The resumeDevice and kernel `resume` parameter were being used wrong.
Only `boot.resumeDevice` is necessary, and it should point at the _block
device_ that holds the swapfile. If you are running on encrypted
volumes, this means you will need to use the name of the *decrypted
block device* on which the swapfile sits.
This commit shuffles around some sway keybindings and improves the
screen recording experience by adding a small wrapper around `slurp` and
`wf-recorder` conveniently called `record-screen`.
* `$mod+F5` now reload the sway configuration,
* `$mod+Ctrl+r` starts a screen recording (to stop it, go to workspace 7
and kill the process),
* `record-screen` and the firefox sharing indicator are both on
workspace 7 now, making it the "trash" workspace,
* `$mod+F1` and `$mod+Shift+h` now open Firefox with the docs of our
repository availabe under `help.local`.
* To not infuriate `qMasterPassword` users, that is now available under
`$mod+Shift+m` instead of `$mod+F1`.
Hibernation is now a core option:
```
pub-solar.core.hibernation.enable = true;
```
And there's a paranoia mode, that keeps the disk encrypted as much as
possible by enabling hibernation and removing the options for sleep,
screen locking.
Idle locking now hibernates, and it does it on very short notice.
nix-dram as default nix binary isn't worth the
maintenance work anymore, CI builds started
failing because of it:
https://ci.b12f.io/pub-solar/os/533/1/2
Automatic builds still happen each night and can be
checked in our fork of nix-dram:
https://github.com/pub-solar/nix-dram/actions
Users of nix-dram can continue to use it via devshells
or nix run github:dramforever/nix-dram -- --version
This commit removes the default, global `allowUnfree = true;` setting
and removes nonfree packages where I could find them. Tested by building
the `PubSolarOS` host once.
This adds a barebones CI-runner module with the following option:
`pub-solar.ci-runner.enable`
If enabled, this will start a systemd service on boot that runs
`drone-runner-exec`. The configuration expects you to have a file called
`secrets/drone-runner-exec-config` handled by agenix that gets put into
`/run/agenix/drone-runner-exec-config` and is owned by root.
This file should contain a configuration similar to the following:
```
CLIENT_DRONE_RPC_PROTO=https
CLIENT_DRONE_RPC_HOST=drone.company.com
CLIENT_DRONE_RPC_SECRET=super-duper-secret
```