modules/lock-action: add lock-action service

this lets me remove ssh-keys and sudo tokens when my machine locks

gui/default.nix

@@ -67,7 +67,7 @@ with lib; {
   config = mkMerge [
     (mkIf (config.kde.enable || config.gnome.enable || config.xfce.enable) {
       services = {
-        xserver.enable = true;
+        lock-action.enable = true;
         pcscd.enable = true;
       };
 

modules/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./golink.nix
     ./gotosocial.nix
+    ./lock-action.nix
     ./rtlamr2mqtt.nix
     ./sliding-sync.nix
     ./ssh-fido-agent.nix

modules/lock-action.nix

@@ -0,0 +1,49 @@
+{pkgs, lib, config, ...}:
+let
+  cfg = config.services.lock-action;
+  dbus-monitor = "${pkgs.dbus}/bin/dbus-monitor";
+  awk = "${pkgs.gawk}/bin/awk";
+  ssh-add = "${pkgs.openssh}/bin/ssh-add";
+  action-script = pkgs.writeScript "action-script" ''
+  export DBUS_SESSION_BUS_ADDRESS="$(systemctl --user show-environment | ${awk} -F= '/^DBUS_SESSION_BUS_ADDRESS/ {print $(NF-1) "=" $NF}')"
+  export SSH_AUTH_SOCK="$(systemctl --user show-environment | ${awk} -F= '/^SSH_AUTH_SOCK/ {print $NF}')"
+
+  echo $DBUS_SESSION_BUS_ADDRESS
+  echo $SSH_AUTH_SOCK
+
+  ${dbus-monitor} --session "type='signal',interface='org.freedesktop.ScreenSaver'" | \
+  while read x; do
+    case "$x" in
+      *"boolean true"*)
+        echo "Screen Locked";
+        ${ssh-add} -D
+        /run/wrappers/bin/sudo -K
+    esac
+  done
+
+'';
+    in
+{
+  options = {
+    services.lock-action = {
+      enable = lib.mkEnableOption "Enable lock actions";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.user.services.lock-action = {
+      enable = true;
+      script = ''
+        ${action-script}
+      '';
+
+      environment = {
+        DBUS_SESSION_BUS_ADDRESS = "fake";
+        SSH_AUTH_SOCK = "fake";
+      };
+
+      wants = [ "graphical-session.target" ];
+      partOf = [ "graphical-session.target" ];
+      after = [ "graphical-session.target" ];
+    };
+  };
+}