diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 665ec08..fdbae45 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * The `configure` operation now disables WIFI interfaces. (#2, #13) * The `configure` operation now installs a `nilrt-snac-conflicts` meta-package, so that the tool can forbid re-installation of non-compliant packages. (#5) * The `configure` operation now installs `libpwquality` and enables password quality checks. (#11) +* The `configure` operation now installs and configures `tmux` as the shell, including adding a 15 minute inactivity lock (#17) ### Changed diff --git a/nilrt_snac/_configs/__init__.py b/nilrt_snac/_configs/__init__.py index 08700f2..e972ccf 100644 --- a/nilrt_snac/_configs/__init__.py +++ b/nilrt_snac/_configs/__init__.py @@ -8,6 +8,7 @@ from nilrt_snac._configs._ntp_config import _NTPConfig from nilrt_snac._configs._opkg_config import _OPKGConfig from nilrt_snac._configs._pwquality_config import _PWQualityConfig +from nilrt_snac._configs._tmux_config import _TmuxConfig from nilrt_snac._configs._wifi_config import _WIFIConfig from nilrt_snac._configs._wireguard_config import _WireguardConfig from nilrt_snac._configs._x11_config import _X11Config @@ -25,5 +26,6 @@ _FaillockConfig(), _X11Config(), _ConsoleConfig(), + _TmuxConfig(), _PWQualityConfig(), ] diff --git a/nilrt_snac/_configs/_tmux_config.py b/nilrt_snac/_configs/_tmux_config.py new file mode 100644 index 0000000..c2d25aa --- /dev/null +++ b/nilrt_snac/_configs/_tmux_config.py @@ -0,0 +1,69 @@ +import argparse +import textwrap + +from nilrt_snac._configs._base_config import _BaseConfig +from nilrt_snac._configs._config_file import _ConfigFile + +from nilrt_snac import logger +from nilrt_snac.OpkgHelper import opkg_helper + + +class _TmuxConfig(_BaseConfig): + def __init__(self): + self._opkg_helper = opkg_helper + + def configure(self, args: argparse.Namespace) -> None: + print("Configuring tmux...") + snac_config_file = _ConfigFile("/usr/share/tmux/conf.d/snac.conf") + profile_file = _ConfigFile("/etc/profile.d/tmux.sh") + dry_run: bool = args.dry_run + self._opkg_helper.install("tmux") + + if not snac_config_file.exists(): + snac_config_file.add( + textwrap.dedent( + """ + # NILRT SNAC configuration tmux-snac.conf. Do not hand-edit. + set -g lock-after-time 900 + """ + ) + ) + + if not profile_file.exists(): + profile_file.add( + textwrap.dedent( + """ + # NILRT SNAC configuration tmux.sh. Do not hand-edit. + if [ "$PS1" ]; then + parent=$(ps -o ppid= -p $$) + name=$(ps -o comm= -p $parent) + case "$name" in (sshd|login) exec tmux ;; esac + fi + """ + ) + ) + + snac_config_file.save(dry_run) + profile_file.save(dry_run) + + def verify(self, args: argparse.Namespace) -> bool: + print("Verifying tmux configuration...") + snac_config_file = _ConfigFile("/usr/share/tmux/conf.d/snac.conf") + profile_file = _ConfigFile("/etc/profile.d/tmux.sh") + valid = True + if not self._opkg_helper.is_installed("tmux"): + valid = False + logger.error("MISSING: tmux not installed") + if not snac_config_file.exists(): + valid = False + logger.error(f"MISSING: {snac_config_file.path} not found") + if not snac_config_file.contains("set -g lock-after-time"): + valid = False + logger.error("MISSING: commands to inactivity lock") + if not profile_file.exists(): + valid = False + logger.error(f"MISSING: {profile_file.path} not found") + if not profile_file.contains("exec tmux"): + valid = False + logger.error("MISSING: command to replace shell with tmux") + return valid