NixOS · RaitoBezarius · Dec 22, 2022 · Dec 11, 2022 · Dec 18, 2022
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -180,6 +180,7 @@
   ./programs/hamster.nix
   ./programs/htop.nix
   ./programs/iftop.nix
+  ./programs/i3lock.nix
   ./programs/iotop.nix
   ./programs/java.nix
   ./programs/k40-whisperer.nix

diff --git a/nixos/modules/programs/i3lock.nix b/nixos/modules/programs/i3lock.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.programs.i3lock;
+
+in {
+
+  ###### interface
+
+  options = {
+    programs.i3lock = {
+      enable = mkEnableOption (mdDoc "i3lock");
+      package = mkOption {
+        type        = types.package;
+        default     = pkgs.i3lock;
+        defaultText = literalExpression "pkgs.i3lock";
+        example     = literalExpression ''
+          pkgs.i3lock-color
+        '';
+        description = mdDoc ''
+          Specify which package to use for the i3lock program,
+          The i3lock package must include a i3lock file or link in its out directory in order for the u2fSupport option to work correctly.
+        '';
+      };
+      u2fSupport = mkOption {
+        type        = types.bool;
+        default     = false;
+        example     = true;
+        description = mdDoc ''
+          Whether to enable U2F support in the i3lock program.
+          U2F enables authentication using a hardware device, such as a security key.
+          When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service,
+        '';
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ cfg.package ];
+
+    security.wrappers.i3lock = mkIf cfg.u2fSupport {
+      setuid = true;
+      owner = "root";
+      group = "root";
+      source = "${cfg.package.out}/bin/i3lock";
+    };
+
+    security.pam.services.i3lock.u2fAuth = cfg.u2fSupport;
+
+  };
+
+}
diff --git a/pkgs/applications/window-managers/i3/lock-color.nix b/pkgs/applications/window-managers/i3/lock-color.nix
@@ -25,6 +25,7 @@ stdenv.mkDerivation rec {
   installFlags = [ "PREFIX=\${out}" "SYSCONFDIR=\${out}/etc" "MANDIR=\${out}/share/man" ];
   postInstall = ''
     mv $out/bin/i3lock $out/bin/i3lock-color
+    ln -s $out/bin/i3lock-color $out/bin/i3lock
     mv $out/share/man/man1/i3lock.1 $out/share/man/man1/i3lock-color.1
     sed -i 's/\(^\|\s\|"\)i3lock\(\s\|$\)/\1i3lock-color\2/g' $out/share/man/man1/i3lock-color.1
   '';

diff --git a/pkgs/applications/window-managers/i3/lock-fancy-rapid.nix b/pkgs/applications/window-managers/i3/lock-fancy-rapid.nix
@@ -20,6 +20,7 @@ stdenv.mkDerivation rec {
 
   installPhase = ''
     install -D i3lock-fancy-rapid $out/bin/i3lock-fancy-rapid
+    ln -s $out/bin/i3lock-fancy-rapid $out/bin/i3lock
   '';
 
   meta = with lib; {

diff --git a/pkgs/applications/window-managers/i3/lock-fancy.nix b/pkgs/applications/window-managers/i3/lock-fancy.nix
@@ -41,6 +41,7 @@ stdenv.mkDerivation rec {
   installPhase = ''
     mkdir -p $out/bin $out/share/i3lock-fancy/icons
     cp i3lock-fancy $out/bin/i3lock-fancy
+    ln -s $out/bin/i3lock-fancy $out/bin/i3lock
     cp icons/lock*.png $out/share/i3lock-fancy/icons
   '';