From 397f9ff3a8086401ea484afca0b4cd665792b71d Mon Sep 17 00:00:00 2001
From: hustlerone <nine-ball@tutanota.com>
Date: Wed, 11 Dec 2024 12:19:49 +0100
Subject: [PATCH] nixos/unl0kr: match the password agent with upstream

---
 nixos/modules/system/boot/unl0kr.nix | 57 ++++++++++++++--------------
 1 file changed, 28 insertions(+), 29 deletions(-)

diff --git a/nixos/modules/system/boot/unl0kr.nix b/nixos/modules/system/boot/unl0kr.nix
index b18f9f064ec46..1be6484266c7f 100644
--- a/nixos/modules/system/boot/unl0kr.nix
+++ b/nixos/modules/system/boot/unl0kr.nix
@@ -92,52 +92,51 @@ in
         (lib.getExe' cfg.package "unl0kr")
       ];
       services = {
-        unl0kr-ask-password = {
-          description = "Forward Password Requests to unl0kr";
+        unl0kr-agent = {
+          description = "Dispatch Password Requests to unl0kr";
+
+          unitConfig.DefaultDependencies = false;
+          unitConfig.ConditionPathExists = "!/run/plymouth/pid";
+
+          after = [
+            "plymouth-start.service"
+          ];
           conflicts = [
             "emergency.service"
-            "initrd-switch-root.target"
             "shutdown.target"
+            "initrd-switch-root.target"
           ];
-          unitConfig.DefaultDependencies = false;
-          after = [
-            "systemd-vconsole-setup.service"
-            "udev.service"
+          before = [
+            "emergency.service"
+            "shutdown.target"
+            "initrd-switch-root.target"
           ];
-          before = [ "shutdown.target" ];
-          script = ''
-            # This script acts as a Password Agent: https://systemd.io/PASSWORD_AGENTS/
-
-            DIR=/run/systemd/ask-password/
-            # If a user has multiple encrypted disks, the requests might come in different times,
-            # so make sure to answer as many requests as we can. Once boot succeeds, other
-            # password agents will be responsible for watching for requests.
-            while [ -d $DIR ] && [ "$(ls -A $DIR/ask.*)" ];
-            do
-              for file in `ls $DIR/ask.*`; do
-                socket="$(cat "$file" | ${pkgs.gnugrep}/bin/grep "Socket=" | cut -d= -f2)"
-                ${lib.getExe' cfg.package "unl0kr"} -v -C "/etc/unl0kr.conf" | ${config.boot.initrd.systemd.package}/lib/systemd/systemd-reply-password 1 "$socket"
-              done
-            done
-          '';
+
+          serviceConfig.ExecStart = "${cfg.package}/libexec/unl0kr-agent";
         };
       };
 
       paths = {
-        unl0kr-ask-password = {
-          description = "Forward Password Requests to unl0kr";
+        unl0kr-agent = {
+          description = "Dispatch Password Requests to unl0kr Directory Watch";
+
+          unitConfig.DefaultDependencies = false;
+          unitConfig.ConditionPathExists = "!/run/plymouth/pid";
+          
+          after = [
+            "plymouth-start.service"
+          ];
           conflicts = [
             "emergency.service"
-            "initrd-switch-root.target"
             "shutdown.target"
           ];
-          unitConfig.DefaultDependencies = false;
           before = [
-            "shutdown.target"
             "paths.target"
             "cryptsetup.target"
+            "emergency.service"
+            "shutdown.target"
           ];
-          wantedBy = [ "sysinit.target" ];
+
           pathConfig = {
             DirectoryNotEmpty = "/run/systemd/ask-password";
             MakeDirectory = true;