]> Git — Sourcephile - julm/julm-nix.git/blob - nixos/profiles/irssi.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
tmux: enable socket activation
[julm/julm-nix.git] / nixos / profiles / irssi.nix
1 { pkgs, lib, config, inputs, ... }:
2 {
3 systemd.sockets."tmux@" = {
4 listenStreams = [ "/home/%i/tmux.sock" ];
5 socketConfig.SocketUser = "%i";
6 socketConfig.SocketMode = "600";
7 socketConfig.Service = "tmux@%i.service";
8 };
9 /*
10 systemd.services."proxy-to-irssi@" = {
11 requires = ["irssi@%i.service"];
12 after = ["irssi@%i.service" "proxy-to-irssi-%i.socket"];
13 #unitConfig.JoinsNamespaceOf = ["netns-${netns}.service"];
14 unitConfig.JoinsNamespaceOf = ["irssi@%i.service"];
15 serviceConfig = {
16 ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd /var/lib/irssi/%i/tmux.sock";
17 #PrivateNetwork = true;
18 PrivateTmp = true;
19 };
20 };
21 */
22 #systemd.sockets."irssi@" = {
23 # enable = values.peersAnnouncing.enable;
24 # listenStreams = [(toString values.peersAnnouncing.listenPort)];
25 # socketConfig.Accept = true;
26 # socketConfig.ReusePort = true;
27 # wantedBy = [ "sockets.target" ];
28 #};
29 systemd.services."tmux@" = {
30 description = "tmux for user %i";
31 #after = [ "network.target" ];
32 environment.HOME = "/var/lib/tmux/%i";
33 # A custom LD_LIBRARY_PATH is needed to access in `getent passwd`
34 # the systemd's entry about the DynamicUser=
35 environment.LD_LIBRARY_PATH = config.system.nssModules.path;
36 serviceConfig = let tmux = "/home/julm/src/tmux/result/bin/tmux"; in {
37 Type = "notify";
38 #GuessMainPID = true;
39 ExecStart = "${tmux} -v -D -f /var/lib/tmux/%i/.config/tmux/tmux.conf -f ${pkgs.writeText "tmux.conf" ''
40 set-option -g default-shell ${pkgs.runtimeShell}
41 #set-option -g exit-empty off
42 new-session -d
43 run-shell -b "systemd-notify --ready"
44 ''}";
45 NotifyAccess = "all";
46 RefuseManualStart = true;
47 #RuntimeDirectory = ["tmux/%i"];
48 #RuntimeDirectoryMode = "755";
49 StateDirectory = ["tmux/%i"];
50 #TimeoutSec = 5;
51 ExecStop = [
52 # Send CTRL+u to clear the input line before /quit
53 #"-${tmux} -L %p send-keys -t irssi:0 C-u"
54 #"-${tmux} -L %p send-keys -t irssi:0 /quit Enter"
55 # Sending /quit to irssi is asynchronous, so wait for irssi to exit
56 # before killing the session in tmux
57 #(pkgs.writeShellScript "stop-irssi" ''
58 # timeout 3 tail --pid=$(cat %t/irssi.pid || echo 0) -f /dev/null
59 #'')
60 #"-${tmux} -L %p kill-session -t irssi-%i"
61 ];
62 WorkingDirectory = "/var/lib/tmux/%i";
63 DynamicUser = true;
64 #User = "%i";
65 BindReadOnlyPaths = [
66 "-/home/%i/.config/tmux/tmux.conf:/var/lib/tmux/%i/.config/tmux/tmux.conf"
67 ];
68
69 #IPAddressDeny = "any";
70 #AmbientCapabilities = [""];
71 #CapabilityBoundingSet = [""];
72 #RestrictNamespaces = true;
73 #PrivateUsers = true;
74 ##NoNewPrivileges = true;
75 ##ProtectSystem = true;
76 ##PrivateTmp = true;
77 #PrivateDevices = true;
78 #ProtectClock = true;
79 #ProtectControlGroups = true;
80 #ProtectHome = true;
81 #ProtectKernelLogs = true;
82 #ProtectKernelModules = true;
83 #ProtectKernelTunables = true;
84 #ProtectProc = "invisible";
85 #SystemCallArchitectures = "native";
86 #SystemCallFilter = [
87 # "@system-service"
88 # "~@keyring" "~@clock" "~@debug" "~@module"
89 # "~@obsolete" "~@privileged" "~@process" "~@resources"
90 #];
91 #RestrictRealtime = true;
92 #LockPersonality = true;
93 #MemoryDenyWriteExecute = true;
94 #UMask = 0077;
95 #ProtectHostname = true;
96 #ProcSubset = "pid";
97 #StandardInput = "socket";
98 #StandardOutput = "socket";
99 #RestrictAddressFamilies = "";
100 };
101 };
102 }
julm's NixOS and home-manager configs