diff options
author | aszlig <aszlig@redmoonstudios.org> | 2014-11-05 18:24:10 +0100 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2014-11-05 20:02:01 +0100 |
commit | 88a10f1a6e2ea172ff985f64bfcf82e26425530a (patch) | |
tree | 5d03b2d6ed528b0faafc99af59c8de695fc85390 /modules/vlock/default.nix | |
parent | 160578c6d2ef3c82b1af4f88d48061152c82e0f6 (diff) |
modules: Add "fancy" vlock-based lock screen.
Unfortunately it's only "fancy" in quotes because the way it's activated is using a dummy socket file with the user "aszlig" hardcoded at the moment. In terms of security it isn't a problem, because vlock is using PAM for authentication and it falls back to authenticating against the root user. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'modules/vlock/default.nix')
-rw-r--r-- | modules/vlock/default.nix | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/modules/vlock/default.nix b/modules/vlock/default.nix new file mode 100644 index 00000000..11e9a475 --- /dev/null +++ b/modules/vlock/default.nix @@ -0,0 +1,51 @@ +{ pkgs, config, lib, ... }: + +let + messageFile = pkgs.runCommand "message.cat" {} '' + echo -en '\e[H\e[2J\e[?25l' > "$out" + "${pkgs.aacolorize}/bin/aacolorize" \ + "${./message.cat}" "${./message.colmap}" \ + >> "$out" + ''; + + esc = "\\\\033"; + unlockCSI = "${esc}[16;39H${esc}[?25h${esc}[K"; + + vlock = lib.overrideDerivation pkgs.vlock (o: { + postPatch = (o.postPatch or "") + '' + echo -n '"' > src/message.h + sed -e ':nl;N;$!bnl;s/[\\"]/\\&/g;s/\n/\\n/g' "${messageFile}" \ + >> src/message.h + sed -i -e '$s/$/"/' src/message.h + sed -i -e 's!getenv("VLOCK_MESSAGE")!\n#include "message.h"\n!' \ + src/vlock-main.c + sed -i -re 's/(fprintf[^"]*")(.*user)/\1${unlockCSI}\2/' \ + src/auth-pam.c + ''; + }); +in { + options.vuizvui.vlock.enable = lib.mkEnableOption "console lock"; + + config.systemd.sockets.vlock = { + description = "Console Lock Socket"; + wantedBy = [ "sockets.target" ]; + socketConfig.ListenStream = "/run/console-lock.sock"; + socketConfig.Accept = true; + }; + + config.systemd.services."vlock@" = lib.mkIf config.vuizvui.vlock.enable { + description = "Lock All Consoles"; + serviceConfig.Type = "oneshot"; + + #environment.USER = "%i"; XXX + environment.USER = "aszlig"; + + script = '' + retval=0 + oldvt="$("${pkgs.kbd}/bin/fgconsole")" + "${vlock}/bin/vlock" -asn || retval=$? + if [ $retval -ne 0 ]; then "${pkgs.kbd}/bin/chvt" "$oldvt"; fi + exit $retval + ''; + }; +} |