fixing sshd and suspend problems

2021-03-05 17:42:00 +01:00 · 2021-03-05 17:42:00 +01:00 · a94e8afe34
parent 22dbeab3f8
commit a94e8afe34
4 changed files with 40 additions and 27 deletions
--- a/configs/sternchen/configuration.nix
+++ b/configs/sternchen/configuration.nix
@ -29,6 +29,8 @@
  programs.custom.steam.enable = false;
  programs.custom.video.enable = true;

+  system.custom.suspend.enable = false;
+
  services.printing.enable = true;

  # fonts
--- a/system/desktop/default.nix
+++ b/system/desktop/default.nix
@ -26,6 +26,8 @@
    ./wtf.nix
  ];

+  system.custom.suspend.enable = lib.mkDefault true;
+
  backup.dirs =
    [ "/home/palo/.password-store" "/home/palo/.task" "/home/palo/.vit" ];

--- a/system/desktop/sshd.nix
+++ b/system/desktop/sshd.nix
@ -1,7 +1,6 @@
-{ config, ... }:
-{
+{ config, ... }: {
  # make sure ssh is only available trough the tinc
-  #networking.firewall.extraCommands = ''
-  #  iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0
-  #'';
+  networking.firewall.extraCommands = ''
+    iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
+  '';
 }
--- a/system/desktop/suspend.nix
+++ b/system/desktop/suspend.nix
@ -1,27 +1,37 @@
 { pkgs, config, lib, ... }:
+with lib;

-{
-  systemd.services.screenlock = {
-    before = [ "sleep.target" ];
-    requiredBy = [ "sleep.target" ];
-    environment = let
-      display = if (config.services.xserver.display != null) then
-        config.services.xserver.display
-      else
-        0;
-    in { DISPLAY = ":${toString display}"; };
-    script = ''
-      ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
-      sleep 1
-    '';
-    serviceConfig = {
-      SyslogIdentifier = "screenlock";
-      #Type = "simple";
-      Type = "forking";
-      User = config.users.users.mainUser.name;
+let
+
+  cfg = config.system.custom.suspend;
+in {
+
+  options.system.custom.suspend.enable = mkEnableOption "use xlock in suspend";
+
+  config = mkIf cfg.enable {
+
+    systemd.services.screenlock = {
+      before = [ "sleep.target" ];
+      requiredBy = [ "sleep.target" ];
+      environment = let
+        display = if (config.services.xserver.display != null) then
+          config.services.xserver.display
+        else
+          0;
+      in { DISPLAY = ":${toString display}"; };
+      script = ''
+        ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
+        sleep 1
+      '';
+      serviceConfig = {
+        SyslogIdentifier = "screenlock";
+        #Type = "simple";
+        Type = "forking";
+        User = config.users.users.mainUser.name;
+      };
    };
+
+    services.logind.lidSwitch = "suspend";
+
  };
-
-  services.logind.lidSwitch = "suspend";
-
 }