tv slock service: init
This commit is contained in:
parent
b9bd7a08b8
commit
9f4d207bb7
@ -6,6 +6,7 @@
|
||||
./hosts.nix
|
||||
./iptables.nix
|
||||
./nixpkgs-overlays.nix
|
||||
./slock.nix
|
||||
./x0vncserver.nix
|
||||
];
|
||||
}
|
||||
|
71
tv/3modules/slock.nix
Normal file
71
tv/3modules/slock.nix
Normal file
@ -0,0 +1,71 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }: let
|
||||
cfg = config.tv.slock;
|
||||
in {
|
||||
options.tv.slock = {
|
||||
enable = mkEnableOption "tv.slock";
|
||||
package = mkOption {
|
||||
default = pkgs.execBin "slock" rec {
|
||||
filename = "${pkgs.systemd}/bin/systemctl";
|
||||
argv = [ filename "start" "slock-${cfg.user.name}.service" ];
|
||||
};
|
||||
type = types.package;
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
security.polkit.extraConfig = /* js */ ''
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (action.id == "org.freedesktop.systemd1.manage-units" &&
|
||||
action.lookup("unit") == "slock-${cfg.user.name}.service" &&
|
||||
subject.user == ${toJSON cfg.user.name}) {
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
});
|
||||
'';
|
||||
systemd.services."slock-${cfg.user.name}" = {
|
||||
environment = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
LD_PRELOAD = pkgs.runCommandCC "slock-${cfg.user.name}.so" {
|
||||
passAsFile = ["text"];
|
||||
text = /* c */ ''
|
||||
#include <shadow.h>
|
||||
#include <unistd.h>
|
||||
|
||||
static struct spwd entry = {
|
||||
.sp_namp = "",
|
||||
.sp_pwdp =
|
||||
${toC config.users.users.${cfg.user.name}.hashedPassword},
|
||||
.sp_lstchg = 0,
|
||||
.sp_min = 0,
|
||||
.sp_max = 0,
|
||||
.sp_warn = 0,
|
||||
.sp_inact = 0,
|
||||
.sp_expire = 0,
|
||||
.sp_flag = 0,
|
||||
};
|
||||
|
||||
extern struct spwd *getspnam(const char *name) { return &entry; }
|
||||
extern int setgroups(size_t size, const gid_t *list) { return 0; }
|
||||
extern int setgid(gid_t gid) { return 0; }
|
||||
extern int setuid(uid_t uid) { return 0; }
|
||||
'';
|
||||
} /* sh */ ''
|
||||
gcc -Wall -shared -o $out -xc "$textPath"
|
||||
'';
|
||||
};
|
||||
restartIfChanged = false;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.slock}/bin/slock";
|
||||
OOMScoreAdjust = -1000;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "100ms";
|
||||
StartLimitBurst = 0;
|
||||
SyslogIdentifier = "slock";
|
||||
User = cfg.user.name;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user