dnd-daemon 0.0.1__tar.gz

dnd_daemon-0.0.1/.github/workflows/lint.yml

@@ -0,0 +1,39 @@
+name: Lint
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        fetch-tags: true
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev]"
+
+    - name: Black
+      run: black --check src/dnd
+
+    - name: isort
+      run: isort --check-only src/dnd
+
+    - name: Pyright
+      run: pyright
+
+    - name: Codespell
+      run: codespell src/dnd

dnd_daemon-0.0.1/.github/workflows/publish.yml

@@ -0,0 +1,51 @@
+name: Publish Release to PyPI
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+
+env:
+  IS_NIGHTLY_BUILD: "false"
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        fetch-tags: true
+        ref: ${{ github.event.release.tag_name || github.ref }}
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install build dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install build twine setuptools setuptools-scm wheel
+
+    - name: Verify version from tag
+      run: |
+        git describe --tags
+        python -c "from setuptools_scm import get_version; print('Version:', get_version())"
+
+    - name: Build distribution
+      run: |
+        python -m build
+
+    - name: Check distribution
+      run: |
+        twine check dist/*
+        ls -la dist/
+
+    - name: Publish to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1

dnd_daemon-0.0.1/.github/workflows/publish_nightly.yml

@@ -0,0 +1,48 @@
+name: Publish Nightly to Test PyPI
+
+on:
+  # schedule:
+  #   - cron: '0 8 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+
+env:
+  IS_NIGHTLY_BUILD: "true"
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        fetch-tags: true
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install build dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install build twine setuptools setuptools-scm wheel
+
+    - name: Build distribution
+      run: |
+        python -m build
+
+    - name: Check distribution
+      run: |
+        twine check dist/*
+        ls -la dist/
+
+    - name: Publish to Test PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        repository-url: https://test.pypi.org/legacy/
+        skip-existing: true

dnd_daemon-0.0.1/.github/workflows/test.yml

@@ -0,0 +1,31 @@
+name: Tests
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        fetch-tags: true
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev]"
+
+    - name: Run tests
+      run: |
+        pytest tests/ -v --tb=short --cov=dnd --cov-report=xml --cov-report=term-missing

dnd_daemon-0.0.1/.gitignore

@@ -0,0 +1,10 @@
+__pycache__/
+*.pyc
+*.egg-info/
+dist/
+build/
+*.log
+.nfs*
+src/dnd/_version.py
+.pytest_cache/
+test_reports/

dnd_daemon-0.0.1/Makefile

@@ -0,0 +1,81 @@
+# dnd-daemon Makefile
+
+SHELL := bash
+.DEFAULT_GOAL := help
+
+.PHONY: help
+help: ## show this help message
+	@echo "dnd-daemon Development Tools"
+	@echo ""
+	@echo "Usage: make <target>"
+	@echo ""
+	@echo "Targets:"
+	@awk 'BEGIN {FS = ":.*##"; printf "\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Setup
+
+.PHONY: install install-dev
+install: ## install the package
+	pip install .
+
+install-dev: ## install in development mode
+	pip install -e ".[dev]"
+
+##@ Linting
+
+.PHONY: lint lint/black lint/isort lint/autoflake lint/pyright lint/codespell format format/black format/isort format/autoflake
+lint: lint/black lint/isort lint/autoflake lint/pyright lint/codespell ## run all linters
+
+lint/black: ## check style with black
+	black --check src/dnd
+
+lint/isort: ## check import order
+	isort --check-only src/dnd
+
+lint/autoflake: ## check for unused imports
+	autoflake --recursive --remove-all-unused-imports --check src/dnd
+
+lint/pyright: ## run type checking
+	pyright
+
+lint/codespell: ## check for misspellings
+	codespell src/dnd
+
+format: format/autoflake format/isort format/black ## format all code
+
+format/black: ## format code with black
+	black src/dnd
+
+format/isort: ## format imports with isort
+	isort src/dnd
+
+format/autoflake: ## remove unused imports
+	autoflake --recursive --remove-all-unused-imports --in-place src/dnd
+
+##@ Testing
+
+.PHONY: test test/unit test/coverage
+test: test/unit ## run all tests
+
+test/unit: ## run unit tests
+	pytest tests/ -v --tb=short
+
+test/coverage: ## run tests with coverage
+	pytest --cov=dnd --cov-report=term-missing
+
+##@ Building
+
+.PHONY: build clean
+build: clean ## build the package
+	python -m build
+
+clean: ## clean build artifacts
+	rm -rf build/ dist/ *.egg-info/ src/*.egg-info/ .pytest_cache/
+	find . -type d -name __pycache__ -exec rm -rf {} +
+	find . -type f -name "*.pyc" -delete
+
+##@ Release
+
+.PHONY: version
+version: ## show current version
+	python -c "import dnd; print(dnd.__version__)"

dnd_daemon-0.0.1/PKG-INFO

@@ -0,0 +1,137 @@
+Metadata-Version: 2.4
+Name: dnd-daemon
+Version: 0.0.1
+Summary: Do-Not-Disturb process enforcer — kill processes from unauthorized users on shared machines
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/AgrawalAmey/dnd-daemon
+Project-URL: Bug Tracker, https://github.com/AgrawalAmey/dnd-daemon/issues
+Keywords: process,enforcer,daemon,shared,machine,reservation
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: No Input/Output (Daemon)
+Classifier: Intended Audience :: System Administrators
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: System :: Systems Administration
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Provides-Extra: dev
+Requires-Dist: pytest>=7.4.0; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+Requires-Dist: black>=23.0.0; extra == "dev"
+Requires-Dist: isort>=5.12.0; extra == "dev"
+Requires-Dist: autoflake; extra == "dev"
+Requires-Dist: codespell; extra == "dev"
+Requires-Dist: pyright>=1.1.300; extra == "dev"
+Requires-Dist: build>=1.0.0; extra == "dev"
+
+# dnd — Do Not Disturb
+
+Process enforcer for shared machines. Monitors running processes and kills
+anything owned by users who aren't on the allowed list. Designed for
+honor-code reservation systems where some users don't follow the rules.
+
+## Quick start
+
+No install needed — run directly with [`uvx`](https://docs.astral.sh/uv/):
+
+```bash
+# Allow everyone by default, block specific users:
+uvx dnd-daemon allow '*'
+uvx dnd-daemon block debopman
+
+# Start the daemon (foreground, for testing):
+uvx dnd-daemon run --dry-run
+
+# Start for real:
+uvx dnd-daemon run
+```
+
+## Install
+
+For persistent use, install globally with `uv`:
+
+```bash
+uv tool install dnd-daemon
+```
+
+Then use `dnd` directly:
+
+```bash
+dnd allow '*'
+dnd block debopman
+dnd run
+```
+
+Alternatively, install with pip:
+
+```bash
+pip install dnd-daemon
+```
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `dnd run` | Start the enforcement daemon |
+| `dnd allow <users...>` | Add users to the allowed list (also unblocks them) |
+| `dnd block <users...>` | Add users to the blocked list (also removes from allowed) |
+| `dnd list` | Show current allowed and blocked users |
+| `dnd install` | Install as a systemd service (requires `sudo`) |
+| `dnd uninstall` | Remove the systemd service (requires `sudo`) |
+| `dnd status` | Show systemd service status |
+
+### `dnd run` options
+
+- `--dry-run` — log what would be killed without actually killing
+- `--daemon` — fork into background
+- `--interval N` — seconds between scans (default: 10)
+- `--verbose` — debug-level logging
+
+### Wildcards
+
+Use `*` in the allowed list to allow everyone by default. The blocked list
+always takes priority over the wildcard:
+
+```bash
+dnd allow '*'       # everyone is allowed
+dnd block baduser   # ...except baduser
+```
+
+## Configuration
+
+User lists are stored in `~/.cache/dnd/`:
+
+```
+~/.cache/dnd/
+  allowed_users.txt
+  blocked_users.txt
+  dnd.log
+```
+
+Override with `--allow-config` and `--block-config`:
+
+```bash
+dnd --allow-config /path/to/allowed.txt list
+```
+
+## Systemd service
+
+```bash
+sudo dnd install    # creates, enables, and starts the service
+sudo dnd uninstall  # stops, disables, and removes the service
+dnd status          # show service status
+```
+
+The service runs as the installing user with `CAP_KILL` for permission to
+terminate other users' processes. Config changes via `dnd allow` / `dnd block`
+are automatically picked up (the daemon reloads on SIGHUP).
+
+## How it works
+
+1. Scans `/proc` every 10 seconds for all running processes
+2. Skips system/service accounts (UID <= 999, known service names)
+3. Checks each remaining process owner against the allowed/blocked lists
+4. Sends SIGTERM, waits 5 seconds, then SIGKILL if still alive

dnd_daemon-0.0.1/README.md

@@ -0,0 +1,108 @@
+# dnd — Do Not Disturb
+
+Process enforcer for shared machines. Monitors running processes and kills
+anything owned by users who aren't on the allowed list. Designed for
+honor-code reservation systems where some users don't follow the rules.
+
+## Quick start
+
+No install needed — run directly with [`uvx`](https://docs.astral.sh/uv/):
+
+```bash
+# Allow everyone by default, block specific users:
+uvx dnd-daemon allow '*'
+uvx dnd-daemon block debopman
+
+# Start the daemon (foreground, for testing):
+uvx dnd-daemon run --dry-run
+
+# Start for real:
+uvx dnd-daemon run
+```
+
+## Install
+
+For persistent use, install globally with `uv`:
+
+```bash
+uv tool install dnd-daemon
+```
+
+Then use `dnd` directly:
+
+```bash
+dnd allow '*'
+dnd block debopman
+dnd run
+```
+
+Alternatively, install with pip:
+
+```bash
+pip install dnd-daemon
+```
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `dnd run` | Start the enforcement daemon |
+| `dnd allow <users...>` | Add users to the allowed list (also unblocks them) |
+| `dnd block <users...>` | Add users to the blocked list (also removes from allowed) |
+| `dnd list` | Show current allowed and blocked users |
+| `dnd install` | Install as a systemd service (requires `sudo`) |
+| `dnd uninstall` | Remove the systemd service (requires `sudo`) |
+| `dnd status` | Show systemd service status |
+
+### `dnd run` options
+
+- `--dry-run` — log what would be killed without actually killing
+- `--daemon` — fork into background
+- `--interval N` — seconds between scans (default: 10)
+- `--verbose` — debug-level logging
+
+### Wildcards
+
+Use `*` in the allowed list to allow everyone by default. The blocked list
+always takes priority over the wildcard:
+
+```bash
+dnd allow '*'       # everyone is allowed
+dnd block baduser   # ...except baduser
+```
+
+## Configuration
+
+User lists are stored in `~/.cache/dnd/`:
+
+```
+~/.cache/dnd/
+  allowed_users.txt
+  blocked_users.txt
+  dnd.log
+```
+
+Override with `--allow-config` and `--block-config`:
+
+```bash
+dnd --allow-config /path/to/allowed.txt list
+```
+
+## Systemd service
+
+```bash
+sudo dnd install    # creates, enables, and starts the service
+sudo dnd uninstall  # stops, disables, and removes the service
+dnd status          # show service status
+```
+
+The service runs as the installing user with `CAP_KILL` for permission to
+terminate other users' processes. Config changes via `dnd allow` / `dnd block`
+are automatically picked up (the daemon reloads on SIGHUP).
+
+## How it works
+
+1. Scans `/proc` every 10 seconds for all running processes
+2. Skips system/service accounts (UID <= 999, known service names)
+3. Checks each remaining process owner against the allowed/blocked lists
+4. Sends SIGTERM, waits 5 seconds, then SIGKILL if still alive

dnd_daemon-0.0.1/pyproject.toml

@@ -0,0 +1,72 @@
+[build-system]
+requires = ["setuptools>=69", "setuptools-scm>=8", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "dnd-daemon"
+dynamic = ["version"]
+description = "Do-Not-Disturb process enforcer — kill processes from unauthorized users on shared machines"
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.10"
+keywords = ["process", "enforcer", "daemon", "shared", "machine", "reservation"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Environment :: No Input/Output (Daemon)",
+    "Intended Audience :: System Administrators",
+    "Operating System :: POSIX :: Linux",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: System :: Systems Administration",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.4.0",
+    "pytest-cov",
+    "black>=23.0.0",
+    "isort>=5.12.0",
+    "autoflake",
+    "codespell",
+    "pyright>=1.1.300",
+    "build>=1.0.0",
+]
+
+[project.urls]
+Homepage = "https://github.com/AgrawalAmey/dnd-daemon"
+"Bug Tracker" = "https://github.com/AgrawalAmey/dnd-daemon/issues"
+
+[project.scripts]
+dnd = "dnd.cli:main"
+
+[tool.black]
+line-length = 88
+target-version = ['py310']
+
+[tool.isort]
+profile = "black"
+multi_line_output = 3
+line_length = 88
+known_first_party = ["dnd"]
+
+[tool.autoflake]
+remove-all-unused-imports = true
+recursive = true
+in-place = true
+remove-unused-variables = true
+ignore-init-module-imports = true
+
+[tool.pyright]
+include = ["src/dnd"]
+exclude = ["**/__pycache__", "tests"]
+reportMissingImports = false
+pythonVersion = "3.10"
+
+[tool.codespell]
+skip = "*.log"
+
+[tool.setuptools.packages.find]
+where = ["src"]
+include = ["dnd*"]

dnd_daemon-0.0.1/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

dnd_daemon-0.0.1/setup.py

@@ -0,0 +1,35 @@
+"""Setup script for dnd-daemon package.
+
+Uses setuptools_scm to determine version from git tags.
+"""
+
+import os
+from datetime import datetime
+
+from setuptools import setup
+from setuptools_scm import get_version
+
+
+def get_dnd_version() -> str:
+    """Get version string, handling release and nightly builds."""
+    version = get_version(
+        write_to="src/dnd/_version.py",
+    )
+
+    is_nightly_build = os.getenv("IS_NIGHTLY_BUILD", "false") == "true"
+
+    if is_nightly_build:
+        base = version.split(".dev")[0] if ".dev" in version else version.split("+")[0]
+        version = f"{base}.dev{datetime.now().strftime('%Y%m%d%H')}"
+    else:
+        if ".dev" in version:
+            version = version.split(".dev")[0]
+        elif "+" in version:
+            version = version.split("+")[0]
+
+    return version
+
+
+setup(
+    version=get_dnd_version(),
+)

dnd_daemon-0.0.1/src/dnd/__init__.py

@@ -0,0 +1,6 @@
+"""dnd — Do-Not-Disturb process enforcer daemon."""
+
+try:
+    from ._version import version as __version__
+except ImportError:
+    __version__ = "0.0.0"

dnd_daemon-0.0.1/src/dnd/__main__.py

@@ -0,0 +1,5 @@
+"""Allow running as `python -m dnd`."""
+
+from .cli import main
+
+main()

dnd_daemon-0.0.1/src/dnd/_version.py

@@ -0,0 +1,24 @@
+# file generated by vcs-versioning
+# don't change, don't track in version control
+from __future__ import annotations
+
+__all__ = [
+    "__version__",
+    "__version_tuple__",
+    "version",
+    "version_tuple",
+    "__commit_id__",
+    "commit_id",
+]
+
+version: str
+__version__: str
+__version_tuple__: tuple[int | str, ...]
+version_tuple: tuple[int | str, ...]
+commit_id: str | None
+__commit_id__: str | None
+
+__version__ = version = '0.0.1'
+__version_tuple__ = version_tuple = (0, 0, 1)
+
+__commit_id__ = commit_id = 'g85a003a42'

dnd_daemon-0.0.1/src/dnd/cli.py

@@ -0,0 +1,130 @@
+"""CLI entry point for dnd."""
+
+import argparse
+from pathlib import Path
+
+from .config import (
+    DEFAULT_ALLOW_CONFIG,
+    DEFAULT_BLOCK_CONFIG,
+    SCAN_INTERVAL,
+    ALLOW_HEADER,
+    BLOCK_HEADER,
+    ensure_config_dir,
+    load_user_list,
+    save_user_list,
+)
+from .daemon import cmd_run
+from .service import cmd_install, cmd_uninstall, cmd_status, signal_daemon
+
+
+def _print_status(allowed: set[str], blocked: set[str]) -> None:
+    if "*" in allowed:
+        named = sorted(allowed - {"*"})
+        if named:
+            print(f"Allowed: * (everyone) + explicitly: {', '.join(named)}")
+        else:
+            print("Allowed: * (everyone)")
+    elif allowed:
+        print(f"Allowed: {', '.join(sorted(allowed))}")
+    else:
+        print("Allowed: (none)")
+    if blocked:
+        print(f"Blocked: {', '.join(sorted(blocked))}")
+    else:
+        print("Blocked: (none)")
+
+
+def cmd_allow(args: argparse.Namespace) -> None:
+    allowed = load_user_list(args.allow_config, log=False)
+    blocked = load_user_list(args.block_config, log=False)
+    added = []
+    for name in args.users:
+        if name not in allowed:
+            allowed.add(name)
+            added.append(name)
+        blocked.discard(name)
+    save_user_list(args.allow_config, allowed, ALLOW_HEADER)
+    save_user_list(args.block_config, blocked, BLOCK_HEADER)
+    if added:
+        print(f"Allowed: {', '.join(sorted(added))}")
+        signal_daemon()
+    else:
+        print("All specified users were already allowed.")
+    _print_status(allowed, blocked)
+
+
+def cmd_block(args: argparse.Namespace) -> None:
+    allowed = load_user_list(args.allow_config, log=False)
+    blocked = load_user_list(args.block_config, log=False)
+    added = []
+    for name in args.users:
+        if name not in blocked:
+            blocked.add(name)
+            added.append(name)
+        allowed.discard(name)
+    save_user_list(args.allow_config, allowed, ALLOW_HEADER)
+    save_user_list(args.block_config, blocked, BLOCK_HEADER)
+    if added:
+        print(f"Blocked: {', '.join(sorted(added))}")
+        signal_daemon()
+    else:
+        print("All specified users were already blocked.")
+    _print_status(allowed, blocked)
+
+
+def cmd_list(args: argparse.Namespace) -> None:
+    allowed = load_user_list(args.allow_config, log=False)
+    blocked = load_user_list(args.block_config, log=False)
+    _print_status(allowed, blocked)
+
+
+def main() -> None:
+    ensure_config_dir()
+
+    parser = argparse.ArgumentParser(
+        prog="dnd",
+        description="Do-Not-Disturb — kill processes from unauthorized users on shared machines",
+    )
+    parser.add_argument("--allow-config", type=Path, default=DEFAULT_ALLOW_CONFIG,
+                        help="Path to allowed-users file (default: %(default)s)")
+    parser.add_argument("--block-config", type=Path, default=DEFAULT_BLOCK_CONFIG,
+                        help="Path to blocked-users file (default: %(default)s)")
+    sub = parser.add_subparsers(dest="command")
+
+    # run
+    run_p = sub.add_parser("run", help="Start the enforcement daemon")
+    run_p.add_argument("--interval", type=int, default=SCAN_INTERVAL,
+                       help="Seconds between scans (default: %(default)s)")
+    run_p.add_argument("--dry-run", action="store_true",
+                       help="Log but don't actually kill anything")
+    run_p.add_argument("--daemon", action="store_true",
+                       help="Fork into background")
+    run_p.add_argument("--verbose", action="store_true")
+
+    # allow / block / list
+    allow_p = sub.add_parser("allow", help="Add users to the allowed list")
+    allow_p.add_argument("users", nargs="+", help="Usernames to allow (use * for everyone)")
+    block_p = sub.add_parser("block", help="Add users to the blocked list")
+    block_p.add_argument("users", nargs="+", help="Usernames to block")
+    sub.add_parser("list", help="Show current allowed and blocked users")
+
+    # service management
+    sub.add_parser("install", help="Install as a systemd service (requires root)")
+    sub.add_parser("uninstall", help="Remove the systemd service (requires root)")
+    sub.add_parser("status", help="Show systemd service status")
+
+    args = parser.parse_args()
+
+    commands = {
+        "run": cmd_run,
+        "allow": cmd_allow,
+        "block": cmd_block,
+        "list": cmd_list,
+        "install": cmd_install,
+        "uninstall": cmd_uninstall,
+        "status": cmd_status,
+    }
+    if args.command in commands:
+        commands[args.command](args)
+    else:
+        parser.print_help()

dnd_daemon-0.0.1/src/dnd/config.py

@@ -0,0 +1,75 @@
+"""Constants, paths, and user-list I/O."""
+
+import logging
+from pathlib import Path
+
+# ---------------------------------------------------------------------------
+# Paths — all runtime data lives in ~/.cache/dnd/
+# ---------------------------------------------------------------------------
+CONFIG_DIR = Path.home() / ".cache" / "dnd"
+
+DEFAULT_ALLOW_CONFIG = CONFIG_DIR / "allowed_users.txt"
+DEFAULT_BLOCK_CONFIG = CONFIG_DIR / "blocked_users.txt"
+LOG_FILE = CONFIG_DIR / "dnd.log"
+
+SCAN_INTERVAL = 10  # seconds between sweeps
+KILL_GRACE = 5      # seconds between SIGTERM and SIGKILL
+
+ALLOW_HEADER = "# Allowed users — one per line. Use * to allow everyone by default.\n"
+BLOCK_HEADER = "# Blocked users — one per line. Blocked users override * in allowed list.\n"
+
+# System / service accounts whose processes must never be touched.
+SYSTEM_USERS = frozenset({
+    "root", "daemon", "bin", "sys", "sync", "games", "man", "lp", "mail",
+    "news", "uucp", "proxy", "www-data", "backup", "list", "irc", "gnats",
+    "nobody", "systemd-network", "systemd-resolve", "systemd-timesync",
+    "messagebus", "syslog", "uuidd", "tcpdump", "ntp", "_chrony", "_rpc",
+    "statd", "sensu", "dbus", "polkitd", "avahi", "colord", "pulse",
+    "rtkit", "geoclue", "gdm", "sssd", "chrony", "cortexuser",
+    "service", "serviceuser",
+})
+
+SYSTEM_UID_MAX = 999
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+def ensure_config_dir() -> None:
+    """Create ~/.cache/dnd/ and seed empty config files if needed."""
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+    if not DEFAULT_ALLOW_CONFIG.exists():
+        DEFAULT_ALLOW_CONFIG.write_text(ALLOW_HEADER)
+    if not DEFAULT_BLOCK_CONFIG.exists():
+        DEFAULT_BLOCK_CONFIG.write_text(BLOCK_HEADER)
+
+
+def load_user_list(config_path: Path, log: bool = True) -> set[str]:
+    """Return the set of usernames from a config file."""
+    users: set[str] = set()
+    try:
+        for line in config_path.read_text().splitlines():
+            line = line.strip()
+            if line and not line.startswith("#"):
+                users.add(line)
+    except FileNotFoundError:
+        if log:
+            logging.error("Config file not found: %s", config_path)
+    return users
+
+
+def save_user_list(config_path: Path, users: set[str], header: str) -> None:
+    """Write a user set back to a config file with the given header."""
+    config_path.write_text(header + "\n".join(sorted(users)) + "\n")
+
+
+def is_system_account(uid: int, username: str) -> bool:
+    """Return True if this looks like a system / service account."""
+    if uid <= SYSTEM_UID_MAX:
+        return True
+    if username in SYSTEM_USERS:
+        return True
+    if username.startswith("_"):
+        return True
+    return False

dnd_daemon-0.0.1/src/dnd/daemon.py

@@ -0,0 +1,135 @@
+"""Core daemon loop: process scanning, filtering, and killing."""
+
+import argparse
+import logging
+import os
+import pwd
+import signal
+import sys
+import time
+from pathlib import Path
+
+from .config import (
+    KILL_GRACE,
+    LOG_FILE,
+    is_system_account,
+    load_user_list,
+)
+
+
+def setup_logging(verbose: bool) -> None:
+    handlers = [logging.StreamHandler(), logging.FileHandler(LOG_FILE)]
+    logging.basicConfig(
+        level=logging.DEBUG if verbose else logging.INFO,
+        format="%(asctime)s  %(levelname)-8s  %(message)s",
+        handlers=handlers,
+    )
+
+
+def iter_user_processes():
+    """Yield (pid, uid, username, proc_name) for every visible process."""
+    my_pid = os.getpid()
+    for entry in Path("/proc").iterdir():
+        if not entry.name.isdigit():
+            continue
+        pid = int(entry.name)
+        if pid in (1, 2, my_pid):
+            continue
+        try:
+            status = (entry / "status").read_text()
+        except (PermissionError, FileNotFoundError, ProcessLookupError):
+            continue
+        uid = None
+        name = None
+        for sline in status.splitlines():
+            if sline.startswith("Uid:"):
+                uid = int(sline.split()[1])
+            if sline.startswith("Name:"):
+                name = sline.split("\t", 1)[1].strip()
+        if uid is None:
+            continue
+        try:
+            username = pwd.getpwuid(uid).pw_name
+        except KeyError:
+            continue
+        yield pid, uid, username, name or "(unknown)"
+
+
+def kill_process(pid: int, username: str, proc_name: str, dry_run: bool) -> None:
+    """SIGTERM -> grace period -> SIGKILL."""
+    if dry_run:
+        logging.warning("[DRY RUN] Would kill PID %d (%s) owned by %s", pid, proc_name, username)
+        return
+    logging.warning("Sending SIGTERM to PID %d (%s) owned by %s", pid, proc_name, username)
+    try:
+        os.kill(pid, signal.SIGTERM)
+    except ProcessLookupError:
+        return
+    except PermissionError:
+        logging.error("Permission denied killing PID %d — need root or CAP_KILL?", pid)
+        return
+    time.sleep(KILL_GRACE)
+    try:
+        os.kill(pid, 0)
+        logging.warning("PID %d still alive, sending SIGKILL", pid)
+        os.kill(pid, signal.SIGKILL)
+    except ProcessLookupError:
+        pass
+    except PermissionError:
+        logging.error("Permission denied sending SIGKILL to PID %d", pid)
+
+
+def is_user_allowed(username: str, allowed: set[str], blocked: set[str]) -> bool:
+    """Blocked list always wins over wildcard."""
+    if username in blocked:
+        return False
+    return "*" in allowed or username in allowed
+
+
+def scan_and_enforce(allowed: set[str], blocked: set[str], dry_run: bool) -> int:
+    """One sweep. Returns the number of processes killed."""
+    killed = 0
+    for pid, uid, username, proc_name in iter_user_processes():
+        if is_system_account(uid, username):
+            continue
+        if is_user_allowed(username, allowed, blocked):
+            continue
+        kill_process(pid, username, proc_name, dry_run)
+        killed += 1
+    return killed
+
+
+def cmd_run(args: argparse.Namespace) -> None:
+    """Run the enforcement daemon."""
+    if args.daemon:
+        pid = os.fork()
+        if pid > 0:
+            print(f"dnd daemon started (PID {pid})")
+            sys.exit(0)
+        os.setsid()
+
+    setup_logging(args.verbose)
+    logging.info("dnd starting (PID %d, interval %ds, dry_run=%s)",
+                 os.getpid(), args.interval, args.dry_run)
+
+    allowed = load_user_list(args.allow_config)
+    blocked = load_user_list(args.block_config)
+    logging.info("Allowed: %s  |  Blocked: %s", sorted(allowed), sorted(blocked))
+
+    def handle_hup(*_):
+        nonlocal allowed, blocked
+        logging.info("SIGHUP received — reloading config")
+        allowed = load_user_list(args.allow_config)
+        blocked = load_user_list(args.block_config)
+        logging.info("Allowed: %s  |  Blocked: %s", sorted(allowed), sorted(blocked))
+
+    signal.signal(signal.SIGHUP, handle_hup)
+
+    try:
+        while True:
+            killed = scan_and_enforce(allowed, blocked, args.dry_run)
+            if killed:
+                logging.info("Killed %d unauthorized process(es) this sweep", killed)
+            time.sleep(args.interval)
+    except KeyboardInterrupt:
+        logging.info("dnd shutting down")

dnd_daemon-0.0.1/src/dnd/service.py

@@ -0,0 +1,108 @@
+"""Systemd service install / uninstall / status."""
+
+import argparse
+import os
+import shutil
+import subprocess
+import sys
+from pathlib import Path
+
+SERVICE_NAME = "dnd"
+UNIT_PATH = Path(f"/etc/systemd/system/{SERVICE_NAME}.service")
+
+UNIT_TEMPLATE = """\
+[Unit]
+Description=Do-Not-Disturb process enforcer
+After=network-online.target nss-user-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User={user}
+ExecStart={dnd_bin} run
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=5
+AmbientCapabilities=CAP_KILL
+CapabilityBoundingSet=CAP_KILL
+
+[Install]
+WantedBy=multi-user.target
+"""
+
+
+def _require_root(action: str) -> None:
+    if os.geteuid() != 0:
+        sys.exit(f"Error: {action} requires root. Run with sudo.")
+
+
+def _resolve_dnd_bin() -> str:
+    """Find the installed `dnd` entry-point binary."""
+    path = shutil.which("dnd")
+    if path:
+        return str(Path(path).resolve())
+    # Fallback: use the current interpreter + module.
+    return f"{sys.executable} -m dnd"
+
+
+def signal_daemon() -> None:
+    """Send SIGHUP to a running dnd daemon so it reloads config."""
+    result = subprocess.run(
+        ["systemctl", "reload", SERVICE_NAME],
+        capture_output=True, text=True,
+    )
+    if result.returncode == 0:
+        print("Reloaded dnd service.")
+        return
+    # Fallback for manual `dnd run` invocations.
+    result = subprocess.run(
+        ["pgrep", "-f", r"dnd.*run"],
+        capture_output=True, text=True,
+    )
+    for pid_str in result.stdout.split():
+        try:
+            os.kill(int(pid_str), 1)  # SIGHUP
+            print(f"Sent SIGHUP to running daemon (PID {pid_str}).")
+            return
+        except (ProcessLookupError, PermissionError):
+            continue
+
+
+def cmd_install(_args: argparse.Namespace) -> None:
+    """Install dnd as a systemd service."""
+    _require_root("install")
+
+    user = os.environ.get("SUDO_USER", os.getlogin())
+    dnd_bin = _resolve_dnd_bin()
+
+    unit_content = UNIT_TEMPLATE.format(user=user, dnd_bin=dnd_bin)
+    UNIT_PATH.write_text(unit_content)
+    print(f"Wrote {UNIT_PATH}")
+
+    subprocess.run(["systemctl", "daemon-reload"], check=True)
+    subprocess.run(["systemctl", "enable", SERVICE_NAME], check=True)
+    subprocess.run(["systemctl", "start", SERVICE_NAME], check=True)
+    print(f"Service '{SERVICE_NAME}' installed, enabled, and started.")
+    subprocess.run(["systemctl", "status", SERVICE_NAME, "--no-pager"])
+
+
+def cmd_uninstall(_args: argparse.Namespace) -> None:
+    """Uninstall the dnd systemd service."""
+    _require_root("uninstall")
+
+    subprocess.run(["systemctl", "stop", SERVICE_NAME], check=False)
+    subprocess.run(["systemctl", "disable", SERVICE_NAME], check=False)
+
+    if UNIT_PATH.exists():
+        UNIT_PATH.unlink()
+        print(f"Removed {UNIT_PATH}")
+    else:
+        print(f"{UNIT_PATH} not found — already removed?")
+
+    subprocess.run(["systemctl", "daemon-reload"], check=True)
+    print(f"Service '{SERVICE_NAME}' uninstalled.")
+
+
+def cmd_status(_args: argparse.Namespace) -> None:
+    """Show systemd service status."""
+    subprocess.run(["systemctl", "status", SERVICE_NAME, "--no-pager"])

dnd_daemon-0.0.1/src/dnd_daemon.egg-info/PKG-INFO

@@ -0,0 +1,137 @@
+Metadata-Version: 2.4
+Name: dnd-daemon
+Version: 0.0.1
+Summary: Do-Not-Disturb process enforcer — kill processes from unauthorized users on shared machines
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/AgrawalAmey/dnd-daemon
+Project-URL: Bug Tracker, https://github.com/AgrawalAmey/dnd-daemon/issues
+Keywords: process,enforcer,daemon,shared,machine,reservation
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: No Input/Output (Daemon)
+Classifier: Intended Audience :: System Administrators
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: System :: Systems Administration
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Provides-Extra: dev
+Requires-Dist: pytest>=7.4.0; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+Requires-Dist: black>=23.0.0; extra == "dev"
+Requires-Dist: isort>=5.12.0; extra == "dev"
+Requires-Dist: autoflake; extra == "dev"
+Requires-Dist: codespell; extra == "dev"
+Requires-Dist: pyright>=1.1.300; extra == "dev"
+Requires-Dist: build>=1.0.0; extra == "dev"
+
+# dnd — Do Not Disturb
+
+Process enforcer for shared machines. Monitors running processes and kills
+anything owned by users who aren't on the allowed list. Designed for
+honor-code reservation systems where some users don't follow the rules.
+
+## Quick start
+
+No install needed — run directly with [`uvx`](https://docs.astral.sh/uv/):
+
+```bash
+# Allow everyone by default, block specific users:
+uvx dnd-daemon allow '*'
+uvx dnd-daemon block debopman
+
+# Start the daemon (foreground, for testing):
+uvx dnd-daemon run --dry-run
+
+# Start for real:
+uvx dnd-daemon run
+```
+
+## Install
+
+For persistent use, install globally with `uv`:
+
+```bash
+uv tool install dnd-daemon
+```
+
+Then use `dnd` directly:
+
+```bash
+dnd allow '*'
+dnd block debopman
+dnd run
+```
+
+Alternatively, install with pip:
+
+```bash
+pip install dnd-daemon
+```
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `dnd run` | Start the enforcement daemon |
+| `dnd allow <users...>` | Add users to the allowed list (also unblocks them) |
+| `dnd block <users...>` | Add users to the blocked list (also removes from allowed) |
+| `dnd list` | Show current allowed and blocked users |
+| `dnd install` | Install as a systemd service (requires `sudo`) |
+| `dnd uninstall` | Remove the systemd service (requires `sudo`) |
+| `dnd status` | Show systemd service status |
+
+### `dnd run` options
+
+- `--dry-run` — log what would be killed without actually killing
+- `--daemon` — fork into background
+- `--interval N` — seconds between scans (default: 10)
+- `--verbose` — debug-level logging
+
+### Wildcards
+
+Use `*` in the allowed list to allow everyone by default. The blocked list
+always takes priority over the wildcard:
+
+```bash
+dnd allow '*'       # everyone is allowed
+dnd block baduser   # ...except baduser
+```
+
+## Configuration
+
+User lists are stored in `~/.cache/dnd/`:
+
+```
+~/.cache/dnd/
+  allowed_users.txt
+  blocked_users.txt
+  dnd.log
+```
+
+Override with `--allow-config` and `--block-config`:
+
+```bash
+dnd --allow-config /path/to/allowed.txt list
+```
+
+## Systemd service
+
+```bash
+sudo dnd install    # creates, enables, and starts the service
+sudo dnd uninstall  # stops, disables, and removes the service
+dnd status          # show service status
+```
+
+The service runs as the installing user with `CAP_KILL` for permission to
+terminate other users' processes. Config changes via `dnd allow` / `dnd block`
+are automatically picked up (the daemon reloads on SIGHUP).
+
+## How it works
+
+1. Scans `/proc` every 10 seconds for all running processes
+2. Skips system/service accounts (UID <= 999, known service names)
+3. Checks each remaining process owner against the allowed/blocked lists
+4. Sends SIGTERM, waits 5 seconds, then SIGKILL if still alive

dnd_daemon-0.0.1/src/dnd_daemon.egg-info/SOURCES.txt

@@ -0,0 +1,22 @@
+.gitignore
+Makefile
+README.md
+pyproject.toml
+setup.py
+.github/workflows/lint.yml
+.github/workflows/publish.yml
+.github/workflows/publish_nightly.yml
+.github/workflows/test.yml
+src/dnd/__init__.py
+src/dnd/__main__.py
+src/dnd/_version.py
+src/dnd/cli.py
+src/dnd/config.py
+src/dnd/daemon.py
+src/dnd/service.py
+src/dnd_daemon.egg-info/PKG-INFO
+src/dnd_daemon.egg-info/SOURCES.txt
+src/dnd_daemon.egg-info/dependency_links.txt
+src/dnd_daemon.egg-info/entry_points.txt
+src/dnd_daemon.egg-info/requires.txt
+src/dnd_daemon.egg-info/top_level.txt

dnd_daemon-0.0.1/src/dnd_daemon.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

dnd_daemon-0.0.1/src/dnd_daemon.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+dnd = dnd.cli:main

dnd_daemon-0.0.1/src/dnd_daemon.egg-info/requires.txt

@@ -0,0 +1,10 @@
+
+[dev]
+pytest>=7.4.0
+pytest-cov
+black>=23.0.0
+isort>=5.12.0
+autoflake
+codespell
+pyright>=1.1.300
+build>=1.0.0

dnd_daemon-0.0.1/src/dnd_daemon.egg-info/top_level.txt

@@ -0,0 +1 @@
+dnd