{
config,
lib,
pkgs,
...
}: {
config = let
inherit (lib) getExe mkIf;
cfg = config.roles.desktop;
hmCfg = config.home-manager.users.${cfg.user};
hyprPkg = hmCfg.wayland.windowManager.hyprland.finalPackage;
lockPkg =
if cfg.ags.enable
then
pkgs.writeShellApplication {
name = "lock";
runtimeInputs = [hmCfg.programs.ags.finalPackage];
text = ''
ags -r 'Tablet.setLaptopMode()'
ags -b lockscreen -c /home/${cfg.user}/.config/ags/lockscreen.js
'';
}
else hmCfg.programs.ags-v2.lockPkg;
runInDesktop = pkgs.writeShellApplication {
name = "runInDesktop";
runtimeInputs = [
pkgs.sudo
hyprPkg
];
text = ''
params=( "$@" )
user="$(id -u ${cfg.user})"
readarray -t SIGS <<< "$(ls "/run/user/$user/hypr/")"
run() {
export HYPRLAND_INSTANCE_SIGNATURE="$1"
sudo -Eu ${cfg.user} hyprctl dispatch exec "''${params[@]}"
}
i=0
while ! run "''${SIGS[$i]}"; do
((i+=1))
done
'';
};
in {
services.acpid = mkIf cfg.isLaptop {
enable = true;
lidEventCommands =
# bash
''
LID="/proc/acpi/button/lid/LID/state"
state=$(${pkgs.gawk}/bin/awk '{print $2}' "$LID")
case "$state" in
*open*)
${getExe runInDesktop} "${getExe lockPkg} request 'authFinger()'"
;;
*close*)
${getExe runInDesktop} "${getExe lockPkg}"
;;
*)
logger -t lid-handler "Failed to detect lid state ($state)"
;;
esac
'';
};
home-manager.users.${cfg.user} = {
home.packages = [
pkgs.seahorse
lockPkg
];
wayland.windowManager.hyprland = {
settings = {
exec-once = [
"gnome-keyring-daemon --start --components=secrets"
"${pkgs.plasma5Packages.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1"
];
windowrule = [
"float,^(org.kde.polkit-kde-authentication-agent-1)$"
"size 741 288,^(org.kde.polkit-kde-authentication-agent-1)$"
"center,^(org.kde.polkit-kde-authentication-agent-1)$"
# For GParted auth
"size 741 288,^(org.kde.ksshaskpass)$"
"move cursor -370 -144,^(org.kde.ksshaskpass)$"
];
bind = [
"$mainMod, L, exec, ${getExe lockPkg}"
];
};
};
};
};
# For accurate stack trace
_file = ./security.nix;
}