add: yubilock nix package

2026-05-29 15:44:32 -04:00
parent aa5251a603
commit a81f667f94
3 changed files with 60 additions and 4 deletions
--- a/pkgs/linux/yubilock/yubilock.sh
+++ b/pkgs/linux/yubilock/yubilock.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+SESSIONS=($(loginctl list-sessions --no-legend | awk '{ print $1 }'))
+
+for SESSION_ID in "${SESSIONS[@]}"
+do
+  USERNAME=$(loginctl show-session ${SESSION_ID} -p Name --value)
+  SESSION_TYPE=$(loginctl show-session ${SESSION_ID} -p Type --value) # should be x11 or wayland
+  SESSION_LOCKED=$(loginctl show-session ${SESSION_ID} -p LockedHint --value) # yes/no
+  USER_DIR=$(getent passwd "$USERNAME" | cut -d: -f6)
+  KEY_FILE="$USER_DIR/.yubikeys"
+
+  if ! [[ "$SESSION_TYPE" == "x11" || "$SESSION_TYPE" == "wayland" ]]; then
+    continue
+  fi
+  if ! [ -e "$KEY_FILE" ]; then
+    continue
+  fi
+
+  MATCHING_KEYS=$(comm -12 <(ykman list --serials | sort) <(sort $KEY_FILE))
+
+  if [[ $MATCHING_KEYS == "" ]]; then
+    if [[ $SESSION_LOCKED == "no" ]]; then
+      logger "All YubiKeys Removed ($USERNAME)"
+      loginctl lock-session ${SESSION_ID}
+    fi
+  else
+    if [[ $SESSION_LOCKED == "yes" ]]; then
+      logger "YubiKey Found, Unlocking ($USERNAME)"
+      loginctl activate ${SESSION_ID}
+      loginctl unlock-session ${SESSION_ID}
+    fi
+  fi
+done