43 lines
1.2 KiB
Nix
43 lines
1.2 KiB
Nix
# limitations:
|
|
# - schlock fails open (pkill it and the wayland session is left unprotected)
|
|
# - schlock does not accept keyboard input; hence, unusable without a touchscreen
|
|
# - pin is not synchronized with PAM.
|
|
# - generate a hashed pin with: `mkpin`
|
|
# - does not seem to render in landscape mode
|
|
|
|
{ config, lib, ... }:
|
|
let
|
|
cfg = config.sane.programs.schlock;
|
|
in
|
|
{
|
|
sane.programs.schlock = {
|
|
configOption = with lib; mkOption {
|
|
default = {};
|
|
type = types.submodule {
|
|
options.autolock = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = ''
|
|
integrate with things like `swayidle` to auto-lock when appropriate.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
sandbox.method = "bwrap";
|
|
sandbox.whitelistWayland = true;
|
|
|
|
secrets.".config/schlock/schlock.pin" = ../../../secrets/common/schlock.pin.bin;
|
|
|
|
services.schlock = {
|
|
description = "schlock mobile-friendly screen locker";
|
|
command = ''schlock -p "$HOME/.config/schlock/schlock.pin"'';
|
|
restartCondition = "on-failure";
|
|
};
|
|
};
|
|
|
|
sane.programs.swayidle.config = lib.mkIf (cfg.enabled && cfg.config.autolock) {
|
|
actions.lock.service = "schlock";
|
|
};
|
|
}
|