summaryrefslogtreecommitdiffstats
path: root/tv/3modules
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2018-12-03 04:59:27 +0100
committerlassulus <lassulus@lassul.us>2018-12-03 04:59:27 +0100
commitd1c7ec94eb0d695ee1a9f0a103ffcc9483d1f8cb (patch)
treefc7c8c5b7b5d0e1cb9bc047a757b1f788521c0cd /tv/3modules
parent2dc617874e001c25c1caceccd14ef7c1f74f73bc (diff)
parent24b07c32840949dbd02a8282d0b5d9cbe1c01bf5 (diff)
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'tv/3modules')
-rw-r--r--tv/3modules/default.nix1
-rw-r--r--tv/3modules/slock.nix71
2 files changed, 72 insertions, 0 deletions
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index 6172feb03..f53a58e9a 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -6,6 +6,7 @@
./hosts.nix
./iptables.nix
./nixpkgs-overlays.nix
+ ./slock.nix
./x0vncserver.nix
];
}
diff --git a/tv/3modules/slock.nix b/tv/3modules/slock.nix
new file mode 100644
index 000000000..1c84b1e9e
--- /dev/null
+++ b/tv/3modules/slock.nix
@@ -0,0 +1,71 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+ cfg = config.tv.slock;
+in {
+ options.tv.slock = {
+ enable = mkEnableOption "tv.slock";
+ package = mkOption {
+ default = pkgs.execBin "slock" rec {
+ filename = "${pkgs.systemd}/bin/systemctl";
+ argv = [ filename "start" "slock-${cfg.user.name}.service" ];
+ };
+ type = types.package;
+ };
+ user = mkOption {
+ type = types.user;
+ };
+ };
+ config = mkIf cfg.enable {
+ security.polkit.extraConfig = /* js */ ''
+ polkit.addRule(function(action, subject) {
+ if (action.id == "org.freedesktop.systemd1.manage-units" &&
+ action.lookup("unit") == "slock-${cfg.user.name}.service" &&
+ subject.user == ${toJSON cfg.user.name}) {
+ return polkit.Result.YES;
+ }
+ });
+ '';
+ systemd.services."slock-${cfg.user.name}" = {
+ environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {
+ passAsFile = ["text"];
+ text = /* c */ ''
+ #include <shadow.h>
+ #include <unistd.h>
+
+ static struct spwd entry = {
+ .sp_namp = "",
+ .sp_pwdp =
+ ${toC config.users.users.${cfg.user.name}.hashedPassword},
+ .sp_lstchg = 0,
+ .sp_min = 0,
+ .sp_max = 0,
+ .sp_warn = 0,
+ .sp_inact = 0,
+ .sp_expire = 0,
+ .sp_flag = 0,
+ };
+
+ extern struct spwd *getspnam(const char *name) { return &entry; }
+ extern int setgroups(size_t size, const gid_t *list) { return 0; }
+ extern int setgid(gid_t gid) { return 0; }
+ extern int setuid(uid_t uid) { return 0; }
+ '';
+ } /* sh */ ''
+ gcc -Wall -shared -o $out -xc "$textPath"
+ '';
+ };
+ restartIfChanged = false;
+ serviceConfig = {
+ ExecStart = "${pkgs.slock}/bin/slock";
+ OOMScoreAdjust = -1000;
+ Restart = "on-failure";
+ RestartSec = "100ms";
+ StartLimitBurst = 0;
+ SyslogIdentifier = "slock";
+ User = cfg.user.name;
+ };
+ };
+ };
+}