nixos/modules/security/pam_mount.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / security / pam_mount.nix
at 18.09-beta 2.3 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.security.pam.mount;
 7
 8  anyPamMount = any (attrByPath ["pamMount"] false) (attrValues config.security.pam.services);
 9in
10
11{
12  options = {
13
14    security.pam.mount = {
15      enable = mkOption {
16        type = types.bool;
17        default = false;
18        description = ''
19          Enable PAM mount system to mount fileystems on user login.
20        '';
21      };
22
23      extraVolumes = mkOption {
24        type = types.listOf types.str;
25        default = [];
26        description = ''
27          List of volume definitions for pam_mount.
28          For more information, visit <link
29          xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />.
30        '';
31      };
32    };
33
34  };
35
36  config = mkIf (cfg.enable || anyPamMount) {
37
38    environment.systemPackages = [ pkgs.pam_mount ];
39    environment.etc = [{
40      target = "security/pam_mount.conf.xml";
41      source =
42        let
43          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
44          userVolumeEntry = user: "<volume user=\"${user.name}\" path=\"${user.cryptHomeLuks}\" mountpoint=\"${user.home}\" />\n";
45        in
46         pkgs.writeText "pam_mount.conf.xml" ''
47          <?xml version="1.0" encoding="utf-8" ?>
48          <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
49          <!-- auto generated from Nixos: modules/config/users-groups.nix -->
50          <pam_mount>
51          <debug enable="0" />
52
53          ${concatStrings (map userVolumeEntry (attrValues extraUserVolumes))}
54          ${concatStringsSep "\n" cfg.extraVolumes}
55
56          <!-- if activated, requires ofl from hxtools to be present -->
57          <logout wait="0" hup="no" term="no" kill="no" />
58          <!-- set PATH variable for pam_mount module -->
59          <path>${pkgs.utillinux}/bin</path>
60          <!-- create mount point if not present -->
61          <mkmountpoint enable="1" remove="true" />
62
63          <!-- specify the binaries to be called -->
64          <cryptmount>${pkgs.pam_mount}/bin/mount.crypt %(VOLUME) %(MNTPT)</cryptmount>
65          <cryptumount>${pkgs.pam_mount}/bin/umount.crypt %(MNTPT)</cryptumount>
66          <pmvarrun>${pkgs.pam_mount}/bin/pmvarrun -u %(USER) -o %(OPERATION)</pmvarrun>
67          </pam_mount>
68          '';
69    }];
70
71  };
72}