nixos/timekpr: init at 0.5.8

Co-authored-by: Matt Sturgeon <matt@sturgeon.me.uk>
2025-06-24 07:35:19 +00:00
parent c2ae88e026
commit 33dfc47d5e
7 changed files with 251 additions and 0 deletions
--- a/nixos/doc/manual/configuration/user-mgmt.chapter.md
+++ b/nixos/doc/manual/configuration/user-mgmt.chapter.md
@@ -152,3 +152,16 @@ original files are by default stored in `/var/lib/nixos`.
 Userborn implements immutable users by re-mounting the password files
 read-only. This means that unlike when using the Perl script, trying to add a
 new user (e.g. via `useradd`) will fail right away.
 ## Restrict usage time {#sec-restrict-usage-time}
 [Timekpr-nExT](https://mjasnik.gitlab.io/timekpr-next/) is a screen time managing application that helps optimizing time spent at computer for your subordinates, children or even for yourself.
 You can enable it via:
 ```nix
 { services.timekpr.enable = true; }
 ```
 This will install the `timekpr` package and start the `timekpr` service.
 You can then use the `timekpra` application to configure time limits for users.
--- a/nixos/doc/manual/redirects.json
+++ b/nixos/doc/manual/redirects.json
@@ -335,6 +335,9 @@
  "sec-userborn": [
    "index.html#sec-userborn"
  ],
  "sec-restrict-usage-time": [
    "index.html#sec-restrict-usage-time"
  ],
  "ch-file-systems": [
    "index.html#ch-file-systems"
  ],
--- a/nixos/doc/manual/release-notes/rl-2511.section.md
+++ b/nixos/doc/manual/release-notes/rl-2511.section.md
@@ -80,6 +80,8 @@
 - [mautrix-discord](https://github.com/mautrix/discord), a Matrix-Discord puppeting/relay bridge. Available as [services.mautrix-discord](#opt-services.mautrix-discord.enable).
 - [Timekpr-nExT](https://mjasnik.gitlab.io/timekpr-next/), a time managing application that helps optimizing time spent at computer for your subordinates, children or even for yourself. Available as [](#opt-services.timekpr.enable).
 - [SuiteNumérique Meet](https://github.com/suitenumerique/meet) is an open source alternative to Google Meet and Zoom powered by LiveKit: HD video calls, screen sharing, and chat features. Built with Django and React. Available as [services.lasuite-meet](#opt-services.lasuite-meet.enable).
 - [lemurs](https://github.com/coastalwhite/lemurs), a customizable TUI display/login manager. Available at [services.displayManager.lemurs](#opt-services.displayManager.lemurs.enable).
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1468,6 +1468,7 @@
  ./services/security/sslmate-agent.nix
  ./services/security/step-ca.nix
  ./services/security/tang.nix
  ./services/security/timekpr.nix
  ./services/security/tor.nix
  ./services/security/torify.nix
  ./services/security/torsocks.nix
--- a/nixos/modules/services/security/timekpr.nix
+++ b/nixos/modules/services/security/timekpr.nix
@@ -0,0 +1,65 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 let
  cfg = config.services.timekpr;
  targetBaseDir = "/var/lib/timekpr";
  daemonUser = "root";
  daemonGroup = "root";
 in
 {
  options = {
    services.timekpr = {
      package = lib.mkPackageOption pkgs "timekpr" { };
      enable = lib.mkEnableOption "Timekpr-nExT, a screen time managing application that helps optimizing time spent at computer for your subordinates, children or even for yourself";
      adminUsers = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        default = [ ];
        example = [
          "alice"
          "bob"
        ];
        description = ''
          All listed users will become part of the `timekpr` group so they can manage timekpr settings without requiring sudo.
        '';
      };
    };
  };
  config = lib.mkIf cfg.enable {
    users.groups.timekpr = {
      gid = 2000;
      members = cfg.adminUsers;
    };
    environment.systemPackages = [
      # Add timekpr to system packages so that polkit can find it
      cfg.package
    ];
    services.dbus.enable = true;
    services.dbus.packages = [
      cfg.package
    ];
    environment.etc."timekpr" = {
      source = "${cfg.package}/etc/timekpr";
    };
    systemd.packages = [
      cfg.package
    ];
    systemd.services.timekpr = {
      enable = true;
      wantedBy = [ "multi-user.target" ];
    };
    security.polkit.enable = true;
    systemd.tmpfiles.rules = [
      "d ${targetBaseDir} 0755 ${daemonUser} ${daemonGroup} -"
      "d ${targetBaseDir}/config 0755 ${daemonUser} ${daemonGroup} -"
      "d ${targetBaseDir}/work 0755 ${daemonUser} ${daemonGroup} -"
    ];
  };
  meta.maintainers = [ lib.maintainers.atry ];
 }
--- a/nixos/tests/timekpr.nix
+++ b/nixos/tests/timekpr.nix
@@ -0,0 +1,17 @@
 { pkgs, lib, ... }:
 {
  name = "timekpr";
  meta.maintainers = [ lib.maintainers.atry ];
  nodes.machine =
    { pkgs, lib, ... }:
    {
      services.timekpr.enable = true;
    };
  testScript = ''
    start_all()
    machine.wait_for_file("/etc/timekpr/timekpr.conf")
    machine.wait_for_unit("timekpr.service")
  '';
 }
--- a/pkgs/by-name/ti/timekpr/package.nix
+++ b/pkgs/by-name/ti/timekpr/package.nix
@@ -0,0 +1,150 @@
 {
  fetchgit,
  gitUpdater,
  glib,
  gobject-introspection,
  gtk3,
  lib,
  python3Packages,
  sound-theme-freedesktop,
  stdenv,
  wrapGAppsHook4,
 }:
 python3Packages.buildPythonApplication rec {
  pname = "timekpr";
  version = "0.5.8";
  src = fetchgit {
    url = "https://git.launchpad.net/timekpr-next";
    tag = "v${version}";
    hash = "sha256-Y0jAKl553HjoP59wJnKBKq4Ogko1cs8uazW2dy7AlBo=";
  };
  buildInputs = [
    glib
    gtk3
  ];
  nativeBuildInputs = [
    gobject-introspection
    wrapGAppsHook4
  ];
  pyproject = true;
  build-system = with python3Packages; [
    setuptools
  ];
  dependencies = with python3Packages; [
    dbus-python
    pygobject3
    psutil
  ];
  # Generate setup.py because the upstream repository does not include it
  SETUP_PY = ''
    from setuptools import setup, find_namespace_packages
    package_dir={"timekpr": "."}
    setup(
      name="timekpr-next",
      version="${version}",
      package_dir=package_dir,
      packages=[
        f"{package_prefix}.{package_suffix}"
        for package_prefix, where in package_dir.items()
        for package_suffix in find_namespace_packages(where=where)
      ],
      install_requires=[
        ${lib.concatMapStringsSep ", " (dependency: "'${dependency.pname}'") dependencies}
      ],
    )
  '';
  postPatch = ''
    shopt -s globstar extglob nullglob
    substituteInPlace bin/* **/*.py resource/server/systemd/timekpr.service \
      --replace-quiet /usr/lib/python3/dist-packages "$out"/${lib.escapeShellArg python3Packages.python.sitePackages}
    substituteInPlace **/*.desktop **/*.policy **/*.service \
      --replace-fail /usr/bin/timekpr "$out"/bin/timekpr
    substituteInPlace common/constants/constants.py \
      --replace-fail /usr/share/sounds/freedesktop ${lib.escapeShellArg sound-theme-freedesktop}/share/sounds/freedesktop \
      --replace-fail /usr/share/timekpr "$out"/share/timekpr \
      --replace-fail /usr/share/locale "$out"/share/locale
    substituteInPlace resource/server/timekpr.conf \
      --replace-fail /usr/share/timekpr "$out"/share/timekpr \
    # The original file name `timekpra` is renamed to `..timekpra-wrapped-wrapped` because `makeCWrapper` was used multiple times.
    substituteInPlace client/admin/adminprocessor.py \
      --replace-fail '"/timekpra" in ' '"/..timekpra-wrapped-wrapped" in '
    printf %s "$SETUP_PY" > setup.py
  '';
  # We need to manually inject $PYTHONPATH here, because `buildPythonApplication` does not recognize timekpr's executables as Python scripts, and therefore it does not automatically inject $PYTHONPATH into them.
  postFixup = ''
    for executable in $out/bin/*
    do
      wrapProgram "$executable" --prefix PYTHONPATH : "$PYTHONPATH"
    done
  '';
  preInstall = ''
    while IFS= read -r line
    do
      # Trim leading/trailing whitespace
      line=$(echo "$line" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
      # Skip empty lines and comments
      if [[ -z "$line" || "$line" =~ ^# ]]; then
          continue
      fi
      # Separate source and destination
      # This assumes the destination is the last field and source path doesn't contain problematic spaces
      # More robust parsing might be needed if source paths have spaces.
      source_path=$(echo "$line" | awk '{ $NF=""; print $0 }' | sed 's/[[:space:]]*$//')
      dest_path=$(echo "$line" | awk '{ print $NF }')
      # Check destination path prefix and map to $out/*
      case "$dest_path" in
        usr/share/*)
          # Remove "usr/" prefix and prepend "$out/"
          install -D --mode=444 "$source_path" --target-directory="$out/''${dest_path#usr/}"
          ;;
        usr/bin/*)
          # Remove "usr/" prefix and prepend "$out/"
          install -D --mode=555 "$source_path" --target-directory="$out/''${dest_path#usr/}"
          ;;
        etc/*|lib/*|var/*)
          # Prepend "$out/"
          install -D --mode=444 "$source_path" --target-directory="$out/$dest_path"
          ;;
        usr/lib/python3/dist-packages/*)
          # Skip this line if the destination is a Python module
          # because it will be handled by the Python build process
          continue
          ;;
        *)
          echo "Error: Unknown destination prefix: '$dest_path'" >&2
          exit 1
          ;;
      esac
    done < debian/install
  '';
  passthru.updateScript = gitUpdater { rev-prefix = "v"; };
  meta = {
    description = "Manages and restricts user screen time by enforcing time limits";
    homepage = "https://mjasnik.gitlab.io/timekpr-next/";
    license = lib.licenses.gpl3;
    maintainers = [ lib.maintainers.atry ];
    platforms = lib.platforms.linux;
  };
 }