wanderer/dotfiles
2
2
Fork 0
Code Issues 1 Pull Requests Releases Activity

home-manager: bring in systemd timers,services

Browse Source 
also:
* add meta units that mask tracker* units
* declare some programs in home-manager and remove from cargo
* adjust sway config to accomodate new systemd units for kanshi,
  autotiling and kdeconnect{,-indicator}
* add configuration for albert and set is as a default launcher in sway
This commit is contained in:
surtur 2023-08-09 17:23:36 +02:00
parent 565c61730c
commit 1e3230c268
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
29 changed files with 475 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cargo/.crates.toml
View File

@ -1,5 +1,4 @@
[v1] [v1]
"b3sum 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = ["b3sum"]
"bandwhich 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)" = ["bandwhich"] "bandwhich 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)" = ["bandwhich"]
"cargo-outdated 0.13.1 (registry+https://github.com/rust-lang/crates.io-index)" = ["cargo-outdated"] "cargo-outdated 0.13.1 (registry+https://github.com/rust-lang/crates.io-index)" = ["cargo-outdated"]
"cargo-update 13.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = [ "cargo-update 13.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = [
@ -11,7 +10,6 @@
"eva 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = ["eva"] "eva 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = ["eva"]
"rustlings 3.0.0 (path+file:///home/vis/utils/rustlings)" = ["rustlings"] "rustlings 3.0.0 (path+file:///home/vis/utils/rustlings)" = ["rustlings"]
"sccache 0.5.4 (registry+https://github.com/rust-lang/crates.io-index)" = ["sccache"] "sccache 0.5.4 (registry+https://github.com/rust-lang/crates.io-index)" = ["sccache"]
"sheldon 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)" = ["sheldon"]
"starship 1.15.0 (registry+https://github.com/rust-lang/crates.io-index)" = ["starship"] "starship 1.15.0 (registry+https://github.com/rust-lang/crates.io-index)" = ["starship"]
"sway-alttab 1.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = ["sway-alttab"] "sway-alttab 1.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = ["sway-alttab"]
"swayr 0.27.0 (registry+https://github.com/rust-lang/crates.io-index)" = [ "swayr 0.27.0 (registry+https://github.com/rust-lang/crates.io-index)" = [

70
.config/albert/albert.conf Normal file
View File

@ -0,0 +1,70 @@
[General]
%23%20notifiedUnsupportedHotkey=true
fuzzy=true
hotkey=Ctrl+Space
last_used_version=0.20.14
memoryDecay=0.82
notifiedUnsupportedHotkey=false
showTray=true
telemetry=false
terminal=Kitty
[applications]
enabled=true
[calculator_muparser]
enabled=false
[calculator_qalculate]
enabled=false
[datetime]
enabled=true
[googletrans]
enabled=false
[hash]
enabled=true
[pass]
enabled=true
[pomodoro]
enabled=true
[python]
enabled=true
watchSources=false
[python_eval]
enabled=true
[snippets]
enabled=false
[ssh]
enabled=true
[system]
enabled=false
[terminal]
enabled=true
[widgetsboxmodel]
alwaysOnTop=true
clearOnHide=true
clientShadow=true
displayIcons=true
displayScrollbar=true
followCursor=true
hideOnFocusLoss=false
historySearch=true
itemCount=8
quitOnClose=false
showCentered=true
showFallbacksOnEmpty=true
systemShadow=false
theme=Numix
windowPosition=@Point(1962 886)

36
.config/sway/config
View File

@ -15,6 +15,7 @@ set
$nutermmenu kitty --class 'launcher' bash -c 'compgen -c | sort -u | fzf | xargs -r kitty' $nutermmenu kitty --class 'launcher' bash -c 'compgen -c | sort -u | fzf | xargs -r kitty'
$bemenu bemenu-run --fork -l 5 -n -p "▶" --fn 'FiraCode Retina 17' | xargs swaymsg exec $bemenu bemenu-run --fork -l 5 -n -p "▶" --fn 'FiraCode Retina 17' | xargs swaymsg exec
$dashpls nwggrid $dashpls nwggrid
$albert QT_QPA_PLATFORM=xcb albert show
# $bg "~/Pictures/apod/2019-January-2-The-Orion-Nebula-in-Infrared-from-WISE.jpg fit #000000" # $bg "~/Pictures/apod/2019-January-2-The-Orion-Nebula-in-Infrared-from-WISE.jpg fit #000000"
# $bg "~/Pictures/apod/2020-April-29-The-Ion-Tail-of-New-Comet-SWAN.jpg fit #000000" # $bg "~/Pictures/apod/2020-April-29-The-Ion-Tail-of-New-Comet-SWAN.jpg fit #000000"
$bg "~/Pictures/apod/2020-August-11-Churning-Clouds-on-Jupiter.jpg" $bg "~/Pictures/apod/2020-August-11-Churning-Clouds-on-Jupiter.jpg"
@ -84,26 +85,25 @@ exec_always --no-startup-id
gsettings set org.gnome.desktop.wm.preferences theme '$theme' gsettings set org.gnome.desktop.wm.preferences theme '$theme'
gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true
pgrep -u $(id -u) kanshi && pkill kanshi # run this prior to first run:
# glib-compile-schemas /usr/share/glib-2.0/schemas
# glib-compile-schemas ~/.local/share/glib-2.0/schemas/
gsettings set com.github.stunkymonkey.nautilus-open-any-terminal terminal kitty
pgrep -u $(id -u) ibus-daemon && pkill ibus-daemon pgrep -u $(id -u) ibus-daemon && pkill ibus-daemon
ibus-daemon -dxrt auto ibus-daemon -dxrt auto
### Needed for xdg-desktop-portal-kde ### Needed for xdg-desktop-portal-*
dbus-update-activation-environment --systemd --all dbus-update-activation-environment --systemd --all
/usr/lib/xdg-desktop-portal --replace /usr/libexec/xdg-desktop-portal --replace
pgrep -u $(id -u) kdeconnect-indi && pkill kdeconnect-indi
pgrep -u $(id -u) mako && pkill mako pgrep -u $(id -u) mako && pkill mako
pgrep -u $(id -u) fusuma && pkill fusuma pgrep -u $(id -u) fusuma && pkill fusuma
pgrep -u $(id -u) swayrd && pkill swayrd pgrep -u $(id -u) swayrd && pkill swayrd
pgrep -u $(id -u) autotiling && pkill autotiling
pgrep -u $(id -u) batsignal && pkill batsignal pgrep -u $(id -u) batsignal && pkill batsignal
pgrep -u $(id -u) swayidle && pkill swayidle pgrep -u $(id -u) swayidle && pkill swayidle
kdeconnect-indicator
mako mako
XDG_SESSION_TYPE=x11 XDG_CURRENT_DESKTOP=gnome fusuma -d -c ~/.config/fusuma/config-wl.yml XDG_CURRENT_DESKTOP=gnome fusuma -d -c ~/.config/fusuma/config-wl.yml
env RUST_BACKTRACE=1 ~/.cargo/bin/swayrd > /tmp/swayrd.log 2>&1 env RUST_BACKTRACE=1 swayrd > /tmp/swayrd.log 2>&1
kanshi
autotiling
batsignal '-d -w 25 -c 15 -d 10' batsignal '-d -w 25 -c 15 -d 10'
swayidle -w \ swayidle -w \
timeout 545 'pgrep -u $(id -u) swaylock || notify-send -t 15000 -u critical -i "Idle timeout" "Screen is locking soon"' \ timeout 545 'pgrep -u $(id -u) swaylock || notify-send -t 15000 -u critical -i "Idle timeout" "Screen is locking soon"' \
@ -121,16 +121,13 @@ exec --no-startup-id {
dbus-update-activation-environment DISPLAY XAUTHORITY dbus-update-activation-environment DISPLAY XAUTHORITY
ibus-daemon -dxrt auto ibus-daemon -dxrt auto
$keyring $keyring
### Needed for xdg-desktop-portal-kde ### Needed for xdg-desktop-portal-*
dbus-update-activation-environment --systemd --all dbus-update-activation-environment --systemd --all
/usr/lib/xdg-desktop-portal --replace /usr/libexec/xdg-desktop-portal --replace
pgrep -u $(id -u) kdeconnect-indi || kdeconnect-indicator
pgrep -u $(id -u) mako || mako pgrep -u $(id -u) mako || mako
# XDG_SESSION_TYPE=x11 XDG_CURRENT_DESKTOP=gnome fusuma -d -c ~/.config/fusuma/config-wl.yml # XDG_SESSION_TYPE=x11 XDG_CURRENT_DESKTOP=gnome fusuma -d -c ~/.config/fusuma/config-wl.yml
pgrep -u $(id -u) fusuma || fusuma -d -c ~/.config/fusuma/config-wl.yml pgrep -u $(id -u) fusuma || XDG_CURRENT_DESKTOP=gnome fusuma -d -c ~/.config/fusuma/config-wl.yml
env RUST_BACKTRACE=1 ~/.cargo/bin/swayrd > /tmp/swayrd.log 2>&1 env RUST_BACKTRACE=1 swayrd > /tmp/swayrd.log 2>&1
pgrep -u $(id -u) kansi || kanshi
pgrep -u $(id -u) autotiling || autotiling
pgrep -u $(id -u) batsignal || batsignal '-d -w 25 -c 15 -d 10' pgrep -u $(id -u) batsignal || batsignal '-d -w 25 -c 15 -d 10'
pgrep -u $(id -u) swayidle || swayidle -w \ pgrep -u $(id -u) swayidle || swayidle -w \
timeout 545 'pgrep -u $(id -u) swaylock || notify-send -t 15000 -u critical -i "Idle timeout" "Screen is locking soon"' \ timeout 545 'pgrep -u $(id -u) swaylock || notify-send -t 15000 -u critical -i "Idle timeout" "Screen is locking soon"' \
@ -176,8 +173,9 @@ bindsym
$mod+t exec $term $mod+t exec $term
$mod+ctrl+Shift+t exec qterminal $mod+ctrl+Shift+t exec qterminal
$mod+Shift+q kill $mod+Shift+q kill
alt+F1 exec $menu alt+Shift+F1 exec $menu
alt+Shift+F1 exec $dashpls alt+F1 exec $albert
# alt+Shift+F1 exec $dashpls
alt+F2 exec $bemenu alt+F2 exec $bemenu
alt+F3 exec ulauncher-toggle alt+F3 exec ulauncher-toggle
alt+Shift+F2 exec $nutermmenu alt+Shift+F2 exec $nutermmenu

3
.config/systemd/user.conf
View File

@ -1,3 +0,0 @@
[Manager]
DefaultTimeoutStarSec=15s
DefaultTimeoutStopSec=15s

16
.config/systemd/user/.#waybar.service15c133f9ac3a0f00
View File

@ -1,16 +0,0 @@
# ~/.config/systemd/user/waybar.service or /etc/systemd/user/waybar.service
[Unit]
Description=Highly customizable Wayland bar for Sway and Wlroots based compositors.
Documentation=https://github.com/Alexays/Waybar/wiki/
#PartOf=graphical-session.target
PartOf=sway-session.target
After=sway-session.target
[Service]
ExecStart=/usr/bin/waybar
# Upstreamed in https://github.com/Alexays/Waybar/pull/1036
ExecReload=kill -SIGUSR2 $MAINPID
Restart=on-failure
[Install]
WantedBy=sway-session.target

9
.config/systemd/user/battery.service
View File

@ -1,9 +0,0 @@
[Unit]
Description=Power Profiles service
[Service]
Type=simple
ExecStart=%h/.local/bin/battery.sh
[Install]
WantedBy=multi-user.target

10
.config/systemd/user/battery.timer
View File

@ -1,10 +0,0 @@
[Unit]
Description=Power Profiles timer
[Timer]
OnActiveSec=20s
OnUnitActiveSec=5m
Unit=battery.service
[Install]
WantedBy=timers.target

1
.config/systemd/user/default.target.wants/pipewire.service
View File

@ -1 +0,0 @@
/usr/lib/systemd/user/pipewire.service

39
.config/systemd/user/ff_nn.service
View File

@ -1,39 +0,0 @@
# /etc/systemd/system/ffnn.service
[Unit]
Description=sh*tbrowser
PartOf=sway-session.target
After=sway-session.target
[Service]
; RemainAfterExit=yes
; Security
; PrivateUsers=true
; ProtectKernelModules=yes
DevicePolicy=closed
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=-%h/Downloads/firefox-nightly
ReadWritePaths=-%h/Downloads
NoNewPrivileges=true
ProtectProc=invisible
PrivateTmp=yes
LockPersonality=true
SystemCallArchitectures=native
Environment=MOZ_ENABLE_WAYLAND=1
Environment=MOZ_DBUS_REMOTE=1
Environment=MOZ_USE_XINPUT2=1
Environment=QT_QPA_PLATFORM=wayland
Environment=XDG_SESSION_TYPE=wayland
Environment=SDL_VIDEODRIVER=wayland
Environment=NO_AT_BRIDGE=1
ExecStart=
ExecStart=-%h/Downloads/firefox-nightly/firefox-bin
; ExecStart=-%h/Downloads/firefox-nightly/firefox-bin -desktop
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=sway-session.target

31
.config/systemd/user/gopls.service
View File

@ -1,31 +0,0 @@
[Unit]
Description = Go language server.
[Service]
ExecStartPre=bash -c "rm -v -f /tmp/.gopls-daemon.sock || true"
ExecStart=%h/go/bin/gopls -listen="unix;/tmp/.gopls-daemon.sock"
ExecStopPost=bash -c "rm -v -f /tmp/.gopls-daemon.sock || true"
; -remote.listen.timeout
Restart=on-failure
RestartSec=1m
SystemCallFilter=~@reboot @obsolete
ProtectProc=invisible
ProcSubset=pid
ProtectHome=true
RestrictNamespaces=true
NoNewPrivileges=yes
ProtectSystem=strict
DevicePolicy=closed
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictAddressFamilies=AF_UNIX
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
[Install]
WantedBy=default.target

19
.config/systemd/user/podman.service
View File

@ -1,19 +0,0 @@
[Unit]
Description=Podman API Service
Requires=podman.socket
After=podman.socket
Documentation=man:podman-system-service(1)
StartLimitIntervalSec=0
[Service]
Slice=podman.slice
; Delegate=yes
Delegate=cpu cpuset memory pids io
Type=exec
KillMode=process
Environment=LOGGING="--log-level=info"
ExecStart=/usr/bin/podman --cgroup-manager=systemd $LOGGING system service
[Install]
; WantedBy=multi-user.target
WantedBy=sway-session.target

18
.config/systemd/user/podman.slice
View File

@ -1,18 +0,0 @@
[Unit]
Description=Slice that limits podman resources
Before=slices.target
# refs:
# https://baykara.medium.com/docker-resource-management-via-cgroups-and-systemd-633b093a835c
# https://docs.docker.com/engine/reference/commandline/dockerd/#docker-runtime-execution-op>
[Slice]
CPUAccounting=yes
# 100% is an equivalent of full utilization on a single core
# we allow for 85% here - applies to all docker.service-spawn
# processes cumulatively
# CPUQuota=85%
CPUQuota=50%
MemoryAccounting=yes
MemoryHigh=10G
MemoryMax=12G
MemorySwapMax=1G

1
.config/systemd/user/sockets.target.wants/pipewire-pulse.socket
View File

@ -1 +0,0 @@
/usr/lib/systemd/user/pipewire-pulse.socket

1
.config/systemd/user/sockets.target.wants/pipewire.socket
View File

@ -1 +0,0 @@
/usr/lib/systemd/user/pipewire.socket

6
.config/systemd/user/sway-session.target
View File

@ -1,6 +0,0 @@
[Unit]
Description=sway compositor session
Documentation=man:systemd.special(7)
BindsTo=graphical-session.target
Wants=graphical-session-pre.target
After=graphical-session-pre.target

3
.config/systemd/user/sway-session.target.d/override.conf
View File

@ -1,3 +0,0 @@
[Unit]
Wants=xdg-desktop-autostart.target
Before=xdg-desktop-autostart.target

1
.config/systemd/user/sway-session.target.wants/podman.service
View File

@ -1 +0,0 @@
../podman.service

1
.config/systemd/user/sway-session.target.wants/waybar.service
View File

@ -1 +0,0 @@
../waybar.service

16
.config/systemd/user/sway.service
View File

@ -1,16 +0,0 @@
[Unit]
Description=sway - SirCmpwn's Wayland window manager
# as per https://github.com/swaywm/sway/wiki/Systemd-integration#running-sway-itself-as-a---user-service
Documentation=man:sway(5)
BindsTo=graphical-session.target
Wants=graphical-session-pre.target
After=graphical-session-pre.target
[Service]
Type=simple
EnvironmentFile=-%h/.config/sway/env
ExecStartPre=-source %h/.zprofile
ExecStart=/usr/bin/sway
Restart=on-failure
RestartSec=2
TimeoutStopSec=10

1
.config/systemd/user/timers.target.wants/battery.timer
View File

@ -1 +0,0 @@
/home/vis/.config/systemd/user/battery.timer

1
.config/systemd/user/tracker-extract-3.service
View File

@ -1 +0,0 @@
/dev/null

1
.config/systemd/user/tracker-miner-fs-3.service
View File

@ -1 +0,0 @@
/dev/null

1
.config/systemd/user/tracker-miner-fs-control-3.service
View File

@ -1 +0,0 @@
/dev/null

1
.config/systemd/user/tracker-miner-rss-3.service
View File

@ -1 +0,0 @@
/dev/null

1
.config/systemd/user/tracker-writeback-3.service
View File

@ -1 +0,0 @@
/dev/null

1
.config/systemd/user/tracker-xdg-portal-3.service
View File

@ -1 +0,0 @@
/dev/null

17
.config/systemd/user/waybar.service
View File

@ -1,17 +0,0 @@
# ~/.config/systemd/user/waybar.service or /etc/systemd/user/waybar.service
[Unit]
Description=Highly customizable Wayland bar for Sway and Wlroots based compositors.
Documentation=https://github.com/Alexays/Waybar/wiki/
#PartOf=graphical-session.target
PartOf=sway-session.target
After=sway-session.target
[Service]
ExecStart=/usr/bin/waybar
# Upstreamed in https://github.com/Alexays/Waybar/pull/1036
ExecReload=kill -SIGUSR2 $MAINPID
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=sway-session.target

2
.config/systemd/user/waybar.service.d/override.conf
View File

@ -1,2 +0,0 @@
[Service]
Environment=PATH=%h/bin:/usr/local/bin:/usr/bin

388
home-surtur.nix
View File

@ -6,6 +6,7 @@
... ...
}: let }: let
hostName = "surtur"; hostName = "surtur";
swayTgt = "sway-session.target";
in { in {
home.username = "$USER"; home.username = "$USER";
home.sessionVariables.HOSTNAME = "${hostName}"; home.sessionVariables.HOSTNAME = "${hostName}";
@ -28,16 +29,35 @@ in {
statix statix
niv niv
rnix-lsp rnix-lsp
exa
ripgrep
starship
sheldon
duf duf
dua dua
du-dust du-dust
b3sum
cargo-watch
zellij zellij
cloak cloak
headscale headscale
btop btop
sops sops
neovim neovim
nautilus-open-any-terminal
dhall
ccache ccache
zathura
autotiling
bemenu
swayr
kanshi
waybar
albert
]; ];
homeage = { homeage = {
@ -78,6 +98,362 @@ in {
./nix/programs.nix ./nix/programs.nix
]; ];
services = {
kdeconnect = {
enable = true;
indicator = true;
};
};
systemd.user.services = {
kanshi = {
Unit = {
Description = "Dynamic output configuration for Wayland compositors";
# Documentation = "man:kanshi(1)";
Documentation = "https://sr.ht/~emersion/kanshi";
BindsTo = config.services.kanshi.systemdTarget;
};
Service = {
Type = "simple";
# ExecStart = "/usr/sbin/kanshi";
ExecStart = "${config.services.kanshi.package}/bin/kanshi";
Restart = "always";
RestartSec = "5s";
LockPersonality = true;
PrivateTmp = "yes";
DevicePolicy = "closed";
};
Install = {WantedBy = [config.services.kanshi.systemdTarget];};
};
waybar = {
Unit = {
Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors.";
Documentation = "https://github.com/Alexays/Waybar/wiki/";
PartOf = swayTgt;
After = swayTgt;
};
Service = {
ExecStart = "${pkgs.waybar}/bin/waybar";
# ExecReload = "kill -SIGUSR2 $MAINPID";
ExecReload = "kill -SIGUSR2 ''$MAINPID";
Restart = "on-failure";
RestartSec = "3s";
LockPersonality = true;
PrivateTmp = "yes";
DevicePolicy = "closed";
};
Install = {WantedBy = [swayTgt];};
};
autotiling = {
Unit = {
Description = "Script for sway and i3 to automatically switch the horizontal / vertical window split orientation";
Documentation = "https://github.com/nwg-piotr/autotiling";
BindsTo = swayTgt;
};
Service = {
Type = "simple";
ExecStart = "${pkgs.autotiling}/bin/autotiling";
Restart = "always";
RestartSec = "5s";
LockPersonality = true;
PrivateTmp = "yes";
DevicePolicy = "closed";
};
Install = {WantedBy = [swayTgt];};
};
albert = {
Unit = {
Description = "A C++/Qt based desktop agnostic keyboard launcher that helps you to accomplish your workflows in a breeze";
Documentation = "https://albertlauncher.github.io/";
BindsTo = swayTgt;
};
Service = {
Type = "simple";
# after hm stateVersion bump to 23.05, albert doesn't seem to support explicit wayland.
Environment = "QT_QPA_PLATFORM=xcb";
ExecStart = "${pkgs.albert}/bin/albert";
Restart = "always";
RestartSec = "3s";
LockPersonality = true;
PrivateTmp = "yes";
DevicePolicy = "closed";
};
Install = {WantedBy = [swayTgt];};
};
gopls = {
Unit = {
Description = "Go language server";
};
Service = {
Type = "simple";
ExecStartPre = "bash -c 'rm -v -f /tmp/.gopls-daemon.sock || true'";
ExecStart = "%h/go/bin/gopls -listen='unix;/tmp/.gopls-daemon.sock'";
ExecStopPost = "bash -c 'rm -v -f /tmp/.gopls-daemon.sock || true'";
Restart = "on-failure";
RestartSec = "1m";
TimeoutStopFailureMode = "abort";
SystemCallFilter = "~@reboot @obsolete";
ProtectProc = "invisible";
ProcSubset = "pid";
ProtectHome = true;
RestrictNamespaces = true;
NoNewPrivileges = "yes";
ProtectSystem = "strict";
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
#RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
RestrictAddressFamilies = "AF_UNIX";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
};
# Install = {WantedBy = [swayTgt];};
Install = {WantedBy = ["default.target"];};
};
ff_nn = {
Unit = {
Description = "sh*tbrowser";
PartOf = swayTgt;
After = swayTgt;
};
Service = {
# Type = "simple";
Environment = [
"MOZ_ENABLE_WAYLAND=1"
"MOZ_DBUS_REMOTE=1"
"MOZ_USE_XINPUT2=1"
"QT_QPA_PLATFORM=wayland"
"XDG_SESSION_TYPE=wayland"
"SDL_VIDEODRIVER=wayland"
"NO_AT_BRIDGE=1"
];
ExecStart = "-%h/Downloads/firefox-nightly/firefox-bin -desktop";
Restart = "on-failure";
RestartSec = "5s";
StartLimitBurst = 3;
StartLimitInterval = "60s";
TimeoutStopFailureMode = "abort";
# RestrictNamespaces=true;
DevicePolicy = "closed";
ProtectHome = true;
ProtectSystem = "strict";
ReadWritePaths = [
"-%h/Downloads/firefox-nightly"
"-%h/Downloads"
];
NoNewPrivileges = true;
ProtectProc = "invisible";
# ProcSubset = "pid";
PrivateTmp = "yes";
LockPersonality = true;
SystemCallFilter = "~@reboot @obsolete";
SystemCallArchitectures = "native";
};
Install = {WantedBy = [swayTgt];};
};
battery = {
Unit = {
Description = "Power Profiles service";
PartOf = swayTgt;
};
Service = {
Type = "simple";
ExecStart = "%h/.local/bin/battery.sh";
Restart = "on-failure";
RestartSec = "15s";
TimeoutStopFailureMode = "abort";
LockPersonality = true;
PrivateTmp = "yes";
DevicePolicy = "closed";
};
};
nextcloud = {
Unit = {
Description = "Podman container Nextcloud";
PartOf = swayTgt;
Wants = "network-online.target";
After = "network-online.target";
RequiresMountsFor = "/run/user/1000/containers";
};
Service = {
CPUQuota = "2%";
Slice = "nextcloud.slice";
Environment = "PODMAN_SYSTEMD_UNIT=%n";
Restart = "on-failure";
RestartSec = 5;
TimeoutStartSec = 600;
# TimeoutStopSec=10;
ExecStartPre = "/usr/bin/podman-compose -f %h/.nextcloud/docker-compose.yml -p nextcloud down";
ExecStart = "/usr/bin/podman-compose -f %h/.nextcloud/docker-compose.yml -p nextcloud up --remove-orphans";
ExecStop = "/usr/bin/podman-compose -f %h/.nextcloud/docker-compose.yml -p nextcloud down";
Type = "simple";
Delegate = "no";
ProtectSystem = "strict";
ProtectProc = "invisible";
ProcSubset = "pid";
DevicePolicy = "closed";
NoNewPrivileges = true;
LockPersonality = true;
InaccessiblePaths = [
"-/lost+found"
"/dev/shm"
"-%h/.ssh"
];
KeyringMode = "private";
SystemCallFilter = "~memfd_create @reboot";
TimeoutStopFailureMode = "abort";
};
Install = {
WantedBy = ["default.target"];
};
};
trackerMask = {
Unit = {Description = "";};
Service = {
Type = "oneshot";
ExecStart = "bash -c 'systemctl --user mask tracker-extract-3.service tracker-miner-fs-3.service tracker-miner-rss-3.service tracker-writeback-3.service tracker-xdg-portal-3.service tracker-miner-fs-control-3.service'";
DevicePolicy = "closed";
NoNewPrivileges = true;
LockPersonality = true;
InaccessiblePaths = [
"-/lost+found"
"/dev/shm"
"-%h/.ssh"
];
KeyringMode = "private";
};
};
appr120Mask = {
Unit = {Description = "";};
Service = {
Type = "oneshot";
ExecStart = "bash -c 'systemctl --user mask app-r120@autostart'";
DevicePolicy = "closed";
NoNewPrivileges = true;
LockPersonality = true;
InaccessiblePaths = [
"-/lost+found"
"/dev/shm"
"-%h/.ssh"
];
KeyringMode = "private";
};
};
};
systemd.user.slices = {
chromium = {
Unit = {
Description = "Slice that limits chromium's resources";
Before = "slices.target";
};
Slice = {
CPUAccounting = "yes";
CPUQuota = "220%";
MemoryAccounting = "yes";
MemoryHigh = "6G";
MemoryMax = "6.1G";
};
};
nextcloud = {
Unit = {Description = "Slice that limits nextcloud's resources";};
Slice = {
MemoryAccounting = "yes";
# MemoryHigh works only in "unified" cgroups mode, NOT in "hybrid" mode
MemoryHigh = "250M";
# MemoryMax works in "hybrid" cgroups mode, too
MemoryMax = "300M";
CPUAccounting = "yes";
# CPUQuota=15%;
CPUQuota = "3%";
};
};
podman = {
# refs:
# https://baykara.medium.com/docker-resource-management-via-cgroups-and-systemd-633b093a835c
# https://docs.docker.com/engine/reference/commandline/dockerd/#docker-runtime-execution-op>
Unit = {
Description = "Slice that limits podman resources";
Before = "slices.target";
};
Slice = {
MemoryAccounting = "yes";
MemoryHigh = "10G";
MemoryMax = "12G";
MemorySwapMax = "1G";
# 100% is an equivalent of full utilization on a single core
# we allow for 85% here - applies to all docker.service-spawn
# processes cumulatively
CPUAccounting = "yes";
# CPUQuota=85%;
CPUQuota = "50%";
};
};
};
systemd.user.timers = {
battery = {
Unit = {
Description = "Power Profiles timer";
};
Timer = {
OnActiveSec = "20s";
OnUnitActiveSec = "5m";
Unit = "battery.service";
};
Install = {
WantedBy = ["timers.target"];
};
};
};
systemd.user.targets = {
sway-session = {
Unit = {
Description = "Sway compositor session";
Documentation = "man:systemd.special(7)";
BindsTo = "graphical-session.target";
Wants = "graphical-session-pre.target";
After = "graphical-session-pre.target";
Before = "xdg-desktop-autostart.target";
};
};
};
home.file = { home.file = {
".config/kitty/kitty.conf" = { ".config/kitty/kitty.conf" = {
source = .config/kitty/kitty.conf; source = .config/kitty/kitty.conf;
@ -100,6 +476,14 @@ in {
source = ./.config/nvim/init.vim; source = ./.config/nvim/init.vim;
}; };
".config/systemd/user.conf" = {
text = ''
[Manager]
DefaultTimeoutStarSec=15s
DefaultTimeoutStopSec=15s
'';
};
".config/sway/config" = { ".config/sway/config" = {
source = ./.config/sway/config; source = ./.config/sway/config;
}; };
@ -134,6 +518,10 @@ in {
source = ./bin/sway-locker; source = ./bin/sway-locker;
}; };
".config/albert.conf" = {
source = ./.config/albert/albert.conf;
};
".config/direnv/direnv.toml" = { ".config/direnv/direnv.toml" = {
source = ./.config/direnv/direnv.toml; source = ./.config/direnv/direnv.toml;
}; };