2011-07-25 02:45:52 +02:00
|
|
|
# Upower daemon.
|
|
|
|
|
2014-04-14 16:26:48 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
2011-07-25 02:45:52 +02:00
|
|
|
|
2014-04-14 16:26:48 +02:00
|
|
|
with lib;
|
2011-07-25 02:45:52 +02:00
|
|
|
|
2014-05-19 13:13:32 +02:00
|
|
|
let
|
|
|
|
cfg = config.services.upower;
|
|
|
|
in
|
2011-07-25 02:45:52 +02:00
|
|
|
{
|
|
|
|
|
|
|
|
###### interface
|
2011-09-14 20:20:50 +02:00
|
|
|
|
2011-07-25 02:45:52 +02:00
|
|
|
options = {
|
2011-09-14 20:20:50 +02:00
|
|
|
|
2011-07-25 02:45:52 +02:00
|
|
|
services.upower = {
|
2011-09-14 20:20:50 +02:00
|
|
|
|
2011-07-25 02:45:52 +02:00
|
|
|
enable = mkOption {
|
2013-10-30 17:37:45 +01:00
|
|
|
type = types.bool;
|
2011-07-25 02:45:52 +02:00
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Whether to enable Upower, a DBus service that provides power
|
|
|
|
management support to applications.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2014-05-19 13:13:32 +02:00
|
|
|
package = mkOption {
|
|
|
|
type = types.package;
|
|
|
|
default = pkgs.upower;
|
2016-01-17 19:34:55 +01:00
|
|
|
defaultText = "pkgs.upower";
|
2014-05-19 13:13:32 +02:00
|
|
|
example = lib.literalExample "pkgs.upower";
|
|
|
|
description = ''
|
|
|
|
Which upower package to use.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2011-07-25 02:45:52 +02:00
|
|
|
};
|
2011-09-14 20:20:50 +02:00
|
|
|
|
2011-07-25 02:45:52 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
###### implementation
|
2011-09-14 20:20:50 +02:00
|
|
|
|
2014-05-19 13:13:32 +02:00
|
|
|
config = mkIf cfg.enable {
|
2011-07-25 02:45:52 +02:00
|
|
|
|
2014-05-19 13:13:32 +02:00
|
|
|
environment.systemPackages = [ cfg.package ];
|
2011-07-25 02:45:52 +02:00
|
|
|
|
2014-05-19 13:13:32 +02:00
|
|
|
services.dbus.packages = [ cfg.package ];
|
2011-07-25 02:45:52 +02:00
|
|
|
|
2014-05-19 13:13:32 +02:00
|
|
|
services.udev.packages = [ cfg.package ];
|
2011-08-24 23:24:39 +02:00
|
|
|
|
2013-01-16 12:33:18 +01:00
|
|
|
systemd.services.upower =
|
2012-10-04 22:38:31 +02:00
|
|
|
{ description = "Power Management Daemon";
|
2015-10-11 12:34:28 +02:00
|
|
|
path = [ pkgs.glib.out ]; # needed for gdbus
|
2012-10-04 22:38:31 +02:00
|
|
|
serviceConfig =
|
|
|
|
{ Type = "dbus";
|
|
|
|
BusName = "org.freedesktop.UPower";
|
2014-05-19 13:13:32 +02:00
|
|
|
ExecStart = "@${cfg.package}/libexec/upowerd upowerd";
|
2018-10-12 23:41:53 +02:00
|
|
|
Restart = "on-failure";
|
|
|
|
# Upstream lockdown:
|
|
|
|
# Filesystem lockdown
|
|
|
|
ProtectSystem = "strict";
|
|
|
|
# Needed by keyboard backlight support
|
|
|
|
ProtectKernelTunables = false;
|
|
|
|
ProtectControlGroups = true;
|
|
|
|
ReadWritePaths = "/var/lib/upower";
|
|
|
|
ProtectHome = true;
|
|
|
|
PrivateTmp = true;
|
|
|
|
|
|
|
|
# Network
|
|
|
|
# PrivateNetwork=true would block udev's netlink socket
|
|
|
|
RestrictAddressFamilies = "AF_UNIX AF_NETLINK";
|
|
|
|
|
|
|
|
# Execute Mappings
|
|
|
|
MemoryDenyWriteExecute = true;
|
|
|
|
|
|
|
|
# Modules
|
|
|
|
ProtectKernelModules = true;
|
|
|
|
|
|
|
|
# Real-time
|
|
|
|
RestrictRealtime = true;
|
|
|
|
|
|
|
|
# Privilege escalation
|
|
|
|
NoNewPrivileges = true;
|
2012-10-04 22:38:31 +02:00
|
|
|
};
|
|
|
|
};
|
2012-08-21 17:29:59 +02:00
|
|
|
|
2011-09-06 13:18:36 +02:00
|
|
|
system.activationScripts.upower =
|
|
|
|
''
|
|
|
|
mkdir -m 0755 -p /var/lib/upower
|
|
|
|
'';
|
|
|
|
|
2012-10-05 03:58:40 +02:00
|
|
|
# The upower daemon seems to get stuck after doing a suspend
|
|
|
|
# (i.e. subsequent suspend requests will say "Sleep has already
|
|
|
|
# been requested and is pending"). So as a workaround, restart
|
|
|
|
# the daemon.
|
|
|
|
powerManagement.resumeCommands =
|
|
|
|
''
|
2013-01-16 13:17:57 +01:00
|
|
|
${config.systemd.package}/bin/systemctl try-restart upower
|
2012-10-05 03:58:40 +02:00
|
|
|
'';
|
|
|
|
|
2011-07-25 02:45:52 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
}
|