swaylock, schlock: convert to services
This commit is contained in:
parent
4f56acc316
commit
f58bcb4767
|
@ -11,14 +11,32 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sane.programs.schlock = {
|
sane.programs.schlock = {
|
||||||
|
configOption = with lib; mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.submodule {
|
||||||
|
options.autolock = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
integrate with things like `swayidle` to auto-lock when appropriate.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
sandbox.method = "bwrap";
|
sandbox.method = "bwrap";
|
||||||
sandbox.whitelistWayland = true;
|
sandbox.whitelistWayland = true;
|
||||||
|
|
||||||
secrets.".config/schlock/schlock.pin" = ../../../secrets/common/schlock.pin.bin;
|
secrets.".config/schlock/schlock.pin" = ../../../secrets/common/schlock.pin.bin;
|
||||||
|
|
||||||
|
services.schlock = {
|
||||||
|
description = "schlock mobile-friendly screen locker";
|
||||||
|
command = ''schlock -p "$HOME/.config/schlock/schlock.pin"'';
|
||||||
|
restartCondition = "on-failure";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sane.programs.swayidle.config = lib.mkIf cfg.enabled {
|
sane.programs.swayidle.config = lib.mkIf (cfg.enabled && cfg.config.autolock) {
|
||||||
actions.schlock.desktop = "schlock.desktop";
|
actions.lock.service = "schlock";
|
||||||
actions.schlock.delay = 1800;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,10 +9,23 @@ let
|
||||||
options.command = mkOption {
|
options.command = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = name;
|
default = name;
|
||||||
|
description = ''
|
||||||
|
shell command to run, e.g. "swaylock --indicator-idle-visible".
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
options.desktop = mkOption {
|
options.desktop = mkOption {
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
|
description = ''
|
||||||
|
name of a .desktop file to launch, e.g. "swaylock.desktop".
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
options.service = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
name of a user service to start.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
options.delay = mkOption {
|
options.delay = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
|
@ -20,7 +33,14 @@ let
|
||||||
how many seconds of idle time before triggering the command.
|
how many seconds of idle time before triggering the command.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
config.command = lib.mkIf (config.desktop != null) "sane-open --application ${config.desktop}";
|
config.command = lib.mkMerge [
|
||||||
|
(lib.mkIf (config.desktop != null) (
|
||||||
|
lib.escapeShellArgs [ "sane-open" "--application" "${config.desktop}" ])
|
||||||
|
)
|
||||||
|
(lib.mkIf (config.service != null) (
|
||||||
|
lib.escapeShellArgs [ "s6-rc" "start" "${config.service}" ])
|
||||||
|
)
|
||||||
|
];
|
||||||
});
|
});
|
||||||
screenOff = pkgs.writeShellScriptBin "screen-off" ''
|
screenOff = pkgs.writeShellScriptBin "screen-off" ''
|
||||||
swaymsg -- output '*' power false
|
swaymsg -- output '*' power false
|
||||||
|
@ -46,9 +66,17 @@ in
|
||||||
command = "${screenOff}/bin/screen-off";
|
command = "${screenOff}/bin/screen-off";
|
||||||
delay = lib.mkDefault 1500; # 1500s = 25min
|
delay = lib.mkDefault 1500; # 1500s = 25min
|
||||||
};
|
};
|
||||||
|
config.actions.lock = {
|
||||||
|
# define a well-known action mostly to prevent accidentally shipping overlapping screen lockers...
|
||||||
|
delay = lib.mkDefault 1800; # 1800 = 30min
|
||||||
|
# enable by default, but only if something else has installed a locker.
|
||||||
|
enable = lib.mkDefault cfg.actions.lock.command != "";
|
||||||
|
command = lib.mkDefault "";
|
||||||
|
};
|
||||||
|
|
||||||
sandbox.method = "bwrap";
|
sandbox.method = "bwrap";
|
||||||
sandbox.whitelistDbus = [ "user" ]; #< might need system too, for inhibitors
|
sandbox.whitelistDbus = [ "user" ]; #< might need system too, for inhibitors
|
||||||
|
sandbox.whitelistS6 = true;
|
||||||
sandbox.whitelistWayland = true;
|
sandbox.whitelistWayland = true;
|
||||||
sandbox.extraRuntimePaths = [ "sway" ];
|
sandbox.extraRuntimePaths = [ "sway" ];
|
||||||
|
|
||||||
|
|
|
@ -4,18 +4,31 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sane.programs.swaylock = {
|
sane.programs.swaylock = {
|
||||||
packageUnwrapped = pkgs.swaylock.overrideAttrs (upstream: {
|
configOption = with lib; mkOption {
|
||||||
nativeBuildInputs = (upstream.nativeBuildInputs or []) ++ [
|
default = {};
|
||||||
pkgs.copyDesktopItems
|
type = types.submodule {
|
||||||
];
|
options.autolock = mkOption {
|
||||||
desktopItems = (upstream.desktopItems or []) ++ [
|
type = types.bool;
|
||||||
(pkgs.makeDesktopItem {
|
default = true;
|
||||||
name = "swaylock";
|
description = ''
|
||||||
exec = "swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
|
integrate with things like `swayidle` to auto-lock when appropriate.
|
||||||
desktopName = "Sway session locker";
|
'';
|
||||||
})
|
};
|
||||||
];
|
};
|
||||||
});
|
};
|
||||||
|
|
||||||
|
# packageUnwrapped = pkgs.swaylock.overrideAttrs (upstream: {
|
||||||
|
# nativeBuildInputs = (upstream.nativeBuildInputs or []) ++ [
|
||||||
|
# pkgs.copyDesktopItems
|
||||||
|
# ];
|
||||||
|
# desktopItems = (upstream.desktopItems or []) ++ [
|
||||||
|
# (pkgs.makeDesktopItem {
|
||||||
|
# name = "swaylock";
|
||||||
|
# exec = "swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
|
||||||
|
# desktopName = "Sway session locker";
|
||||||
|
# })
|
||||||
|
# ];
|
||||||
|
# });
|
||||||
|
|
||||||
sandbox.method = "bwrap";
|
sandbox.method = "bwrap";
|
||||||
sandbox.extraPaths = [
|
sandbox.extraPaths = [
|
||||||
|
@ -26,11 +39,16 @@ in
|
||||||
"/etc/shadow"
|
"/etc/shadow"
|
||||||
];
|
];
|
||||||
sandbox.whitelistWayland = true;
|
sandbox.whitelistWayland = true;
|
||||||
|
|
||||||
|
services.swaylock = {
|
||||||
|
description = "swaylock screen locker";
|
||||||
|
command = "swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
|
||||||
|
restartCondition = "on-failure";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sane.programs.swayidle.config = lib.mkIf cfg.enabled {
|
sane.programs.swayidle.config = lib.mkIf (cfg.enabled && cfg.config.autolock) {
|
||||||
actions.swaylock.desktop = "swaylock.desktop";
|
actions.lock.service = "swaylock";
|
||||||
actions.swaylock.delay = 1800;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
security.pam.services = lib.mkIf cfg.enabled {
|
security.pam.services = lib.mkIf cfg.enabled {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user