add: readme addition

add: yubilock nix package
mod: adjusted title
2026-05-29 16:38:58 -04:00 · 2026-05-29 15:44:32 -04:00 · 2026-05-25 18:20:05 -04:00 · 2026-05-25 18:17:31 -04:00 · 2026-05-25 18:14:28 -04:00
5 changed files with 68 additions and 5 deletions
--- a/README.md
+++ b/README.md
@@ -1,13 +1,17 @@
-# Miller NUR
+# Miller Nix User Repository

 Designed and developed by Wyatt J. Miller
+
 Copyright 2026, all rights reserved
+
 Licensed by the EPL 2.0

 ## What is this?

 These are Nix packages that are not in Nixpkgs but I still want to be accessible in a binary cache. More Nix packages to come!

+This issue came about when I had several computers compiling the same Nix packages (and overlays) over and over. Knowing a Nix binary cache and Nix substitutions existed, I knew I had to scratch my own itch.
+
 Viewers are able to use these Nix packages and stand up their own Nix binary cache themselves (adhering to the license).

 ## Attribution
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,6 +1,8 @@
-{ pkgs }: {
+{ pkgs }:
+{
  # sable-web = pkgs.callPackage ./common/sable.nix {};
  swaytreesave = pkgs.callPackage ./linux/swaytreesave.nix { };
  musicpresence = pkgs.callPackage ./linux/musicpresence.nix { };
  vintage-story = pkgs.callPackage ./linux/vintage-story.nix { };
+  yubilock = pkgs.callPackage ./linux/yubilock/default.nix { };
 }
--- a/pkgs/linux/yubilock/README.md
+++ b/pkgs/linux/yubilock/README.md
@@ -0,0 +1,3 @@
+# Yubilock
+
+A Yubikey unlocking script that allows unlocking of sessions when attached.
--- a/pkgs/linux/yubilock/default.nix
+++ b/pkgs/linux/yubilock/default.nix
@@ -0,0 +1,21 @@
+{ pkgs }:
+let
+  name = "yubilock";
+  runtimeInputs = with pkgs; [
+    systemd
+    coreutils
+    yubikey-manager
+    gawk
+    getent
+    logger
+  ];
+  yubilock = (pkgs.writeScriptBin name (builtins.readFile ./yubilock.sh)).overrideAttrs (old: {
+    buildCommand = "${old.buildCommand}\n patchShebangs $out";
+  });
+in
+pkgs.symlinkJoin {
+  inherit name;
+  paths = [ yubilock ] ++ runtimeInputs;
+  buildInputs = [ pkgs.makeWrapper ];
+  postBuild = "wrapProgram $out/bin/${name} --prefix PATH : $out/bin";
+}
--- a/pkgs/linux/yubilock/yubilock.sh
+++ b/pkgs/linux/yubilock/yubilock.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+SESSIONS=($(loginctl list-sessions --no-legend | awk '{ print $1 }'))
+
+for SESSION_ID in "${SESSIONS[@]}"
+do
+  USERNAME=$(loginctl show-session ${SESSION_ID} -p Name --value)
+  SESSION_TYPE=$(loginctl show-session ${SESSION_ID} -p Type --value) # should be x11 or wayland
+  SESSION_LOCKED=$(loginctl show-session ${SESSION_ID} -p LockedHint --value) # yes/no
+  USER_DIR=$(getent passwd "$USERNAME" | cut -d: -f6)
+  KEY_FILE="$USER_DIR/.yubikeys"
+
+  if ! [[ "$SESSION_TYPE" == "x11" || "$SESSION_TYPE" == "wayland" ]]; then
+    continue
+  fi
+  if ! [ -e "$KEY_FILE" ]; then
+    continue
+  fi
+
+  MATCHING_KEYS=$(comm -12 <(ykman list --serials | sort) <(sort $KEY_FILE))
+
+  if [[ $MATCHING_KEYS == "" ]]; then
+    if [[ $SESSION_LOCKED == "no" ]]; then
+      logger "All YubiKeys Removed ($USERNAME)"
+      loginctl lock-session ${SESSION_ID}
+    fi
+  else
+    if [[ $SESSION_LOCKED == "yes" ]]; then
+      logger "YubiKey Found, Unlocking ($USERNAME)"
+      loginctl activate ${SESSION_ID}
+      loginctl unlock-session ${SESSION_ID}
+    fi
+  fi
+done
Author	SHA1	Message	Date
Wyatt J. Miller	0f78716e90	add: readme addition	2026-05-29 16:38:58 -04:00
Wyatt J. Miller	a81f667f94	add: yubilock nix package	2026-05-29 15:44:32 -04:00
Wyatt J. Miller	aa5251a603	mod: adjusted title Some checks failed Publish packages to Attic / publish (push) Has been cancelled Details	2026-05-25 18:20:05 -04:00
Wyatt J. Miller	8156b87975	mod: readme additions Some checks failed Publish packages to Attic / publish (push) Has been cancelled Details	2026-05-25 18:17:31 -04:00
Wyatt J. Miller	60f43140e9	mod: add readme spacing Some checks failed Publish packages to Attic / publish (push) Has been cancelled Details	2026-05-25 18:14:28 -04:00