From 4c0991c7e1a7670526ec2331c0def1a5ae46e918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 17:10:30 +0200 Subject: [PATCH] Put always hibernate behind a flag Hibernation is now a core option: ``` pub-solar.core.hibernation.enable = true; ``` And there's a paranoia mode, that keeps the disk encrypted as much as possible by enabling hibernation and removing the options for sleep, screen locking. Idle locking now hibernates, and it does it on very short notice. --- modules/core/boot.nix | 10 ++++- modules/paranoia/default.nix | 24 +++++++++++ .../config/config.d/custom-keybindings.conf | 19 --------- .../sway/config/config.d/mode_system.conf.nix | 21 ++++++++++ modules/sway/default.nix | 40 ++++++++++--------- modules/sway/gammastep.service.nix | 2 +- modules/sway/libinput-gestures.service.nix | 2 +- modules/sway/mako.service.nix | 2 +- modules/sway/sway-session.target.nix | 2 +- modules/sway/sway.service.nix | 2 +- modules/sway/swayidle.service.nix | 15 +++++-- modules/sway/waybar.service.nix | 2 +- modules/sway/xsettingsd.service.nix | 2 +- modules/sway/ydotool.service.nix | 2 +- pkgs/default.nix | 1 + pkgs/swaylock-bg.nix | 20 ++++++++++ 16 files changed, 115 insertions(+), 51 deletions(-) create mode 100644 modules/paranoia/default.nix create mode 100644 modules/sway/config/config.d/mode_system.conf.nix create mode 100644 pkgs/swaylock-bg.nix diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 99b6d76c..6f93fabf 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -16,6 +16,14 @@ in description = "Whether it should be assumed that there is a cryptroot device"; }; + options.pub-solar.core.hibernation = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; + }; + }; + config = { boot = { # Enable plymouth for better experience of booting @@ -30,7 +38,7 @@ in }; }; - resumeDevice = "/swapfile"; + resumeDevice = mkIf cfg.core.hibernation.enable "/swapfile"; loader.systemd-boot.enable = true; diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix new file mode 100644 index 00000000..ec530fc3 --- /dev/null +++ b/modules/paranoia/default.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.paranoia; +in +{ + options.pub-solar.paranoia = { + enable = mkOption { + description = '' + Only offer hibernation instead of screen locking and sleeping. This only makes sense + if your hard drive is encrypted, and ensures that the contents of your drive are + encrypted if you are not actively using the device. + ''; + default = false; + type = types.bool; + }; + }; + + config = mkIf cfg.enable { + pub-solar.core.allow-hibernation = true; + }; +} diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index fdeac97a..659a4660 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -31,22 +31,3 @@ bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep # Launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher bindsym $mod+Space exec $menu - -# Set shut down, restart and locking features -set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown -bindsym $mod+0 mode "$mode_system" -mode "$mode_system" { - bindsym e exec swaymsg exit, mode "default" -#======= - bindsym l exec swaylock-bg, mode "default" - bindsym e exec systemctl --user stop graphical-session.target, mode "default" - bindsym s exec systemctl suspend, mode "default" -#>>>>>>> main - bindsym h exec systemctl hibernate, mode "default" - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" - - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" -} diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix new file mode 100644 index 00000000..ef11a461 --- /dev/null +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -0,0 +1,21 @@ +{ psCfg, ... }: '' +# Set shut down, restart and locking features +set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown +bindsym $mod+0 mode "$mode_system" +mode "$mode_system" { + bindsym e exec swaymsg exit, mode "default" +'' + (if !psCfg.core.allow-hibernation then '' + bindsym h exec systemctl hibernate, mode "default" +'' else "") + + (if !psCfg.paranoia.enable then '' + bindsym l exec swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" +'' else "") + '' + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" + + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" +} +'' diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 59b6ff09..2872a3b3 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -2,25 +2,26 @@ with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.sway; in { options.pub-solar.sway = { enable = mkEnableOption "Life in boxes"; - }; - options.pub-solar.sway.terminal = mkOption { - type = types.nullOr types.str; - default = "alacritty"; - description = "Choose sway's default terminal"; - }; - options.pub-solar.sway.v4l2loopback.enable = mkOption { - type = types.bool; - default = true; - description = "WebCam streaming tool"; + + terminal = mkOption { + type = types.nullOr types.str; + default = "alacritty"; + description = "Choose sway's default terminal"; + }; + + v4l2loopback.enable = mkOption { + type = types.bool; + default = true; + description = "WebCam streaming tool"; + }; }; - config = mkIf cfg.enable (mkMerge [ - (mkIf (cfg.v4l2loopback.enable) { + config = mkIf psCfg.sway.enable (mkMerge [ + (mkIf (psCfg.sway.v4l2loopback.enable) { boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; boot.kernelModules = [ "v4l2loopback" ]; boot.extraModprobeConfig = '' @@ -84,18 +85,19 @@ in programs.waybar.enable = true; #programs.waybar.systemd.enable = true; - systemd.user.services.mako = import ./mako.service.nix pkgs; - systemd.user.services.sway = import ./sway.service.nix pkgs; - systemd.user.services.swayidle = import ./swayidle.service.nix pkgs; - systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs; - systemd.user.services.waybar = import ./waybar.service.nix pkgs; - systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs; + systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; }; + systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; }; + systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; }; + systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; }; + systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; }; + systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; }; xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.config.nix { inherit psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; }; diff --git a/modules/sway/gammastep.service.nix b/modules/sway/gammastep.service.nix index f59edf02..3960d1ae 100644 --- a/modules/sway/gammastep.service.nix +++ b/modules/sway/gammastep.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "set color temperature of display according to time of day"; diff --git a/modules/sway/libinput-gestures.service.nix b/modules/sway/libinput-gestures.service.nix index c4c860da..798d10d6 100644 --- a/modules/sway/libinput-gestures.service.nix +++ b/modules/sway/libinput-gestures.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Actions gestures on your touchpad using libinput"; diff --git a/modules/sway/mako.service.nix b/modules/sway/mako.service.nix index 190b986d..b155e148 100644 --- a/modules/sway/mako.service.nix +++ b/modules/sway/mako.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Lightweight Wayland notification daemon"; diff --git a/modules/sway/sway-session.target.nix b/modules/sway/sway-session.target.nix index 3eb4d24c..7b25376a 100644 --- a/modules/sway/sway-session.target.nix +++ b/modules/sway/sway-session.target.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway compositor session"; diff --git a/modules/sway/sway.service.nix b/modules/sway/sway.service.nix index 95efc3e6..0d0d782c 100644 --- a/modules/sway/sway.service.nix +++ b/modules/sway/sway.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway - SirCmpwn's Wayland window manager"; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 61f32591..3b87c610 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, psCfg, ... }: { Unit = { Description = "Idle manager for Wayland"; @@ -10,9 +10,16 @@ pkgs: Service = { Type = "simple"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; - ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 150 'swaymsg "output * dpms off"' \ - timeout 300 'systemctl hibernate' \ + ExecStart = if psCfg.paranoia.enable then '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 120 'swaymsg "output * dpms off"' \ + timeout 150 'systemctl hibernate' \ + '' else '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 600 'swaylock-bg' \ + timeout 900 'swaymsg "output * dpms off"' \ + resume 'swaymsg "output * dpms on"' \ + before-sleep 'swaylock-bg' ''; }; Install = { diff --git a/modules/sway/waybar.service.nix b/modules/sway/waybar.service.nix index ee5e8938..98b8ed35 100644 --- a/modules/sway/waybar.service.nix +++ b/modules/sway/waybar.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors."; diff --git a/modules/sway/xsettingsd.service.nix b/modules/sway/xsettingsd.service.nix index 0d729cb2..db3e842c 100644 --- a/modules/sway/xsettingsd.service.nix +++ b/modules/sway/xsettingsd.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "X Settings Daemon"; diff --git a/modules/sway/ydotool.service.nix b/modules/sway/ydotool.service.nix index d53bfcd7..24b64432 100644 --- a/modules/sway/ydotool.service.nix +++ b/modules/sway/ydotool.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "ydotool - Generic command-line automation tool (no X!)"; diff --git a/pkgs/default.nix b/pkgs/default.nix index 1b04f378..28e513b7 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,6 +12,7 @@ with final; { s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); + swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); diff --git a/pkgs/swaylock-bg.nix b/pkgs/swaylock-bg.nix new file mode 100644 index 00000000..b55c32ae --- /dev/null +++ b/pkgs/swaylock-bg.nix @@ -0,0 +1,20 @@ +self: with self; '' + # Dependencies: + # swaylock + + # Make sure we aren't running twice + RUNNING=$(ps -A | grep swaylock | wc -l) + if [ $RUNNING -ne 0 ]; then + exit 0 + fi + + IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg + LOCKARGS="" + + for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'` + do + LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" + IMAGES="''${IMAGES} ''${IMAGE}" + done + exec ${swaylock}/bin/swaylock $LOCKARGS +''