18 lines
573 B
Nix
18 lines
573 B
Nix
# waylock: <https://codeberg.org/ifreund/waylock>
|
|
# also documented in berbiche NUR: <https://github.com/nix-community/nur-combined/blob/master/repos/berbiche/README.md>
|
|
{ config, lib, ... }:
|
|
let
|
|
cfg = config.sane.programs.waylock;
|
|
in
|
|
{
|
|
sane.programs.waylock = {
|
|
sandbox.method = "capshonly"; # not even landlock with full access to / works.
|
|
sandbox.wrapperType = "wrappedDerivation";
|
|
};
|
|
|
|
# without a /etc/pam.d/waylock entry, you may lock but you may never *unlock* ;-)
|
|
security.pam.services = lib.mkIf cfg.enabled {
|
|
waylock.unixAuth = true;
|
|
};
|
|
}
|