monotux.tech

keyd primer

Primer, Wayland, systemd, Keyboards

I recently installed Fedora Asahi Remix on my Macbook Air M1 and wanted to swap my alt and command keys, plus rebind my caps-lock key as control. I’m still new to wayland (with plasma6 in this case) so I googled what tools to use and found rvaiya/keyd.

Table of Contents

Basic setup #

Installation was easy, quoting the project README:

git clone https://github.com/rvaiya/keyd
cd keyd
make && sudo make install
sudo systemctl enable --now keyd

Below is a configuration that Works For Me™:

# /etc/keyd/default.conf
[ids]

*

[main]
capslock = overload(control, capslock)

meta = layer(alt)
leftalt = layer(meta)

We swap alt/command, and we make caps-lock behave like normal when tapped, but when held it acts like a control key.

CAPSLOCK as control / escape #

I’ve seen another configuration which makes caps-lock act like escape when tapped and control otherwise, plus remapping caps-lock to the normal escape key – but I’m not a vim user so not as useful for me.

That setup would look something like this:

[ids]

*

[main]
capslock = overload(control, escape)
escape = capslock

meta = layer(alt)
leftalt = layer(meta)

Edit: This is what I use now, it’s a quite nice setup!

Limit remapping to built-in keyboard #

I tried connecting an external keyboard1 to my Macbook and things got really wierd. Fortunately there is built in support for matching hardware IDs in keyd, start by finding the ID of the keyboard you want to affect:

# keyd monitor
device added: 0fac:1ade:d2b36ae6 keyd virtual pointer (/dev/input/event5)
device added: 0fac:0ade:12345678 keyd virtual keyboard (/dev/input/event4)
device added: 05ac:0281:2bd1f3de Apple SPI Keyboard (/dev/input/event1)
device added: 05ac:0281:2782280b Apple SPI Trackpad (/dev/input/event0)
keyd virtual keyboard   0fac:0ade:12345678      enter up
keyd virtual keyboard   0fac:0ade:12345678      leftcontrol down
keyd virtual keyboard   0fac:0ade:12345678      c down

In my case, I wanted to limit keyd to work on 0fac:0ade:12345678 as that’s the built-in keyboard on my Macbook.

Change the keyd configuration to something like this:

[ids]
0fac:0ade:12345678

[main]
capslock = overload(control, escape)
escape = capslock

meta = layer(alt)
leftalt = layer(meta)

See the manpage for more details.

Make service security posture less terrible #

Found this in PR616, it adds some security restrictions to the default systemd unit. The file in it’s entirety:

[Unit]
Description=key remapping daemon
Requires=local-fs.target
After=local-fs.target

[Service]
Type=simple
ExecStart=/usr/bin/keyd

ProtectProc=invisible
ProcSubset=pid
ProtectSystem=strict
ProtectHome=true
ReadOnlyPaths=/etc/keyd
PrivateTmp=true
DeviceAllow=char-input
DeviceAllow=/dev/uinput
ProtectHostname=true
ProtectClock=true

ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictNamespaces=true

RemoveIPC=true
RestrictAddressFamilies=AF_UNIX
PrivateNetwork=true
IPAddressDeny=any

NoNewPrivileges=true
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
RestrictSUIDSGID=true

SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged

CapabilityBoundingSet=CAP_SETGID CAP_SYS_NICE

UMask=177

[Install]
WantedBy=sysinit.target

  1. I typically use QMK on my keyboards, and have already remapped capslock to control, I have OS based alt/meta remapping et c ↩︎