diff options
| author | tv <tv@krebsco.de> | 2023-09-11 18:24:28 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2023-09-13 18:07:11 +0200 |
| commit | 0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 (patch) | |
| tree | dadaec00477a095273475ac345b2066b4748c399 /modules/slock.nix | |
| parent | ab1d0479e90f11806d4703ec6fffed3d5f782914 (diff) | |
stockholm -> hrm
Diffstat (limited to 'modules/slock.nix')
| -rw-r--r-- | modules/slock.nix | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/modules/slock.nix b/modules/slock.nix new file mode 100644 index 0000000..d96ae42 --- /dev/null +++ b/modules/slock.nix @@ -0,0 +1,77 @@ +{ config, lib, mylib, pkgs, ... }: let + cfg = config.tv.slock; +in { + options.tv.slock = { + enable = lib.mkEnableOption "tv.slock"; + package = lib.mkOption { + default = pkgs.writeDashBin "slock" '' + set -efu + display=''${DISPLAY#:} + service=slock-$LOGNAME@$display.service + exec ${pkgs.systemd}/bin/systemctl start "$service" + ''; + type = lib.types.package; + }; + user = lib.mkOption { + type = mylib.types.user; + }; + }; + config = lib.mkIf cfg.enable { + security.polkit.extraConfig = /* js */ '' + polkit.addRule(function(action, subject) { + if (action.id === "org.freedesktop.systemd1.manage-units" && + subject.user === ${builtins.toJSON cfg.user.name} && + /^slock-${cfg.user.name}@[0-9]+\.service$/.test(action.lookup("unit")) ) { + return polkit.Result.YES; + } + }); + ''; + systemd.services."slock-${cfg.user.name}@" = { + conflicts = [ + "picom@%i.target" + ]; + environment = { + DISPLAY = ":%I"; + LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" { + passAsFile = ["text"]; + text = /* c */ '' + #include <shadow.h> + #include <unistd.h> + + static struct spwd entry = { + .sp_namp = "", + .sp_pwdp = + ${mylib.toC config.users.users.${cfg.user.name}.hashedPassword}, + .sp_lstchg = 0, + .sp_min = 0, + .sp_max = 0, + .sp_warn = 0, + .sp_inact = 0, + .sp_expire = 0, + .sp_flag = 0, + }; + + extern struct spwd *getspnam(const char *name) { return &entry; } + extern int setgroups(size_t size, const gid_t *list) { return 0; } + extern int setgid(gid_t gid) { return 0; } + extern int setuid(uid_t uid) { return 0; } + ''; + } /* sh */ '' + gcc -Wall -shared -o $out -xc "$textPath" + ''; + }; + restartIfChanged = false; + serviceConfig = { + ExecStart = "${pkgs.slock}/bin/slock"; + ExecStopPost = + "+${pkgs.systemd}/bin/systemctl start xsession@%i.target"; + OOMScoreAdjust = -1000; + Restart = "on-failure"; + RestartSec = "100ms"; + StartLimitBurst = 0; + SyslogIdentifier = "slock"; + User = cfg.user.name; + }; + }; + }; +} |