Use physlock as a screenlocker
- Rather than just adding a screen overlay, physlock switches VT, stopping any
bugs such as the screenlocker crashing and opening the system or the
screenlocker taking a few moments to wake after sleep
- Add scripts for inhibiting idle time (e.g. for waybar && waycorner) to stop
timed screenlock
diff --git a/modules/security.nix b/modules/security.nix
index a73907c..3bc5cb4 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -1,4 +1,11 @@
{
+ lib,
+ pkgs,
+ config,
+ ...
+}: let
+ lockMessage = "This computer has been locked, please enter your password to continue";
+in {
config = {
security.apparmor = {
enable = true;
@@ -11,9 +18,41 @@
];
boot.initrd.luks.devices = {
- nix.device = "/dev/disk/by-label/nix";
- swap.device = "/dev/disk/by-label/swap";
- hdd.device = "/dev/disk/by-label/hdd";
+ nix.device = "/dev/disk/by-label/NIX";
+ swap.device = "/dev/disk/by-label/SWAP";
+ hdd.device = "/dev/disk/by-label/HDD";
};
+
+ services.physlock = {
+ inherit lockMessage;
+ enable = true;
+ allowAnyUser = true;
+ };
+ };
+
+ home = let
+ lockCommand = lib.pipe ''
+ ${pkgs.sway}/bin/swaymsg output "*" dpms off
+ ${config.security.wrapperDir}/physlock -s -p "${lockMessage}"
+ while [ $(${pkgs.sway}/bin/swaymsg -t get_seats | ${pkgs.jq}/bin/jq "[.[] | .capabilities] | max") -eq 0 ]; do ${pkgs.coreutils}/bin/sleep 0.1; done
+ ${pkgs.sway}/bin/swaymsg output "*" dpms on
+ '' [
+ (lib.splitString "\n")
+ (lib.filter (line: line != ""))
+ (lib.concatStringsSep " && ")
+ ];
+ in {
+ services.swayidle = {
+ enable = true;
+ timeouts = [
+ {
+ timeout = 60;
+ command = lockCommand;
+ }
+ ];
+ };
+ home.packages = [
+ (pkgs.writeScriptBin "lock" lockCommand)
+ ];
};
}