stockholm/tv/3modules/slock.nix

with import <stockholm/lib>;
{ config, pkgs, ... }: let
  cfg = config.tv.slock;
in {
  options.tv.slock = {
    enable = mkEnableOption "tv.slock";
    package = mkOption {
      default = pkgs.writeDashBin "slock" ''
        set -efu
        display=''${DISPLAY#:}
        service=slock-$LOGNAME@$display.service
        exec ${pkgs.systemd}/bin/systemctl start "$service"
      '';
      type = types.package;
    };
    user = mkOption {
      type = types.user;
    };
  };
  config = mkIf cfg.enable {
    security.polkit.extraConfig = /* js */ ''
      polkit.addRule(function(action, subject) {
        if (action.id === "org.freedesktop.systemd1.manage-units" &&
            subject.user === ${toJSON cfg.user.name} &&
            /^slock-${cfg.user.name}@[0-9]+\.service$/.test(action.lookup("unit")) ) {
          return polkit.Result.YES;
        }
      });
    '';
    systemd.services."slock-${cfg.user.name}@" = {
      environment = {
        DISPLAY = ":%I";
        LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {
          passAsFile = ["text"];
          text = /* c */ ''
            #include <shadow.h>
            #include <unistd.h>

            static struct spwd entry = {
              .sp_namp = "",
              .sp_pwdp =
                ${toC config.users.users.${cfg.user.name}.hashedPassword},
              .sp_lstchg = 0,
              .sp_min = 0,
              .sp_max = 0,
              .sp_warn = 0,
              .sp_inact = 0,
              .sp_expire = 0,
              .sp_flag = 0,
            };

            extern struct spwd *getspnam(const char *name) { return &entry; }
            extern int setgroups(size_t size, const gid_t *list) { return 0; }
            extern int setgid(gid_t gid) { return 0; }
            extern int setuid(uid_t uid) { return 0; }
          '';
        } /* sh */ ''
          gcc -Wall -shared -o $out -xc "$textPath"
        '';
      };
      restartIfChanged = false;
      serviceConfig = {
        ExecStart = "${pkgs.slock}/bin/slock";
        OOMScoreAdjust = -1000;
        Restart = "on-failure";
        RestartSec = "100ms";
        StartLimitBurst = 0;
        SyslogIdentifier = "slock";
        User = cfg.user.name;
      };
    };
  };
}
tv slock service: init 2018-12-02 14:35:37 +00:00			`with import <stockholm/lib>;`
			`{ config, pkgs, ... }: let`
			`cfg = config.tv.slock;`
			`in {`
			`options.tv.slock = {`
			`enable = mkEnableOption "tv.slock";`
			`package = mkOption {`
tv slock service: support multiple displays 2019-01-07 10:23:25 +00:00			`default = pkgs.writeDashBin "slock" ''`
			`set -efu`
			`display=''${DISPLAY#:}`
			`service=slock-$LOGNAME@$display.service`
			`exec ${pkgs.systemd}/bin/systemctl start "$service"`
			`'';`
tv slock service: init 2018-12-02 14:35:37 +00:00			`type = types.package;`
			`};`
			`user = mkOption {`
			`type = types.user;`
			`};`
			`};`
			`config = mkIf cfg.enable {`
			`security.polkit.extraConfig = /* js */ ''`
			`polkit.addRule(function(action, subject) {`
tv slock service: support multiple displays 2019-01-07 10:23:25 +00:00			`if (action.id === "org.freedesktop.systemd1.manage-units" &&`
			`subject.user === ${toJSON cfg.user.name} &&`
			`/^slock-${cfg.user.name}@[0-9]+\.service$/.test(action.lookup("unit")) ) {`
tv slock service: init 2018-12-02 14:35:37 +00:00			`return polkit.Result.YES;`
			`}`
			`});`
			`'';`
tv slock service: support multiple displays 2019-01-07 10:23:25 +00:00			`systemd.services."slock-${cfg.user.name}@" = {`
tv slock service: init 2018-12-02 14:35:37 +00:00			`environment = {`
tv slock service: support multiple displays 2019-01-07 10:23:25 +00:00			`DISPLAY = ":%I";`
tv slock service: init 2018-12-02 14:35:37 +00:00			`LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {`
			`passAsFile = ["text"];`
			`text = /* c */ ''`
			`#include <shadow.h>`
			`#include <unistd.h>`

			`static struct spwd entry = {`
			`.sp_namp = "",`
			`.sp_pwdp =`
			`${toC config.users.users.${cfg.user.name}.hashedPassword},`
			`.sp_lstchg = 0,`
			`.sp_min = 0,`
			`.sp_max = 0,`
			`.sp_warn = 0,`
			`.sp_inact = 0,`
			`.sp_expire = 0,`
			`.sp_flag = 0,`
			`};`

			`extern struct spwd getspnam(const char name) { return &entry; }`
			`extern int setgroups(size_t size, const gid_t *list) { return 0; }`
			`extern int setgid(gid_t gid) { return 0; }`
			`extern int setuid(uid_t uid) { return 0; }`
			`'';`
			`} /* sh */ ''`
			`gcc -Wall -shared -o $out -xc "$textPath"`
			`'';`
			`};`
			`restartIfChanged = false;`
			`serviceConfig = {`
			`ExecStart = "${pkgs.slock}/bin/slock";`
			`OOMScoreAdjust = -1000;`
			`Restart = "on-failure";`
			`RestartSec = "100ms";`
			`StartLimitBurst = 0;`
			`SyslogIdentifier = "slock";`
			`User = cfg.user.name;`
			`};`
			`};`
			`};`
			`}`