···
33
+
allowAnyUser = mkOption {
37
+
Whether to allow any user to lock the screen. This will install a
38
+
setuid wrapper to allow any user to start physlock as root, which
39
+
is a minor security risk. Call the physlock binary to use this instead
40
+
of using the systemd service.
42
+
Note that you might need to relog to have the correct binary in your
43
+
PATH upon changing this option.
disableSysRq = mkOption {
···
82
-
config = mkIf cfg.enable {
96
+
config = mkIf cfg.enable (mkMerge [
84
-
# for physlock -l and physlock -L
85
-
environment.systemPackages = [ pkgs.physlock ];
99
+
# for physlock -l and physlock -L
100
+
environment.systemPackages = [ pkgs.physlock ];
87
-
systemd.services."physlock" = {
89
-
description = "Physlock";
90
-
wantedBy = optional cfg.lockOn.suspend "suspend.target"
91
-
++ optional cfg.lockOn.hibernate "hibernate.target"
92
-
++ cfg.lockOn.extraTargets;
93
-
before = optional cfg.lockOn.suspend "systemd-suspend.service"
94
-
++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
95
-
++ cfg.lockOn.extraTargets;
96
-
serviceConfig.Type = "forking";
98
-
${pkgs.physlock}/bin/physlock -d${optionalString cfg.disableSysRq "s"}
102
+
systemd.services."physlock" = {
104
+
description = "Physlock";
105
+
wantedBy = optional cfg.lockOn.suspend "suspend.target"
106
+
++ optional cfg.lockOn.hibernate "hibernate.target"
107
+
++ cfg.lockOn.extraTargets;
108
+
before = optional cfg.lockOn.suspend "systemd-suspend.service"
109
+
++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
110
+
++ cfg.lockOn.extraTargets;
113
+
ExecStart = "${pkgs.physlock}/bin/physlock -d${optionalString cfg.disableSysRq "s"}";
102
-
security.pam.services.physlock = {};
117
+
security.pam.services.physlock = {};
121
+
(mkIf cfg.allowAnyUser {
123
+
security.wrappers.physlock = { source = "${pkgs.physlock}/bin/physlock"; user = "root"; };
pyrox.dev