swaylock, schlock: convert to services

2024-05-07 15:02:37 +00:00 · 2024-05-07 15:02:37 +00:00 · f58bcb4767
commit f58bcb4767
parent 4f56acc316
3 changed files with 83 additions and 19 deletions
--- a/hosts/common/programs/schlock.nix
+++ b/hosts/common/programs/schlock.nix
@ -11,14 +11,32 @@ let
 in
 {
  sane.programs.schlock = {
+    configOption = with lib; mkOption {
+      default = {};
+      type = types.submodule {
+        options.autolock = mkOption {
+          type = types.bool;
+          default = true;
+          description = ''
+            integrate with things like `swayidle` to auto-lock when appropriate.
+          '';
+        };
+      };
+    };
+
    sandbox.method = "bwrap";
    sandbox.whitelistWayland = true;

    secrets.".config/schlock/schlock.pin" = ../../../secrets/common/schlock.pin.bin;
+
+    services.schlock = {
+      description = "schlock mobile-friendly screen locker";
+      command = ''schlock -p "$HOME/.config/schlock/schlock.pin"'';
+      restartCondition = "on-failure";
+    };
  };

-  sane.programs.swayidle.config = lib.mkIf cfg.enabled {
-    actions.schlock.desktop = "schlock.desktop";
-    actions.schlock.delay = 1800;
+  sane.programs.swayidle.config = lib.mkIf (cfg.enabled && cfg.config.autolock) {
+    actions.lock.service = "schlock";
  };
 }
--- a/hosts/common/programs/swayidle.nix
+++ b/hosts/common/programs/swayidle.nix
@ -9,10 +9,23 @@ let
    options.command = mkOption {
      type = types.str;
      default = name;
+      description = ''
+        shell command to run, e.g. "swaylock --indicator-idle-visible".
+      '';
    };
    options.desktop = mkOption {
      type = types.nullOr types.str;
      default = null;
+      description = ''
+        name of a .desktop file to launch, e.g. "swaylock.desktop".
+      '';
+    };
+    options.service = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = ''
+        name of a user service to start.
+      '';
    };
    options.delay = mkOption {
      type = types.int;
@ -20,7 +33,14 @@ let
        how many seconds of idle time before triggering the command.
      '';
    };
-    config.command = lib.mkIf (config.desktop != null) "sane-open --application ${config.desktop}";
+    config.command = lib.mkMerge [
+      (lib.mkIf (config.desktop != null) (
+        lib.escapeShellArgs [ "sane-open" "--application" "${config.desktop}" ])
+      )
+      (lib.mkIf (config.service != null) (
+        lib.escapeShellArgs [ "s6-rc" "start" "${config.service}" ])
+      )
+    ];
  });
  screenOff = pkgs.writeShellScriptBin "screen-off" ''
    swaymsg -- output '*' power false
@ -46,9 +66,17 @@ in
      command = "${screenOff}/bin/screen-off";
      delay = lib.mkDefault 1500;  # 1500s = 25min
    };
+    config.actions.lock = {
+      # define a well-known action mostly to prevent accidentally shipping overlapping screen lockers...
+      delay = lib.mkDefault 1800;  # 1800 = 30min
+      # enable by default, but only if something else has installed a locker.
+      enable = lib.mkDefault cfg.actions.lock.command != "";
+      command = lib.mkDefault "";
+    };

    sandbox.method = "bwrap";
    sandbox.whitelistDbus = [ "user" ];  #< might need system too, for inhibitors
+    sandbox.whitelistS6 = true;
    sandbox.whitelistWayland = true;
    sandbox.extraRuntimePaths = [ "sway" ];

--- a/hosts/common/programs/swaylock.nix
+++ b/hosts/common/programs/swaylock.nix
@ -4,18 +4,31 @@ let
 in
 {
  sane.programs.swaylock = {
-    packageUnwrapped = pkgs.swaylock.overrideAttrs (upstream: {
-      nativeBuildInputs = (upstream.nativeBuildInputs or []) ++ [
-        pkgs.copyDesktopItems
-      ];
-      desktopItems = (upstream.desktopItems or []) ++ [
-        (pkgs.makeDesktopItem {
-          name = "swaylock";
-          exec = "swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
-          desktopName = "Sway session locker";
-        })
-      ];
-    });
+    configOption = with lib; mkOption {
+      default = {};
+      type = types.submodule {
+        options.autolock = mkOption {
+          type = types.bool;
+          default = true;
+          description = ''
+            integrate with things like `swayidle` to auto-lock when appropriate.
+          '';
+        };
+      };
+    };
+
+    # packageUnwrapped = pkgs.swaylock.overrideAttrs (upstream: {
+    #   nativeBuildInputs = (upstream.nativeBuildInputs or []) ++ [
+    #     pkgs.copyDesktopItems
+    #   ];
+    #   desktopItems = (upstream.desktopItems or []) ++ [
+    #     (pkgs.makeDesktopItem {
+    #       name = "swaylock";
+    #       exec = "swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
+    #       desktopName = "Sway session locker";
+    #     })
+    #   ];
+    # });

    sandbox.method = "bwrap";
    sandbox.extraPaths = [
@ -26,11 +39,16 @@ in
      "/etc/shadow"
    ];
    sandbox.whitelistWayland = true;
+
+    services.swaylock = {
+      description = "swaylock screen locker";
+      command = "swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
+      restartCondition = "on-failure";
+    };
  };

-  sane.programs.swayidle.config = lib.mkIf cfg.enabled {
-    actions.swaylock.desktop = "swaylock.desktop";
-    actions.swaylock.delay = 1800;
+  sane.programs.swayidle.config = lib.mkIf (cfg.enabled && cfg.config.autolock) {
+    actions.lock.service = "swaylock";
  };

  security.pam.services = lib.mkIf cfg.enabled {