nixos-config/profiles/security/vlock.nix

28 lines
823 B
Nix

{ config, pkgs, lib, ... }: {
environment.loginShellInit = lib.mkBefore ''
[[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this
'';
environment.systemPackages = [
(pkgs.writeShellScriptBin "lock" ''
set -euo pipefail
if [[ "$1" == this ]]
then args="-s"
else args="-san"
fi
${lib.optionalString (config.deviceSpecific.isLaptop)
''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''}
'')
];
security.sudo = {
enable = true;
extraConfig = ''
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock this
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -A 5
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -U 5
'';
};
}