The paranoia mode now also enables the firewall and closes down a couple
of small openSSH holes. `noexec` on the whole FS is left out as it will
make every existing PubSolarOS installation panic.
This service is presumably useful for devices that need to ensure there
is an active internet connection before starting other systemd units.
This is neither the case for end-user devices as the an active internet
connection is only needed after login nor the case for server-like
systems as they normally have a static / dhcp-based network configuration
which does not require switchable network configuration profiles.
The resumeDevice and kernel `resume` parameter were being used wrong.
Only `boot.resumeDevice` is necessary, and it should point at the _block
device_ that holds the swapfile. If you are running on encrypted
volumes, this means you will need to use the name of the *decrypted
block device* on which the swapfile sits.
This commit shuffles around some sway keybindings and improves the
screen recording experience by adding a small wrapper around `slurp` and
`wf-recorder` conveniently called `record-screen`.
* `$mod+F5` now reload the sway configuration,
* `$mod+Ctrl+r` starts a screen recording (to stop it, go to workspace 7
and kill the process),
* `record-screen` and the firefox sharing indicator are both on
workspace 7 now, making it the "trash" workspace,
* `$mod+F1` and `$mod+Shift+h` now open Firefox with the docs of our
repository availabe under `help.local`.
* To not infuriate `qMasterPassword` users, that is now available under
`$mod+Shift+m` instead of `$mod+F1`.
Hibernation is now a core option:
```
pub-solar.core.hibernation.enable = true;
```
And there's a paranoia mode, that keeps the disk encrypted as much as
possible by enabling hibernation and removing the options for sleep,
screen locking.
Idle locking now hibernates, and it does it on very short notice.
teutat3s
Hendrik Sokolowski
Benjamin Bädorf
