commit
50de8aa60e
@ -0,0 +1,156 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.kanata; |
||||
|
||||
keyboard = { |
||||
options = { |
||||
device = mkOption { |
||||
type = types.str; |
||||
example = "/dev/input/by-id/usb-0000_0000-event-kbd"; |
||||
description = "Path to the keyboard device."; |
||||
}; |
||||
config = mkOption { |
||||
type = types.lines; |
||||
example = '' |
||||
(defsrc |
||||
grv 1 2 3 4 5 6 7 8 9 0 - = bspc |
||||
tab q w e r t y u i o p [ ] \ |
||||
caps a s d f g h j k l ; ' ret |
||||
lsft z x c v b n m , . / rsft |
||||
lctl lmet lalt spc ralt rmet rctl) |
||||
|
||||
(deflayer qwerty |
||||
grv 1 2 3 4 5 6 7 8 9 0 - = bspc |
||||
tab q w e r t y u i o p [ ] \ |
||||
@cap a s d f g h j k l ; ' ret |
||||
lsft z x c v b n m , . / rsft |
||||
lctl lmet lalt spc ralt rmet rctl) |
||||
|
||||
(defalias |
||||
;; tap within 100ms for capslk, hold more than 100ms for lctl |
||||
cap (tap-hold 100 100 caps lctl)) |
||||
''; |
||||
description = '' |
||||
Configuration other than defcfg. |
||||
See <link xlink:href="https://github.com/jtroo/kanata"/> for more information. |
||||
''; |
||||
}; |
||||
extraDefCfg = mkOption { |
||||
type = types.lines; |
||||
default = ""; |
||||
example = "danger-enable-cmd yes"; |
||||
description = '' |
||||
Configuration of defcfg other than linux-dev. |
||||
See <link xlink:href="https://github.com/jtroo/kanata"/> for more information. |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
mkName = name: "kanata-${name}"; |
||||
|
||||
mkConfig = name: keyboard: pkgs.writeText "${mkName name}-config.kdb" '' |
||||
(defcfg |
||||
${keyboard.extraDefCfg} |
||||
linux-dev ${keyboard.device}) |
||||
|
||||
${keyboard.config} |
||||
''; |
||||
|
||||
mkService = name: keyboard: nameValuePair (mkName name) { |
||||
description = "kanata for ${keyboard.device}"; |
||||
|
||||
# Because path units are used to activate service units, which |
||||
# will start the old stopped services during "nixos-rebuild |
||||
# switch", stopIfChanged here is a workaround to make sure new |
||||
# services are running after "nixos-rebuild switch". |
||||
stopIfChanged = false; |
||||
|
||||
serviceConfig = { |
||||
ExecStart = '' |
||||
${cfg.package}/bin/kanata \ |
||||
--cfg ${mkConfig name keyboard} |
||||
''; |
||||
|
||||
DynamicUser = true; |
||||
SupplementaryGroups = with config.users.groups; [ |
||||
input.name |
||||
uinput.name |
||||
]; |
||||
|
||||
# hardening |
||||
DeviceAllow = [ |
||||
"/dev/uinput w" |
||||
"char-input r" |
||||
]; |
||||
CapabilityBoundingSet = ""; |
||||
DevicePolicy = "closed"; |
||||
IPAddressDeny = "any"; |
||||
LockPersonality = true; |
||||
MemoryDenyWriteExecute = true; |
||||
PrivateNetwork = true; |
||||
PrivateUsers = true; |
||||
ProcSubset = "pid"; |
||||
ProtectClock = true; |
||||
ProtectControlGroups = true; |
||||
ProtectHome = true; |
||||
ProtectHostname = true; |
||||
ProtectKernelLogs = true; |
||||
ProtectKernelModules = true; |
||||
ProtectKernelTunables = true; |
||||
ProtectProc = "invisible"; |
||||
RestrictAddressFamilies = "none"; |
||||
RestrictNamespaces = true; |
||||
RestrictRealtime = true; |
||||
SystemCallArchitectures = "native"; |
||||
SystemCallFilter = [ |
||||
"@system-service" |
||||
"~@privileged" |
||||
"~@resources" |
||||
]; |
||||
UMask = "0077"; |
||||
}; |
||||
}; |
||||
|
||||
mkPath = name: keyboard: nameValuePair (mkName name) { |
||||
description = "kanata trigger for ${keyboard.device}"; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
pathConfig = { |
||||
PathExists = keyboard.device; |
||||
}; |
||||
}; |
||||
in |
||||
{ |
||||
options.services.kanata = { |
||||
enable = mkEnableOption "kanata"; |
||||
package = mkOption { |
||||
type = types.package; |
||||
default = pkgs.kanata; |
||||
defaultText = lib.literalExpression "pkgs.kanata"; |
||||
example = lib.literalExpression "pkgs.kanata-with-cmd"; |
||||
description = '' |
||||
kanata package to use. |
||||
If you enable danger-enable-cmd, pkgs.kanata-with-cmd should be used. |
||||
''; |
||||
}; |
||||
keyboards = mkOption { |
||||
type = types.attrsOf (types.submodule keyboard); |
||||
default = { }; |
||||
description = "Keyboard configurations."; |
||||
}; |
||||
}; |
||||
|
||||
config = lib.mkIf cfg.enable { |
||||
hardware.uinput.enable = true; |
||||
|
||||
systemd = { |
||||
paths = mapAttrs' mkPath cfg.keyboards; |
||||
services = mapAttrs' mkService cfg.keyboards; |
||||
}; |
||||
}; |
||||
|
||||
meta.maintainers = with lib.maintainers; [ linj ]; |
||||
} |
@ -1,11 +1,11 @@ |
||||
{ |
||||
"packageVersion": "102.0.1-1", |
||||
"packageVersion": "103.0-3", |
||||
"source": { |
||||
"rev": "102.0.1-1", |
||||
"sha256": "10f9gngn04nwrhcqkdznx7209c4javscqz8arswyrn4c8rc5x6w5" |
||||
"rev": "103.0-3", |
||||
"sha256": "1d8qh0s5zjh10cyyawpvr7ywygg1ibh1r0rx0vnqv1qakj3y4jcq" |
||||
}, |
||||
"firefox": { |
||||
"version": "102.0.1", |
||||
"sha512": "a930d359fb81e473b963a93f6db5110871e9fd57f6d0f352513047d363d930dd4811e8dd786c2f6f3541c3871eb1c0169b718652d9ee076fd13a20f52af30417" |
||||
"version": "103.0", |
||||
"sha512": "016c2f276fb94e5174626f7d8b1a821b2de0f5a07f8a10f00a7ea4d4285591b0c23dd3ef45306579de79b3dfa99ccc527224c33f3319f61cf088b1f4bd097f9e" |
||||
} |
||||
} |
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue