colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

schlock: ship as sane.programs

This commit is contained in:
Colin 2024-03-07 10:10:39 +00:00
parent 4358f9471e
commit 1d0458ab10
3 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/common/programs/default.nix
View File

@ -87,6 +87,7 @@
./sane-input-handler
./sane-screenshot.nix
./sane-scripts.nix
./schlock.nix
./sfeed.nix
./signal-desktop.nix
./splatmoji.nix

21
hosts/common/programs/schlock.nix Normal file
View File

@ -0,0 +1,21 @@
# limitations:
# - schlock fails open (pkill it and the wayland session is left unprotected)
# - schlock does not accept keyboard input; hence, unusable without a touchscreen
# - pin is not synchronized with PAM.
# - generate a hashed pin with: `mkpin`
{ config, lib, ... }:
let
cfg = config.sane.programs.schlock;
in
{
sane.programs.schlock = {
secrets.".config/schlock/schlock.pin" = ../../../secrets/common/schlock.pin.bin;
};
# TODO: needs access to schlock.pin inside of the swayidle sandbox
# sane.programs.swayidle.config = lib.mkIf cfg.enabled {
# actions.schlock.command = "schlock -p ~/.config/schlock/schlock.pin";
# # actions.swaylock.desktop = "schlock.desktop"; #< TODO: make a .desktop file
# actions.schlock.delay = 40; #< TODO: tune
# };
}

48
secrets/common/schlock.pin.bin Normal file
View File

@ -0,0 +1,48 @@
{
"data": "ENC[AES256_GCM,data:PWZ+5delvh5Yz2Sj62t67AEn0HtyvuQPz31hBG1omD7fGwlkJeaqKKhMvjJoXMRA0b+ZSH8k3uFWoIDzUJNTPCcYNn5qH+4QxInw9UnUm4dISyaW+t6+gdebqXDrcSsaCbiR,iv:2VXpP6iuLCa2JeaVcvoIGbJN618DnrHcQYME27cSsiA=,tag:Bi/no5vt7dSY47+UAmNzQQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRckdRTENnNlBINXozam52\nSzhqRUExSGh0UDZFcGFuM3M4UlJIaXZOYWpBCmhDUzZvbmxmc1M1Ni80MUNSYk5V\nSFJ6aVJXZG9yUmhWWnZ2V29ud2FuRVUKLS0tIFppTGlRZXhvdXNkZWFnRzlZTG1G\nMW9EaU5JYm5DaXdCek9xSjZHRCtxUmcKIprII4X7F6kymyx4b/+hGF8uWYGLN30P\nAk1+7m4TJ8VJHlKb1mlyj6dnZSpYxmqwTMVuI9uZVSk+hijJHUZVOw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3k3b0huTlVpU05CR1lT\nbHU3OHRoK3pwdGszZDh2TGdDWVVkUHlZZUhrCjB1WGxkZ1lvMFlJMldvV05rZG1V\nLzNmS21ZTlllTUIza1Rja3g2RDhFZ0UKLS0tIHloSGlZdjI0YkZMR2JmZm45M1Bp\nVTQ0dStuQXRmd3JpLzJ2eVZGZU1oSkUKDzYsmu7al8Wf3E2/vnv5oxmBvhsn8d8R\nsUESSxG1khLY/aPIzLi05NyvGWN/Cjmoy7OsFFRLoQxFZ6Q37Qgbpw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVWNrMzVSQ2tEMlJtYlJ6\nS21ZQWpqaDhMUDNndVVQMCttM3V2K3RSMVF3CjgxOVg4Wm80RFErNHcrSVo3T2ZF\nK1dxbFFOeVJqS09Da1dPdTNaUWZkdkkKLS0tIDloVWZhaW9JVHdpcTcvSlJ2cGNC\nQkZzcnpHRGMxRnJZcWtKb2J6UWhsZUUKXjL8c6qyhTNKj9fBi8FGQRYF3U6Ablo0\nuKTm5MLlM1vaHZlBOhrF53wC9q6bYuJyvN7cvLOHICKLtvIYewBbyA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVjRFK1Z2K1FBN1BKVHRr\nV1NmU3IvYVVWNnVLdTVQZUE5ZE9PQndsTEhrCkVPenFEeml6cTVJSlBGRjZmK3Mv\nSGdIS295aG8vSHRUNGxlRU56ZUtReWsKLS0tIFhwZ3Z1NTJWNkZXTXBKcm9OR3c3\neDRxaWNJdXlGcVQ2TEdObGNMekp1VWcKjI9EnjYhlI7Lh3m3ubWBXCLHP2jhtw76\nuHJKd+pJXw/aoE4wC8q2GjtppxQIu73ACvAjmThYQJNVZaZuRZNbHg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2clVTS2U1MGo0YnNVMDFw\nQ3lJL3BtanlWZENDUWVRQlgvb05NQ1E4Q2xJCktaYmMwc1R6TWYyWEEvVG9PK0R2\nQjhxZ0VlOHd6WjVJVk5hdjY3VUJrS28KLS0tIFRRNzdXcG1ZempHTUJVaVV2N2N3\nTnI3aHlZSzZIVjJLRlUvWUNsWWhhMzQKiQnwyy4sw3lTkm9KFcsG5R5qFOhbeh4D\nQW3eos/2M1s8/ChCsrzupkwy+e6CwzpSja9meU1/Lqa+4ySMDR/rXQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcHRNVlp6NngzUG84ZCtO\nMUVpbHVYdmxQRG84ZnFGSjNqMjhmSmUxYmo0Cnl6TVR1aGFwUVhOZ3JkSjRuWDZr\nVG9ib2pqUzBhbXBGQ2crd2QvSFZXYTgKLS0tIFc4eVJxTUE2RjhHV2JUTUZuY0xw\nbDFWY21WWGZJZmRsWHpnekt3N3lPaG8KaXnWSxsndJ5TqDy3daPIY7X6LPyJTjvE\nC0/n4Au7LvkwRmjcTshKvbtnD1YKxL3ppJE5AuciBrP9zuwX70d/gg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZHlwb2M0Vms2NXBkdU13\nMVcvanA5SWJWVFEweVkxMVJiYnpPdTNMZ0JnCmE1bFRQOXhlcnZzQ2RGSmJpeGVx\nSVdsZzlKWnJhWHVKR3VlcXZsbUVBNjQKLS0tIHpkMS93UEVRcDVnOTZON1R2d3M0\nS3N4S3B0ajhXMzdXUExmditXcmRKcjgKRLCXWvavIDw6AwJbX7ZsZja3cV58RLMl\n/r6gWTOrYeE0D2j9NU8+mm3pbCq8K27G2+90/m4A48we7YBliFH1Sg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZUw5NTJKclFseENOZi80\nTC9WbnF1VWNTUFEvMFkzbkpBRHY5dFJJaFYwCkxOaEx6a2tBbEpOM3Q1UGFmZzRS\nTTJjdGk2bXJTK1ZPSWRPYlc3VkFFWTAKLS0tIGNTY3RwaENGV241aVBTd1h6VW5X\neFEraW1kUjVsQ1lFaEZkUnRoZ3YyN2sKphoc7lfNufjLG/OVbQCDB2ZO60AGyMLS\nzRTgyt9LUzNOo++qZ4beRHKBcQuolblAeQgK4WDvJbaVOAJnKkfbMA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-03-07T09:47:10Z",
"mac": "ENC[AES256_GCM,data:4+aYfQIO5e02nPiat7h3yFokYL+TCf1OXQJfJv0ZuCmIk1zSfiRlkLlDOpAHoEOt2GbyUxW3zaQicLCm6KuZE4YVkPMH9acOGKTtMdCyHmFY/PYlS/E1jt4L52oY1EsP0MnvMECqz1rQBH6HquhC+oDhndJNiMBBX8HbOF0//yY=,iv:gheHmr+tLWqanOBLTVKnhUemj1gF0PIOA3bd9zk+Zb0=,tag:OGF8DviboOgtAHQXGKF4Vw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}