New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xsecurelock: add extra derivation parameter and NixOS module #47263
Conversation
7f2c6db
to
27eec93
Compare
@GrahamcOfBorg build xsecurelock |
No attempt on x86_64-darwin (full log) The following builds were skipped because they don't evaluate on x86_64-darwin: xsecurelock Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: xsecurelock Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: xsecurelock Partial log (click to expand)
|
# Allow adding extra modules to the helper directory | ||
postInstall = | ||
let | ||
copyHelper = path: "cp -v ${path} $out/libexec/xsecurelock/"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem with doing this is we have to rebuild with every new module. Instead, I would recommend patching xsecurelock so that HELPER_PATH is /run/curren-system/sw
that way modules can just go into systemPackages.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does that break when you don't have the package installed system-wide, though? Since it's a compile-time option, I think that means that if you're installing this using nix-env -i
, xsecurelock
won't be able to find any helpers since they'll be in /nix/var/nix/profiles/
?
Can we get it to look at |
So, after some digging, it turns out that xsecurelock_saver_image = pkgs.writeScriptBin "saver_image" ''
#!${pkgs.stdenv.shell}
# Blank the screen if we don't have an image file.
if [ -z "$XSECURELOCK_IMAGE_FILE" ]; then
exec ${pkgs.xsecurelock}/libexec/xsecurelock/saver_blank
fi
# Otherwise, draw onto the given window.
${pkgs.xloadimage}/bin/xloadimage \
-fullscreen \
-windowid $XSCREENSAVER_WINDOW \
$XSECURELOCK_IMAGE_FILE
# This will get killed by xsecurelock, so just wait forever.
exec sleep 86400
''; |
Motivation for this change
I'd like to use
xsecurelock
in NixOS, but adding a new screensaver or auth module requires that you build the changes into the derivation. I've added a NixOS module that allows easier configuration of such modules.I would appreciate any input; I think this is the first NixOS module I've ever written from scratch.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)cc? @fpletz (maintainer of
xsecurelock
)