From a94e8afe34257fa53aeb409583096162acfd29c8 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Fri, 5 Mar 2021 17:42:00 +0100 Subject: [PATCH] fixing sshd and suspend problems --- configs/sternchen/configuration.nix | 2 ++ system/desktop/default.nix | 2 ++ system/desktop/sshd.nix | 9 +++-- system/desktop/suspend.nix | 54 +++++++++++++++++------------ 4 files changed, 40 insertions(+), 27 deletions(-) diff --git a/configs/sternchen/configuration.nix b/configs/sternchen/configuration.nix index 9088b6b..2085a89 100644 --- a/configs/sternchen/configuration.nix +++ b/configs/sternchen/configuration.nix @@ -29,6 +29,8 @@ programs.custom.steam.enable = false; programs.custom.video.enable = true; + system.custom.suspend.enable = false; + services.printing.enable = true; # fonts diff --git a/system/desktop/default.nix b/system/desktop/default.nix index b5461cd..8fc65e7 100644 --- a/system/desktop/default.nix +++ b/system/desktop/default.nix @@ -26,6 +26,8 @@ ./wtf.nix ]; + system.custom.suspend.enable = lib.mkDefault true; + backup.dirs = [ "/home/palo/.password-store" "/home/palo/.task" "/home/palo/.vit" ]; diff --git a/system/desktop/sshd.nix b/system/desktop/sshd.nix index ed7ca80..fd6dddc 100644 --- a/system/desktop/sshd.nix +++ b/system/desktop/sshd.nix @@ -1,7 +1,6 @@ -{ config, ... }: -{ +{ config, ... }: { # make sure ssh is only available trough the tinc - #networking.firewall.extraCommands = '' - # iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0 - #''; + networking.firewall.extraCommands = '' + iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0 + ''; } diff --git a/system/desktop/suspend.nix b/system/desktop/suspend.nix index 7ad8749..d9f58ac 100644 --- a/system/desktop/suspend.nix +++ b/system/desktop/suspend.nix @@ -1,27 +1,37 @@ { pkgs, config, lib, ... }: +with lib; -{ - systemd.services.screenlock = { - before = [ "sleep.target" ]; - requiredBy = [ "sleep.target" ]; - environment = let - display = if (config.services.xserver.display != null) then - config.services.xserver.display - else - 0; - in { DISPLAY = ":${toString display}"; }; - script = '' - ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 & - sleep 1 - ''; - serviceConfig = { - SyslogIdentifier = "screenlock"; - #Type = "simple"; - Type = "forking"; - User = config.users.users.mainUser.name; +let + + cfg = config.system.custom.suspend; +in { + + options.system.custom.suspend.enable = mkEnableOption "use xlock in suspend"; + + config = mkIf cfg.enable { + + systemd.services.screenlock = { + before = [ "sleep.target" ]; + requiredBy = [ "sleep.target" ]; + environment = let + display = if (config.services.xserver.display != null) then + config.services.xserver.display + else + 0; + in { DISPLAY = ":${toString display}"; }; + script = '' + ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 & + sleep 1 + ''; + serviceConfig = { + SyslogIdentifier = "screenlock"; + #Type = "simple"; + Type = "forking"; + User = config.users.users.mainUser.name; + }; }; + + services.logind.lidSwitch = "suspend"; + }; - - services.logind.lidSwitch = "suspend"; - }