Deadman

github:dominicegginton/deadman

A USB-based dead man’s switch for Linux systems. Deadman monitors a tethered USB device and automatically locks all user sessions when the device is disconnected, providing physical security through systemd integration.

Features

• Real-time USB device monitoring with libusb hotplug support
• Automatic session locking via systemd-logind
• IPC-based daemon control for safe privilege separation
• GTK4/Libadwaita GUI for device selection and management
• Command-line interface for scripting and automation
• NixOS module for declarative system configuration

How It Works

Deadman runs as a system daemon (deadmand) that monitors USB devices you’ve tethered. When a tethered device is unplugged, the daemon immediately locks all active user sessions using loginctl lock-session. This provides a simple but effective physical security mechanism.

NixOS Installation

Add the flake input to your system configuration:

{
  inputs.deadman.url = "github:dominicegginton/deadman";

  outputs = { self, nixpkgs, deadman, ... }: {
    nixosConfigurations.your-hostname = nixpkgs.lib.nixosSystem {
      modules = [
        deadman.nixosModules.default
        { programs.deadman.enable = true; }
      ];
    };
  };
}

Usage

List available USB devices:

deadman

Tether a device (bus and address from device listing):

sudo deadman tether 1 5

Check daemon status:

sudo deadman status

Clear all active tethers without locking:

sudo deadman severe

Launch the GUI (automatically requests privileges when needed):

deadman-gui

Architecture

Deadman consists of four packages: deadmand (system daemon), deadman (CLI client), deadman-gui (GTK4 interface), and deadman-ipc (IPC library). The daemon requires root privileges for USB monitoring and session control, while client tools safely communicate through Unix domain sockets with user identity verification.