nixos/modules/services/security/physlock.nix at release-16.03-start · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / security / physlock.nix
at release-16.03-start 3.0 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.physlock;
  7in
  8
  9{
 10
 11  ###### interface
 12
 13  options = {
 14
 15    services.physlock = {
 16
 17      enable = mkOption {
 18        type = types.bool;
 19        default = false;
 20        description = ''
 21          Whether to enable the <command>physlock</command> screen locking mechanism.
 22
 23          Enable this and then run <command>systemctl start physlock</command>
 24          to securely lock the screen.
 25
 26          This will switch to a new virtual terminal, turn off console
 27          switching and disable SysRq mechanism (when
 28          <option>services.physlock.disableSysRq</option> is set)
 29          until the root or <option>services.physlock.user</option>
 30          password is given.
 31        '';
 32      };
 33
 34      user = mkOption {
 35        type = types.nullOr types.str;
 36        default = null;
 37        description = ''
 38          User whose password will be used to unlock the screen on par
 39          with the root password.
 40        '';
 41      };
 42
 43      disableSysRq = mkOption {
 44        type = types.bool;
 45        default = true;
 46        description = ''
 47          Whether to disable SysRq when locked with physlock.
 48        '';
 49      };
 50
 51      lockOn = {
 52
 53        suspend = mkOption {
 54          type = types.bool;
 55          default = true;
 56          description = ''
 57            Whether to lock screen with physlock just before suspend.
 58          '';
 59        };
 60
 61        hibernate = mkOption {
 62          type = types.bool;
 63          default = true;
 64          description = ''
 65            Whether to lock screen with physlock just before hibernate.
 66          '';
 67        };
 68
 69        extraTargets = mkOption {
 70          type = types.listOf types.str;
 71          default = [];
 72          example = [ "display-manager.service" ];
 73          description = ''
 74            Other targets to lock the screen just before.
 75
 76            Useful if you want to e.g. both autologin to X11 so that
 77            your <filename>~/.xsession</filename> gets executed and
 78            still to have the screen locked so that the system can be
 79            booted relatively unattended.
 80          '';
 81        };
 82
 83      };
 84
 85    };
 86
 87  };
 88
 89
 90  ###### implementation
 91
 92  config = mkIf cfg.enable {
 93
 94    # for physlock -l and physlock -L
 95    environment.systemPackages = [ pkgs.physlock ];
 96
 97    systemd.services."physlock" = {
 98      enable = true;
 99      description = "Physlock";
100      wantedBy = optional cfg.lockOn.suspend   "suspend.target"
101              ++ optional cfg.lockOn.hibernate "hibernate.target"
102              ++ cfg.lockOn.extraTargets;
103      before   = optional cfg.lockOn.suspend   "systemd-suspend.service"
104              ++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
105              ++ cfg.lockOn.extraTargets;
106      serviceConfig.Type = "forking";
107      script = ''
108        ${pkgs.physlock}/bin/physlock -d${optionalString cfg.disableSysRq "s"}${optionalString (cfg.user != null) " -u ${cfg.user}"}
109      '';
110    };
111
112  };
113
114}