* Add tmux configuration when snac mode is enabled

  * Set lock time to 15 minutes of inactivity
  * Switch shell to tmux on login so inactivity lock can be used

Signed-off-by: Mark Silva <[email protected]>

docs/CHANGELOG.md

@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * The `configure` operation now disables WIFI interfaces. (#2, #13)
 * The `configure` operation now installs a `nilrt-snac-conflicts` meta-package, so that the tool can forbid re-installation of non-compliant packages. (#5)
 * The `configure` operation now installs `libpwquality` and enables password quality checks. (#11)
+* The `configure` operation now installs and configures `tmux` as the shell, including adding a 15 minute inactivity lock (#17)
 
 ### Changed
 

nilrt_snac/_configs/__init__.py

@@ -8,6 +8,7 @@
 from nilrt_snac._configs._ntp_config import _NTPConfig
 from nilrt_snac._configs._opkg_config import _OPKGConfig
 from nilrt_snac._configs._pwquality_config import _PWQualityConfig
+from nilrt_snac._configs._tmux_config import _TmuxConfig
 from nilrt_snac._configs._wifi_config import _WIFIConfig
 from nilrt_snac._configs._wireguard_config import _WireguardConfig
 from nilrt_snac._configs._x11_config import _X11Config
@@ -25,5 +26,6 @@
     _FaillockConfig(),
     _X11Config(),
     _ConsoleConfig(),
+    _TmuxConfig(),
     _PWQualityConfig(),
 ]

nilrt_snac/_configs/_tmux_config.py

@@ -0,0 +1,70 @@
+import argparse
+import subprocess
+import textwrap
+
+from nilrt_snac._configs._base_config import _BaseConfig
+from nilrt_snac._configs._config_file import _ConfigFile
+
+from nilrt_snac import logger, SNAC_DATA_DIR
+from nilrt_snac.OpkgHelper import opkg_helper
+
+
+class _TmuxConfig(_BaseConfig):
+    def __init__(self):
+        self._opkg_helper = opkg_helper
+
+    def configure(self, args: argparse.Namespace) -> None:
+        print("Configuring tmux...")
+        snac_config_file = _ConfigFile("/usr/share/tmux/conf.d/snac.conf")
+        profile_file = _ConfigFile("/etc/profile.d/tmux.sh")
+        dry_run: bool = args.dry_run
+        self._opkg_helper.install("tmux")
+
+        if not snac_config_file.exists():
+            snac_config_file.add(
+                textwrap.dedent(
+                    """
+                    # NILRT SNAC configuration tmux-snac.conf. Do not hand-edit.
+                    set -g lock-after-time 900
+                    """
+                )
+            )
+
+        if not profile_file.exists():
+            profile_file.add(
+                textwrap.dedent(
+                    """
+                    # NILRT SNAC configuration tmux.sh. Do not hand-edit.
+                    if [ "$PS1" ]; then
+                        parent=$(ps -o ppid= -p $$)
+                        name=$(ps -o comm= -p $parent)
+                        case "$name" in (sshd|login) exec tmux ;; esac
+                    fi
+                    """
+                )
+            )
+
+        snac_config_file.save(dry_run)
+        profile_file.save(dry_run)
+
+    def verify(self, args: argparse.Namespace) -> bool:
+        print("Verifying tmux configuration...")
+        snac_config_file = _ConfigFile("/usr/share/tmux/conf.d/snac.conf")
+        profile_file = _ConfigFile("/etc/profile.d/tmux.sh")
+        valid = True
+        if not self._opkg_helper.is_installed("tmux"):
+            valid = False
+            logger.error("MISSING: tmux not installed")
+        if not snac_config_file.exists():
+            valid = False
+            logger.error(f"MISSING: {snac_config_file.path} not found")
+        if not snac_config_file.contains("set -g lock-after-time"):
+            valid = False
+            logger.error("MISSING: commands to inactivity lock")
+        if not profile_file.exists():
+            valid = False
+            logger.error(f"MISSING: {profile_file.path} not found")
+        if not profile_file.contains("exec tmux"):
+            valid = False
+            logger.error("MISSING: command to replace shell with tmux")
+        return valid