Go to file

nevaforget 39d9cbb624 fix: audit fixes — RefCell across await, async avatar decode (v0.6.10)

- init_fingerprint_async: hoist username before the await so a concurrent
  connect_monitor signal (hotplug / suspend-resume) cannot cause a RefCell
  panic. Re-borrow after the await for signal wiring.
- set_avatar_from_file: decode via gio::File::read_future +
  Pixbuf::from_stream_at_scale_future so the GTK main thread stays
  responsive during monitor hotplug. Default icon shown while loading.

2026-04-24 12:34:00 +02:00

.gitea/workflows

Remove unnecessary pacman git install from CI workflow

2026-04-02 08:28:08 +02:00

config

Add security hardening, config system, and integration tests

2026-03-26 12:36:58 +01:00

pkg

feat: switch logging to systemd journal (v0.4.2)

2026-03-28 01:11:48 +01:00

resources

style: replace hardcoded colors with GTK theme variables

2026-04-09 14:51:29 +02:00

src

fix: audit fixes — RefCell across await, async avatar decode (v0.6.10)

2026-04-24 12:34:00 +02:00

.gitignore

Rewrite moonlock from Python to Rust (v0.4.0)

2026-03-27 23:09:54 +01:00

build.rs

docs: update README features and fix build.rs comment

2026-03-31 09:34:06 +02:00

Cargo.lock

fix: audit fixes — RefCell across await, async avatar decode (v0.6.10)

2026-04-24 12:34:00 +02:00

Cargo.toml

fix: audit fixes — RefCell across await, async avatar decode (v0.6.10)

2026-04-24 12:34:00 +02:00

CLAUDE.md

docs: drop Nyx persona, unify attribution on ClaudeCode

2026-04-21 09:03:23 +02:00

DECISIONS.md

fix: audit fixes — RefCell across await, async avatar decode (v0.6.10)

2026-04-24 12:34:00 +02:00

README.md

fix: handle monitor hotplug to survive suspend/resume (v0.6.9)

2026-04-09 14:48:06 +02:00

README.md

Moonlock

A secure Wayland lockscreen with GTK4, PAM authentication and fingerprint support. Part of the Moonarch ecosystem.

Features

ext-session-lock-v1 — Protocol-guaranteed screen locking (compositor keeps screen locked on crash, exit(1) in release if unsupported)
PAM authentication — Uses system PAM stack (/etc/pam.d/moonlock) with 30s timeout and generation counter
Fingerprint unlock — fprintd D-Bus integration with sender validation, async init (window appears instantly), pam_acct_mgmt check after verify, auto-resume on transient errors
Multi-monitor + hotplug — Lockscreen on every monitor with shared blur and avatar caches; monitors added after suspend/resume get windows automatically via connect_monitor signal
GPU blur — Background blur via GskBlurNode (downscale to max 1920px, configurable 0–100)
i18n — German and English (auto-detected)
Faillock warning — Progressive UI warning after failed attempts, PAM decides lockout
Panic safety — Panic hook logs but never unlocks (installed before logging)
Password wiping — Zeroize on drop from GTK entry through PAM FFI layer
Journal logging — journalctl -t moonlock, debug level via MOONLOCK_DEBUG env var

Requirements

GTK 4
gtk4-session-lock (ext-session-lock-v1 support)
PAM (/etc/pam.d/moonlock)
Optional: fprintd for fingerprint support

Building

cargo build --release

Installation

# Install binary
sudo install -Dm755 target/release/moonlock /usr/bin/moonlock

# Install PAM config
sudo install -Dm644 config/moonlock-pam /etc/pam.d/moonlock

# Optional: Install example config
sudo install -Dm644 config/moonlock.toml.example /etc/moonlock/moonlock.toml.example

Configuration

Create /etc/moonlock/moonlock.toml or ~/.config/moonlock/moonlock.toml:

background_path = "/usr/share/wallpapers/moon.jpg"
background_blur = 40.0    # 0.0–100.0, optional
fingerprint_enabled = true

Usage

Typically launched via keybind in your Wayland compositor:

# Niri keybind example
binds {
    Mod+L { spawn "moonlock"; }
}

Development

cargo test
cargo build --release
LD_PRELOAD=/usr/lib/libgtk4-layer-shell.so ./target/release/moonlock

License

MIT

README.md Unescape Escape

Moonlock

Features

Requirements

Building

Installation

Configuration

Usage

Development

License

README.md