nix: Finish system config

config/automatrop/roles/system/files/openvpn-client.service

@@ -1,11 +0,0 @@
-[Service]
-ExecStart=
-ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf
-# The part before --script-security 2 might need upgrading from
-# /usr/lib/systemd/system/openvpn-client@.service if it was upgraded
-Restart=on-failure
-User=
-AmbiantCapabilities=
-# It's not pretty, but other script only work with systemd or call resolvconf with -p,
-# which doesn't work without a local DNS resolver
-# TODO Local DNS resolver sounds nice anyway

config/automatrop/roles/system/handlers/main.yaml

@@ -23,8 +23,3 @@
   debug:
     msg: "The Panfrost display driver configuration was changed, but needs a reboot to be applied."
   listen: panfrost config changed
-
-- name: Reload systemd-logind
-  command: systemctl kill -s HUP systemd-logind
-  become: yes
-  listen: systemd-logind config changed

config/automatrop/roles/system/tasks/main.yml

@@ -76,53 +76,3 @@
     - etc changed
     - systemd changed
   when: not auto_numlock
-
-### STOPPED HERE ###
-
-- name: Empty motd
-  copy:
-    content: ""
-    dest: /etc/motd
-    mode: "u=rw,g=r,o=r"
-  become: yes
-  notify:
-    - etc changed
-
-# VPN configuration
-
-- name: Prepare directory for openvpn-client service override
-  file:
-    path: /etc/systemd/system/openvpn-client@.service.d
-    state: directory
-    mode: "u=rwx,g=rx,o=rx"
-  become: yes
-
-- name: Make openvpn use hooks for resolvconf
-  copy:
-    src: openvpn-client.service
-    dest: /etc/systemd/system/openvpn-client@.service.d/override.conf
-  become: yes
-  notify:
-    - etc changed
-    - systemd changed
-
-- name: Disable power button
-  lineinfile:
-    path: /etc/systemd/logind.conf
-    line: 'HandlePowerKey=ignore'
-    regexp: '^#? *HandlePowerKey='
-    insertafter: '^\[Login\]$'
-  become: yes
-  notify: systemd-logind config changed
-  # Reason: I sometimes press it accidentally
-  # (hoping to start it when it's already started,
-  # or really accidentally on the Pinebook).
-  # Suspend would be nice, but it doesn't have the locker then
-
-# TODO Hibernation, if that's relevant
-# $ sudo blkid | grep 'TYPE="swap"'
-# $ sudoedit /etc/default/grub
-# Add resume=UUID=<UUID-of-swap-partition> to GRUB_CMDLINE_LINUX_DEFAULT
-# $ sudo grub-mkconfig -o /boot/grub/grub.cfg
-
-# TODO udevil

config/nix/modules/common.nix

@@ -122,6 +122,9 @@
     # Might want to see if it's worth using on NixOS
     gnupg.agent.enable = true;
 
+    # Let users mount disks
+    udevil.enable = true;
+
     # TODO Below should be user config
 
     zsh = {
@@ -145,13 +148,23 @@
 
     # Time sychronisation
     chrony = {
-        enable = true;
+      enable = true;
-        servers = map (n: "${toString n}.europe.pool.ntp.org") (lib.lists.range 0 3);
+      servers = map (n: "${toString n}.europe.pool.ntp.org") (lib.lists.range 0 3);
-        extraConfig = "rtcsync";
+      extraConfig = "rtcsync";
     };
 
+    # Prevent power button from shutting down the computer.
+    # On Pinebook it's too easy to hit,
+    # on others I sometimes turn it off when unsuspending.
+    logind.extraConfig = "HandlePowerKey=ignore";
+
   };
 
+  # FIXME services.openvpn.servers.<name>.updateResolvConf=true
+  # For profiles in the extensions
+
+  # TODO Hibernation?
+
   # TEST
   system.copySystemConfiguration = true;