diff options
author | lassulus <lassulus@lassul.us> | 2018-12-03 04:59:27 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2018-12-03 04:59:27 +0100 |
commit | d1c7ec94eb0d695ee1a9f0a103ffcc9483d1f8cb (patch) | |
tree | fc7c8c5b7b5d0e1cb9bc047a757b1f788521c0cd /tv/3modules | |
parent | 2dc617874e001c25c1caceccd14ef7c1f74f73bc (diff) | |
parent | 24b07c32840949dbd02a8282d0b5d9cbe1c01bf5 (diff) |
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'tv/3modules')
-rw-r--r-- | tv/3modules/default.nix | 1 | ||||
-rw-r--r-- | tv/3modules/slock.nix | 71 |
2 files changed, 72 insertions, 0 deletions
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 6172feb03..f53a58e9a 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,6 +6,7 @@ ./hosts.nix ./iptables.nix ./nixpkgs-overlays.nix + ./slock.nix ./x0vncserver.nix ]; } diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix new file mode 100644 index 000000000..1c84b1e9e --- /dev/null +++ b/tv/3modules/slock.nix @@ -0,0 +1,71 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: let + cfg = config.tv.slock; +in { + options.tv.slock = { + enable = mkEnableOption "tv.slock"; + package = mkOption { + default = pkgs.execBin "slock" rec { + filename = "${pkgs.systemd}/bin/systemctl"; + argv = [ filename "start" "slock-${cfg.user.name}.service" ]; + }; + type = types.package; + }; + user = mkOption { + type = types.user; + }; + }; + config = mkIf cfg.enable { + security.polkit.extraConfig = /* js */ '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "slock-${cfg.user.name}.service" && + subject.user == ${toJSON cfg.user.name}) { + return polkit.Result.YES; + } + }); + ''; + systemd.services."slock-${cfg.user.name}" = { + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" { + passAsFile = ["text"]; + text = /* c */ '' + #include <shadow.h> + #include <unistd.h> + + static struct spwd entry = { + .sp_namp = "", + .sp_pwdp = + ${toC config.users.users.${cfg.user.name}.hashedPassword}, + .sp_lstchg = 0, + .sp_min = 0, + .sp_max = 0, + .sp_warn = 0, + .sp_inact = 0, + .sp_expire = 0, + .sp_flag = 0, + }; + + extern struct spwd *getspnam(const char *name) { return &entry; } + extern int setgroups(size_t size, const gid_t *list) { return 0; } + extern int setgid(gid_t gid) { return 0; } + extern int setuid(uid_t uid) { return 0; } + ''; + } /* sh */ '' + gcc -Wall -shared -o $out -xc "$textPath" + ''; + }; + restartIfChanged = false; + serviceConfig = { + ExecStart = "${pkgs.slock}/bin/slock"; + OOMScoreAdjust = -1000; + Restart = "on-failure"; + RestartSec = "100ms"; + StartLimitBurst = 0; + SyslogIdentifier = "slock"; + User = cfg.user.name; + }; + }; + }; +} |