nixos/modules/security/pam_usb.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / pam_usb.nix

at 16.09-beta 831 B view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  inherit (pkgs) pam_usb;
 8
 9  cfg = config.security.pam.usb;
10
11  anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);
12
13in
14
15{
16  options = {
17
18    security.pam.usb = {
19      enable = mkOption {
20        type = types.bool;
21        default = false;
22        description = ''
23          Enable USB login for all login systems that support it.  For
24          more information, visit <link
25          xlink:href="http://pamusb.org/doc/quickstart#setting_up" />.
26        '';
27      };
28
29    };
30
31  };
32
33  config = mkIf (cfg.enable || anyUsbAuth) {
34
35    # pmount need to have a set-uid bit to make pam_usb works in user
36    # environment. (like su, sudo)
37
38    security.setuidPrograms = [ "pmount" "pumount" ];
39    environment.systemPackages = [ pkgs.pmount ];
40
41  };
42}