Searching for a Module that Doesn't Exist

(I'm talking about atama-hyprland - I referenced it a couple of times there, but it's not actually a real module yet because my Hyprland config needs a serious cleanup before it's publishable)

hosts/GuzioPadV4.yaml

@@ -20,6 +20,7 @@ enabled_modules:
     - xdg-user-dirs
     - atama-branding
     - pipewire
+    - waydroid-ssh
 
 # Module processing mode
 # parallel: Collect and install all modules at once (faster, default)

modules/system-packages-GuzioPadV4/packages-blendbase.yaml

@@ -64,8 +64,8 @@ packages:
     - 'lshw'
     - 'libfido2'
     - 'libusb-compat'
-    - 'linux-zen'
+    #- 'linux-zen'
-    - 'linux-zen-headers'
+    #- 'linux-zen-headers'
     - 'linux-atm'
     - 'linux-firmware'
     - 'linux-firmware-marvell'

modules/waydroid-ssh/dependencies.yaml

@@ -0,0 +1,4 @@
+description: Packages needed to run the module's hook.
+packages:
+    - bash
+    - openssh

modules/waydroid-ssh/hook.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# extra precautions until run_hooks_as_user: true is fixed
+if [ -n "$SUDO_USER" ]; then
+	USER="$SUDO_USER";
+	HOME="$(realpath "~$USER")";
+	HOME=${HOME%"/~$USER"};
+fi
+
+mkdir -p "$HOME/.ssh/dcli-waydroid-ssh"
+
+if [ ! -f "$HOME/.ssh/dcli-waydroid-ssh/ssh_host_rsa_key" ]; then
+	ssh-keygen -f "$HOME/.ssh/dcli-waydroid-ssh/ssh_host_rsa_key" -N '' -t rsa
+fi
+
+#No need to make sure that „our key” is added - login should be password-based anyway (at least it was in my testing - it seems that passwords are the default on Arch). The file simply needs to exist and have SOMETHING in there, so that the config won't be upset.
+if [ ! -f "$HOME/.ssh/authorized_keys" ]; then
+	if [ ! -f "$HOME/.ssh/dcli-waydroid-ssh/ssh_user_key.pub" ]; then
+		ssh-keygen -f "$HOME/.ssh/dcli-waydroid-ssh/ssh_user_key" -N ''
+	fi
+	cat "$HOME/.ssh/dcli-waydroid-ssh/ssh_user_key.pub" >> "$HOME/.ssh/authorized_keys"
+fi
+
+cat << EOF > "$HOME/.ssh/dcli-waydroid-ssh/sshd_config"
+Port 2222
+HostKey $HOME/.ssh/dcli-waydroid-ssh/ssh_host_rsa_key
+AuthorizedKeysFile $HOME/.ssh/authorized_keys
+ChallengeResponseAuthentication no
+UsePAM yes
+PermitUserEnvironment yes
+PidFile $HOME/.ssh/dcli-waydroid-ssh/sshd.pid
+EOF
+
+echo "Extra things to note:
+* Launch your server with \`/usr/bin/sshd -f \"$HOME/.ssh/dcli-waydroid-ssh/sshd_config\"\` (if using the atama-hyprland DCli module - it's added to auto-start).
+* The server launches in the background - don't be afraid that the command simply exits. To stop it, simply \`killall sshd\`.
+* Connect to it with \`ssh -p 2222 \"$USER@localhost\`\". It should simply ask for your password, but in the event it fails with a public-key error, please provide a private key param (\`ssh -p 2222 -i \"<path to key>.pub\" \"$USER@localhost\"\`).
+* If a private key is needed (see above), it should should correspond to the public key in your \"$HOME/.ssh/authorized_keys\" file (if you don't remember creating one, chances are it got autogenerated for you by this hook (in that case, the file will be \"$HOME/.ssh/dcli-waydroid-ssh/ssh_user_key\"), or if that didn't happen, but you still don't know which key could it be (eg. there was one provided by your OS) - simply remove \"$HOME/.ssh/authorized_keys\" and run this hook again to have it auto-generate).
+* Connecting instructions above apply to Linux's OpenSSH package - of course, when connecting from Waydroid (which is the intention of this module, after all), you'll need to translate that command syntax to GUI actions in whatever-SSH-client-for-Android-you-choose yourself.
+* If you want be able to launch GUI apps on the Linux side from the Waydroid side, as well as have general QoL improvements (eg. have your Flatpaks included on the path, or the ability to control user-level SystemD services), it's recommended that you run \`env > \"$HOME/.ssh/environment\"\` on every login from a process that already has access to all your environment variables (either a terminal running on the Linux side (not from a remote SSH session) or - better yet (to not pollute the env with terminal-specific things that may not apply to your SSH app, as well as to avoid running it over and over manually) - have it happen on your WM startup, which is already the case in atama-hyprland) on every login (not just once because envars can AND WILL change after re-log)."

modules/waydroid-ssh/module.yaml

@@ -0,0 +1,13 @@
+description: Configures a local for-user SSH server. Like the name implies, it's intended for use with Waydroid, so that you can still control your machine while inside a Waydroid session - but it doesn't outright depend on it and strictly speaking it will work for any use-case that needs a loop-back SSH session for some reason.
+package-files:
+    - dependencies.yaml
+post_install_hook: "hook.sh"
+post_disable_hook: "unhook.sh" #No matter what I tried, I couldn't get this hook to actually trigger, so it seems to be an in-development stub that doesn't work yet (especially given how there was literally 0 documentation on this - I simply spotted it being listed in auto-generated modules). For now, the unhook script has to be run manually if you want to undo the power button setup. Nevertheless, it's listed here, so it should Just Work [TM] when DCli adds support.
+run_hooks_as_user: true
+hook_behavior: always  #...instead of "once" because this lets your config be self-healing (even if you mess something up, next dcli sync will restore it); ...instead of "ask" because I don't like pestering people with RUN THIS HOOK? RUN THIS HOOK? (if anything, that makes it more likely that they will "[S]kip always", thus rendering the „self-healing” non-functional)
+author: "Guzio"
+version: "1.0.0"
+category: "system"
+tags: []
+license: "MIT"
+upstream_url: "https://gitdab.com/Guzio/system/src/branch/main/modules/waydroid-ssh"

modules/waydroid-ssh/unhook.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# extra precautions until run_hooks_as_user: true is fixed
+if [ -n "$SUDO_USER" ]; then
+	USER="$SUDO_USER";
+	HOME="$(realpath "~$USER")";
+	HOME=${HOME%"/~$USER"};
+fi
+
+rm -vR "$HOME/.ssh/dcli-waydroid-ssh"