 284ae0366a9ac506d328bd9319d1536408196837 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 23 Aug 2022 17:03:34 +0200 Subject: [PATCH 14/23] droppie: fix missing systemd wantedBy without this, the systemd service does not start after a reboot --- hosts/droppie/droppie.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix index b828d74..0e2fadf 100644 --- a/hosts/droppie/droppie.nix +++ b/hosts/droppie/droppie.nix @@ -37,6 +37,7 @@ in Restart = "always"; RestartSec = "5s"; }; + wantedBy = [ "multi-user.target" ]; }; }; } From 8a9d83ffb9f64e18ac77c6815cc5b5d9ecc3bdeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 23 Aug 2022 18:04:21 +0200 Subject: [PATCH 15/23] Add ddclient to droppie --- hosts/chocolatebar/chocolatebar.nix | 4 ++-- hosts/droppie/droppie.nix | 15 +++++++++++++++ secrets/dyndns-droppie.key | 27 +++++++++++++++++++++++++++ secrets/secrets.nix | 12 ++++++++++++ 4 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 secrets/dyndns-droppie.key diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix index eb6efd7..87fd57d 100644 --- a/hosts/chocolatebar/chocolatebar.nix +++ b/hosts/chocolatebar/chocolatebar.nix @@ -28,12 +28,12 @@ in age.secrets."vnc-key.pem" = { file = "${self}/secrets/vnc-key-chocolatebar.pem"; - mode = "700"; + mode = "400"; owner = psCfg.user.name; }; age.secrets."vnc-cert.pem" = { file = "${self}/secrets/vnc-cert-chocolatebar.pem"; - mode = "700"; + mode = "400"; owner = psCfg.user.name; }; pub-solar.sway.vnc.enable = true; diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix index 0e2fadf..f16974d 100644 --- a/hosts/droppie/droppie.nix +++ b/hosts/droppie/droppie.nix @@ -39,5 +39,20 @@ in }; wantedBy = [ "multi-user.target" ]; }; + + services.ddclient = { + enable = true; + ipv6 = true; + domains = [ "backup.b12f.io" ]; + server = "ddns.hosting.de"; + use = "web, web=http://checkip6.spdyn.de/, web-skip=''"; + passwordFile = "/run/agenix/dyndns-droppie.key"; + }; + + age.secrets."dyndns-droppie.key" = { + file = "${self}/secrets/dyndns-droppie.key"; + mode = "400"; + owner = "root"; + }; }; } diff --git a/secrets/dyndns-droppie.key b/secrets/dyndns-droppie.key new file mode 100644 index 0000000..d4f7e99 --- /dev/null +++ b/secrets/dyndns-droppie.key @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-rsa kFDS0A +lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj +3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm +eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L +jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv +Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd +enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY +XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J +fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f +DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c +8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4 +QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc +-> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg +58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI +-> ssh-rsa wVtlwQ +RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ +J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg +bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP +EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp +KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0 +SJDLmHOos2RKTmx06aidDg +-> Dz(k-grease ~FF p m)E{J3E +7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP +MzOYiM+PIQmn +--- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4 +l%uE\ ?2\&wG&@W~9"^Ɔon^xOIuO21c*m%)#جeI6A/i \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 65b6ed9..68b238d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -8,6 +8,9 @@ let chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar"; chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar"; + droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos"; + droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie"; + allKeys = [ bbcom @@ -31,6 +34,13 @@ let chocolatebar-host chocolatebar-user ]; + + droppieKeys = [ + bbcom + + droppie-host + droppie-user + ]; in { "keyfile-biolimo.bin".publicKeys = biolimoKeys; @@ -42,5 +52,7 @@ in "vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys; "vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys; + "dyndns-droppie.key".publicKeys = droppieKeys; + "mopidy.conf".publicKeys = allKeys; } From 2b3a1d827b0f33d7e572b1f3fb3a0ce955c58c07 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 23 Aug 2022 18:23:08 +0200 Subject: [PATCH 16/23] droppie: add missing ddclient username --- hosts/droppie/droppie.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix index f16974d..9d431cc 100644 --- a/hosts/droppie/droppie.nix +++ b/hosts/droppie/droppie.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, self, ... }: with lib; let psCfg = config.pub-solar; @@ -45,6 +45,7 @@ in ipv6 = true; domains = [ "backup.b12f.io" ]; server = "ddns.hosting.de"; + username = "b12f"; use = "web, web=http://checkip6.spdyn.de/, web-skip=''"; passwordFile = "/run/agenix/dyndns-droppie.key"; }; From d83e408e44f617f7972316754ea23a3492b6c3d6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 23 Aug 2022 18:58:13 +0200 Subject: [PATCH 17/23] droppie: fix systemd wantedBy without this, the systemd service does not start after a reboot add cloud.pub.solar host key to ssh knownHosts --- hosts/droppie/droppie.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix index 9d431cc..76825ae 100644 --- a/hosts/droppie/droppie.nix +++ b/hosts/droppie/droppie.nix @@ -26,6 +26,10 @@ in } ]; + services.openssh.knownHosts = { + "cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW"; + }; + systemd.user.services.ssh-tunnel-cloud-pub-solar = { unitConfig = { Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host"; @@ -37,7 +41,7 @@ in Restart = "always"; RestartSec = "5s"; }; - wantedBy = [ "multi-user.target" ]; + wantedBy = [ "default.target" ]; }; services.ddclient = { From e380709023ae24a9d9b5c9d1cb38f7f71050825f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 23 Aug 2022 18:59:18 +0200 Subject: [PATCH 18/23] yule: add cloud.pub.solar public ssh key --- users/yule/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/users/yule/default.nix b/users/yule/default.nix index 10d55ce..bf1ddcd 100644 --- a/users/yule/default.nix +++ b/users/yule/default.nix @@ -24,6 +24,8 @@ in "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= b12f Yubi Backup" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a teutat3s" + + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar" ]; }; }; From 1c3667ca367f192425c8ded58687528fea905cd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 23 Aug 2022 19:10:57 +0200 Subject: [PATCH 19/23] Fix user for droppie secret file --- hosts/droppie/droppie.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix index 76825ae..5bb60ad 100644 --- a/hosts/droppie/droppie.nix +++ b/hosts/droppie/droppie.nix @@ -57,7 +57,7 @@ in age.secrets."dyndns-droppie.key" = { file = "${self}/secrets/dyndns-droppie.key"; mode = "400"; - owner = "root"; + owner = psCfg.user.name; }; }; } From b012b8bfa7a05cf786bbf803d45e785029674ee7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 23 Aug 2022 23:18:31 +0200 Subject: [PATCH 20/23] Add laurakirst.de --- users/ben/home.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/ben/home.nix b/users/ben/home.nix index 0aff38a..be79613 100644 --- a/users/ben/home.nix +++ b/users/ben/home.nix @@ -63,6 +63,12 @@ in MACs = "hmac-sha2-512-etm@openssh.com"; }; }; + + "laurakirst.de" = { + hostname = "webj4bsux.wh.hosting.zone"; + user = "webj4bsux_36qkrk"; + port = 2244; + }; }; }; From c63c3da345aff2bc1239687abc6729b2bf293b75 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 24 Aug 2022 00:53:38 +0200 Subject: [PATCH 21/23] nix: set nix.package to force overlays/ overrides.nix to apply use nix as default version alias in devshell as well --- modules/core/nix.nix | 2 ++ shell/devos.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/core/nix.nix b/modules/core/nix.nix index 38b70cf..f7ff5fa 100644 --- a/modules/core/nix.nix +++ b/modules/core/nix.nix @@ -2,6 +2,8 @@ { nix = { + # Use default version alias for nix package + package = pkgs.nix; # Improve nix store disk usage autoOptimiseStore = true; gc.automatic = true; diff --git a/shell/devos.nix b/shell/devos.nix index bd3399a..9aefcc6 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -6,7 +6,7 @@ let cachix editorconfig-checker mdbook - nixUnstable + nix nixpkgs-fmt nvfetcher ; From de40b08d067f88895ca0b89858e338f52d4a04f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Wed, 24 Aug 2022 18:43:11 +0200 Subject: [PATCH 22/23] Fix hibernation The resumeDevice and kernel `resume` parameter were being used wrong. Only `boot.resumeDevice` is necessary, and it should point at the _block device_ that holds the swapfile. If you are running on encrypted volumes, this means you will need to use the name of the *decrypted block device* on which the swapfile sits. --- modules/core/hibernation.nix | 9 +++------ modules/sway/config/config.d/mode_system.conf.nix | 2 +- modules/sway/default.nix | 2 +- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/modules/core/hibernation.nix b/modules/core/hibernation.nix index c0e912f..0454d82 100644 --- a/modules/core/hibernation.nix +++ b/modules/core/hibernation.nix @@ -13,7 +13,7 @@ in resumeDevice = mkOption { type = types.str; - default = "/swapfile"; + default = "/dev/sda1"; description = "The location of the hibernation resume swap file."; }; @@ -27,12 +27,9 @@ in config = { boot = mkIf cfg.enable { resumeDevice = cfg.resumeDevice; - kernelParams = [ - "resume=${cfg.resumeDevice}" - ] ++ ( + kernelParams = if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true." - else [ "resume_offset=${cfg.resumeOffset}" ] - ); + else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ]; }; }; } diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix index c505a9f..f34ecc5 100644 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -4,7 +4,7 @@ bindsym $mod+0 mode "$mode_system" mode "$mode_system" { bindsym e exec swaymsg exit, mode "default" -'' + (if !psCfg.core.hibernation.enable then '' +'' + (if psCfg.core.hibernation.enable then '' bindsym h exec systemctl hibernate, mode "default" '' else "") + (if !psCfg.paranoia.enable then '' diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 7ef5560..b237c52 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -95,7 +95,7 @@ in systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; }; systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; }; - systemd.user.services.wayvnc = mkIf cfg.vnc.enable (import ./wayvnc.service.nix pkgs); + systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs); xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; From b7d2a48d4cded88b0f534a2b7c2621728c3144d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Wed, 24 Aug 2022 18:45:34 +0200 Subject: [PATCH 23/23] Fix hibernation for biolimo --- hosts/biolimo/biolimo.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/biolimo/biolimo.nix b/hosts/biolimo/biolimo.nix index 820225e..1ff4289 100644 --- a/hosts/biolimo/biolimo.nix +++ b/hosts/biolimo/biolimo.nix @@ -10,6 +10,10 @@ in ]; config = { + pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; + pub-solar.core.hibernation.resumeOffset = 15296512; + hardware.cpu.intel.updateMicrocode = true; networking.firewall.allowedTCPPorts = [ 5000 ];