diff --git a/hosts/common/programs/default.nix b/hosts/common/programs/default.nix index 438a6b06..db0e24e6 100644 --- a/hosts/common/programs/default.nix +++ b/hosts/common/programs/default.nix @@ -87,6 +87,7 @@ ./sane-input-handler ./sane-screenshot.nix ./sane-scripts.nix + ./schlock.nix ./sfeed.nix ./signal-desktop.nix ./splatmoji.nix diff --git a/hosts/common/programs/schlock.nix b/hosts/common/programs/schlock.nix new file mode 100644 index 00000000..7d1567f7 --- /dev/null +++ b/hosts/common/programs/schlock.nix @@ -0,0 +1,21 @@ +# limitations: +# - schlock fails open (pkill it and the wayland session is left unprotected) +# - schlock does not accept keyboard input; hence, unusable without a touchscreen +# - pin is not synchronized with PAM. +# - generate a hashed pin with: `mkpin` + +{ config, lib, ... }: +let + cfg = config.sane.programs.schlock; +in +{ + sane.programs.schlock = { + secrets.".config/schlock/schlock.pin" = ../../../secrets/common/schlock.pin.bin; + }; + # TODO: needs access to schlock.pin inside of the swayidle sandbox + # sane.programs.swayidle.config = lib.mkIf cfg.enabled { + # actions.schlock.command = "schlock -p ~/.config/schlock/schlock.pin"; + # # actions.swaylock.desktop = "schlock.desktop"; #< TODO: make a .desktop file + # actions.schlock.delay = 40; #< TODO: tune + # }; +} diff --git a/secrets/common/schlock.pin.bin b/secrets/common/schlock.pin.bin new file mode 100644 index 00000000..bcf1a563 --- /dev/null +++ b/secrets/common/schlock.pin.bin @@ -0,0 +1,48 @@ +{ + "data": "ENC[AES256_GCM,data:PWZ+5delvh5Yz2Sj62t67AEn0HtyvuQPz31hBG1omD7fGwlkJeaqKKhMvjJoXMRA0b+ZSH8k3uFWoIDzUJNTPCcYNn5qH+4QxInw9UnUm4dISyaW+t6+gdebqXDrcSsaCbiR,iv:2VXpP6iuLCa2JeaVcvoIGbJN618DnrHcQYME27cSsiA=,tag:Bi/no5vt7dSY47+UAmNzQQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRckdRTENnNlBINXozam52\nSzhqRUExSGh0UDZFcGFuM3M4UlJIaXZOYWpBCmhDUzZvbmxmc1M1Ni80MUNSYk5V\nSFJ6aVJXZG9yUmhWWnZ2V29ud2FuRVUKLS0tIFppTGlRZXhvdXNkZWFnRzlZTG1G\nMW9EaU5JYm5DaXdCek9xSjZHRCtxUmcKIprII4X7F6kymyx4b/+hGF8uWYGLN30P\nAk1+7m4TJ8VJHlKb1mlyj6dnZSpYxmqwTMVuI9uZVSk+hijJHUZVOw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3k3b0huTlVpU05CR1lT\nbHU3OHRoK3pwdGszZDh2TGdDWVVkUHlZZUhrCjB1WGxkZ1lvMFlJMldvV05rZG1V\nLzNmS21ZTlllTUIza1Rja3g2RDhFZ0UKLS0tIHloSGlZdjI0YkZMR2JmZm45M1Bp\nVTQ0dStuQXRmd3JpLzJ2eVZGZU1oSkUKDzYsmu7al8Wf3E2/vnv5oxmBvhsn8d8R\nsUESSxG1khLY/aPIzLi05NyvGWN/Cjmoy7OsFFRLoQxFZ6Q37Qgbpw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVWNrMzVSQ2tEMlJtYlJ6\nS21ZQWpqaDhMUDNndVVQMCttM3V2K3RSMVF3CjgxOVg4Wm80RFErNHcrSVo3T2ZF\nK1dxbFFOeVJqS09Da1dPdTNaUWZkdkkKLS0tIDloVWZhaW9JVHdpcTcvSlJ2cGNC\nQkZzcnpHRGMxRnJZcWtKb2J6UWhsZUUKXjL8c6qyhTNKj9fBi8FGQRYF3U6Ablo0\nuKTm5MLlM1vaHZlBOhrF53wC9q6bYuJyvN7cvLOHICKLtvIYewBbyA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVjRFK1Z2K1FBN1BKVHRr\nV1NmU3IvYVVWNnVLdTVQZUE5ZE9PQndsTEhrCkVPenFEeml6cTVJSlBGRjZmK3Mv\nSGdIS295aG8vSHRUNGxlRU56ZUtReWsKLS0tIFhwZ3Z1NTJWNkZXTXBKcm9OR3c3\neDRxaWNJdXlGcVQ2TEdObGNMekp1VWcKjI9EnjYhlI7Lh3m3ubWBXCLHP2jhtw76\nuHJKd+pJXw/aoE4wC8q2GjtppxQIu73ACvAjmThYQJNVZaZuRZNbHg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2clVTS2U1MGo0YnNVMDFw\nQ3lJL3BtanlWZENDUWVRQlgvb05NQ1E4Q2xJCktaYmMwc1R6TWYyWEEvVG9PK0R2\nQjhxZ0VlOHd6WjVJVk5hdjY3VUJrS28KLS0tIFRRNzdXcG1ZempHTUJVaVV2N2N3\nTnI3aHlZSzZIVjJLRlUvWUNsWWhhMzQKiQnwyy4sw3lTkm9KFcsG5R5qFOhbeh4D\nQW3eos/2M1s8/ChCsrzupkwy+e6CwzpSja9meU1/Lqa+4ySMDR/rXQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKcHRNVlp6NngzUG84ZCtO\nMUVpbHVYdmxQRG84ZnFGSjNqMjhmSmUxYmo0Cnl6TVR1aGFwUVhOZ3JkSjRuWDZr\nVG9ib2pqUzBhbXBGQ2crd2QvSFZXYTgKLS0tIFc4eVJxTUE2RjhHV2JUTUZuY0xw\nbDFWY21WWGZJZmRsWHpnekt3N3lPaG8KaXnWSxsndJ5TqDy3daPIY7X6LPyJTjvE\nC0/n4Au7LvkwRmjcTshKvbtnD1YKxL3ppJE5AuciBrP9zuwX70d/gg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZHlwb2M0Vms2NXBkdU13\nMVcvanA5SWJWVFEweVkxMVJiYnpPdTNMZ0JnCmE1bFRQOXhlcnZzQ2RGSmJpeGVx\nSVdsZzlKWnJhWHVKR3VlcXZsbUVBNjQKLS0tIHpkMS93UEVRcDVnOTZON1R2d3M0\nS3N4S3B0ajhXMzdXUExmditXcmRKcjgKRLCXWvavIDw6AwJbX7ZsZja3cV58RLMl\n/r6gWTOrYeE0D2j9NU8+mm3pbCq8K27G2+90/m4A48we7YBliFH1Sg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZUw5NTJKclFseENOZi80\nTC9WbnF1VWNTUFEvMFkzbkpBRHY5dFJJaFYwCkxOaEx6a2tBbEpOM3Q1UGFmZzRS\nTTJjdGk2bXJTK1ZPSWRPYlc3VkFFWTAKLS0tIGNTY3RwaENGV241aVBTd1h6VW5X\neFEraW1kUjVsQ1lFaEZkUnRoZ3YyN2sKphoc7lfNufjLG/OVbQCDB2ZO60AGyMLS\nzRTgyt9LUzNOo++qZ4beRHKBcQuolblAeQgK4WDvJbaVOAJnKkfbMA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-03-07T09:47:10Z", + "mac": "ENC[AES256_GCM,data:4+aYfQIO5e02nPiat7h3yFokYL+TCf1OXQJfJv0ZuCmIk1zSfiRlkLlDOpAHoEOt2GbyUxW3zaQicLCm6KuZE4YVkPMH9acOGKTtMdCyHmFY/PYlS/E1jt4L52oY1EsP0MnvMECqz1rQBH6HquhC+oDhndJNiMBBX8HbOF0//yY=,iv:gheHmr+tLWqanOBLTVKnhUemj1gF0PIOA3bd9zk+Zb0=,tag:OGF8DviboOgtAHQXGKF4Vw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file