modules/lock-action: add lock-action service

this lets me remove ssh-keys and sudo tokens when my machine locks
This commit is contained in:
Aaron Bieber 2024-06-26 12:03:51 -06:00
parent 4c9a922442
commit c58f13b83f
No known key found for this signature in database
3 changed files with 51 additions and 1 deletions

View File

@ -67,7 +67,7 @@ with lib; {
config = mkMerge [
(mkIf (config.kde.enable || config.gnome.enable || config.xfce.enable) {
services = {
xserver.enable = true;
lock-action.enable = true;
pcscd.enable = true;
};

View File

@ -2,6 +2,7 @@
imports = [
./golink.nix
./gotosocial.nix
./lock-action.nix
./rtlamr2mqtt.nix
./sliding-sync.nix
./ssh-fido-agent.nix

49
modules/lock-action.nix Normal file
View File

@ -0,0 +1,49 @@
{pkgs, lib, config, ...}:
let
cfg = config.services.lock-action;
dbus-monitor = "${pkgs.dbus}/bin/dbus-monitor";
awk = "${pkgs.gawk}/bin/awk";
ssh-add = "${pkgs.openssh}/bin/ssh-add";
action-script = pkgs.writeScript "action-script" ''
export DBUS_SESSION_BUS_ADDRESS="$(systemctl --user show-environment | ${awk} -F= '/^DBUS_SESSION_BUS_ADDRESS/ {print $(NF-1) "=" $NF}')"
export SSH_AUTH_SOCK="$(systemctl --user show-environment | ${awk} -F= '/^SSH_AUTH_SOCK/ {print $NF}')"
echo $DBUS_SESSION_BUS_ADDRESS
echo $SSH_AUTH_SOCK
${dbus-monitor} --session "type='signal',interface='org.freedesktop.ScreenSaver'" | \
while read x; do
case "$x" in
*"boolean true"*)
echo "Screen Locked";
${ssh-add} -D
/run/wrappers/bin/sudo -K
esac
done
'';
in
{
options = {
services.lock-action = {
enable = lib.mkEnableOption "Enable lock actions";
};
};
config = lib.mkIf cfg.enable {
systemd.user.services.lock-action = {
enable = true;
script = ''
${action-script}
'';
environment = {
DBUS_SESSION_BUS_ADDRESS = "fake";
SSH_AUTH_SOCK = "fake";
};
wants = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
};
};
}