Gitiles
Code Review Sign In
git.clicks.codes / Minion / NixFiles / a2dabd7d99048de8a21b5bf7cd63e2acac5e8687 / . / modules / security.nix
blob: 0cf05868cdd717ff566b6e73d51e4ff0fa5eaab4 [file] [log] [blame]
Skyler Grey252927a2022-10-18 22:18:15 +0100[diff] [blame]1{ lib
2, pkgs
3, config
4, ...
5}:
6let
Skyler Greya2dabd72022-10-31 00:36:05 +0000[diff] [blame^]7 lockMessage = "This computer has been locked, please authenticate to continue";
Skyler Grey252927a2022-10-18 22:18:15 +0100[diff] [blame]8in
9{
Skyler Greyff3c6a22022-08-21 07:25:02 +0100[diff] [blame]10 config = {
11 security.apparmor = {
12 enable = true;
13 killUnconfinedConfinables = true;
14 };
15
16 boot.initrd.availableKernelModules = [
17 "aesni_intel"
18 "cryptd"
19 ];
20
21 boot.initrd.luks.devices = {
Skyler Grey91935932022-09-01 23:43:06 +0100[diff] [blame]22 nix.device = "/dev/disk/by-label/NIX";
23 swap.device = "/dev/disk/by-label/SWAP";
24 hdd.device = "/dev/disk/by-label/HDD";
Skyler Grey0fa154f2022-08-21 07:30:37 +0100[diff] [blame]25 };
Skyler Grey91935932022-09-01 23:43:06 +0100[diff] [blame]26
27 services.physlock = {
28 inherit lockMessage;
29 enable = true;
30 allowAnyUser = true;
31 };
32 };
33
Skyler Grey252927a2022-10-18 22:18:15 +0100[diff] [blame]34 home =
35 let
36 lockCommand =
37 lib.pipe ''
38 ${pkgs.sway}/bin/swaymsg output "*" dpms off
39 ${pkgs.systemd}/bin/systemd-inhibit --why="Already locked" --what=idle --who="lock script" ${config.security.wrapperDir}/physlock -s -p "${lockMessage}"
40 while [ $(${pkgs.sway}/bin/swaymsg -t get_outputs | ${pkgs.jq}/bin/jq "[.[] | .dpms] | any") = "false" ]; do ${pkgs.coreutils}/bin/sleep 0.1; ${pkgs.sway}/bin/swaymsg output "*" dpms on; done
41 '' [
42 (lib.splitString "\n")
43 (lib.filter (line: line != ""))
44 (lib.concatStringsSep " && ")
45 ];
46 in
47 {
48 services.swayidle = {
49 enable = true;
50 timeouts = [
51 {
52 timeout = 60;
53 command = lockCommand;
54 }
55 ];
56 };
57 home.packages = [
58 (pkgs.writeScriptBin "lock" lockCommand)
Skyler Grey91935932022-09-01 23:43:06 +0100[diff] [blame]59 ];
60 };
Skyler Grey6aa7c262022-08-20 22:22:03 +0100[diff] [blame]61}