blob: 34d0be3b1beb99fb0bb021a69cd60ec500a0cc47 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.physlock;
in
{
###### interface
options = {
services.physlock = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the <command>physlock</command> screen locking mechanism.
Enable this and then run <command>systemctl start physlock</command>
to securely lock the screen.
This will switch to a new virtual terminal, turn off console
switching and disable SysRq mechanism (when
<option>services.physlock.disableSysRq</option> is set)
until the root or <option>services.physlock.user</option>
password is given.
'';
};
user = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
User whose password will be used to unlock the screen on par
with the root password.
'';
};
disableSysRq = mkOption {
type = types.bool;
default = true;
description = ''
Whether to disable SysRq when locked with physlock.
'';
};
lockOn = {
suspend = mkOption {
type = types.bool;
default = true;
description = ''
Whether to lock screen with physlock just before suspend.
'';
};
hibernate = mkOption {
type = types.bool;
default = true;
description = ''
Whether to lock screen with physlock just before hibernate.
'';
};
extraTargets = mkOption {
type = types.listOf types.str;
default = [];
example = [ "display-manager.service" ];
description = ''
Other targets to lock the screen just before.
Useful if you want to e.g. both autologin to X11 so that
your <filename>~/.xsession</filename> gets executed and
still to have the screen locked so that the system can be
booted relatively unattended.
'';
};
};
};
};
###### implementation
config = mkIf cfg.enable {
# for physlock -l and physlock -L
environment.systemPackages = [ pkgs.physlock ];
systemd.services."physlock" = {
enable = true;
description = "Physlock";
wantedBy = optional cfg.lockOn.suspend "suspend.target"
++ optional cfg.lockOn.hibernate "hibernate.target"
++ cfg.lockOn.extraTargets;
before = optional cfg.lockOn.suspend "systemd-suspend.service"
++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
++ cfg.lockOn.extraTargets;
serviceConfig.Type = "forking";
script = ''
${pkgs.physlock}/bin/physlock -d${optionalString cfg.disableSysRq "s"}${optionalString (cfg.user != null) " -u ${cfg.user}"}
'';
};
};
}
|