Moonlock

A secure Wayland lockscreen with GTK4, PAM authentication and fingerprint support. Part of the Moonarch ecosystem.

Features

• ext-session-lock-v1 — Protocol-guaranteed screen locking (compositor keeps screen locked on crash)
• PAM authentication — Uses system PAM stack (/etc/pam.d/moonlock)
• Fingerprint unlock — fprintd D-Bus integration, async init (optional, window appears instantly)
• Multi-monitor — Lockscreen on every monitor, single shared fingerprint listener
• i18n — German and English (auto-detected)
• Faillock warning — UI counter + system pam_faillock
• Panic safety — Panic hook logs but never unlocks
• Password wiping — Zeroize on drop

Requirements

• GTK 4
• gtk4-session-lock (ext-session-lock-v1 support)
• PAM (/etc/pam.d/moonlock)
• Optional: fprintd for fingerprint support

Building

cargo build --release

Installation

# Install binary
sudo install -Dm755 target/release/moonlock /usr/bin/moonlock

# Install PAM config
sudo install -Dm644 config/moonlock-pam /etc/pam.d/moonlock

# Optional: Install example config
sudo install -Dm644 config/moonlock.toml.example /etc/moonlock/moonlock.toml.example

Configuration

Create /etc/moonlock/moonlock.toml or ~/.config/moonlock/moonlock.toml:

background_path = "/usr/share/wallpapers/moon.jpg"
fingerprint_enabled = true

Usage

Typically launched via keybind in your Wayland compositor:

# Niri keybind example
binds {
    Mod+L { spawn "moonlock"; }
}

Development

cargo test
cargo build --release
LD_PRELOAD=/usr/lib/libgtk4-layer-shell.so ./target/release/moonlock

License

MIT