As noted in my previous post, I configured my system to run slock as soon as the system enters sleep state. This is how its done.
First we create a new systemd unit in /etc/systemd/system called suspend@.service
[Unit] Description=User suspend actions Before=sleep.target [Service] User=%I Type=simple Environment=DISPLAY=:0 ExecStart=/usr/bin/slock [Install] WantedBy=sleep.target
So what did we do? We created a unit that runs before sleep.target is reached. This unit will run as a configurable user by enabling suspend@$USER.service
# systemctl enable suspend@$USER.service
So the /usr/bin/slock runs as $USER. To be able to communicate with the X-Server we need to set the DISPLAY variable to :0.
So now when your system is going to sleep systemd should start slock.
Sadly this works only for a one user system since the username is hardcoded when enabling the unit file. To make it work with multible users one would need to create a script which determines which user is running the X-Server then change to this user and lock the screen.