nixos/modules/security/pam_mount.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / security / pam_mount.nix
at 21.11-pre 2.5 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.security.pam.mount;
 7
 8  anyPamMount = any (attrByPath ["pamMount"] false) (attrValues config.security.pam.services);
 9in
10
11{
12  options = {
13
14    security.pam.mount = {
15      enable = mkOption {
16        type = types.bool;
17        default = false;
18        description = ''
19          Enable PAM mount system to mount fileystems on user login.
20        '';
21      };
22
23      extraVolumes = mkOption {
24        type = types.listOf types.str;
25        default = [];
26        description = ''
27          List of volume definitions for pam_mount.
28          For more information, visit <link
29          xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />.
30        '';
31      };
32    };
33
34  };
35
36  config = mkIf (cfg.enable || anyPamMount) {
37
38    environment.systemPackages = [ pkgs.pam_mount ];
39    environment.etc."security/pam_mount.conf.xml" = {
40      source =
41        let
42          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null || u.pamMount != {}) config.users.users;
43          mkAttr = k: v: ''${k}="${v}"'';
44          userVolumeEntry = user: let
45            attrs = {
46              user = user.name;
47              path = user.cryptHomeLuks;
48              mountpoint = user.home;
49            } // user.pamMount;
50          in
51            "<volume ${concatStringsSep " " (mapAttrsToList mkAttr attrs)} />\n";
52        in
53         pkgs.writeText "pam_mount.conf.xml" ''
54          <?xml version="1.0" encoding="utf-8" ?>
55          <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
56          <!-- auto generated from Nixos: modules/config/users-groups.nix -->
57          <pam_mount>
58          <debug enable="0" />
59
60          <!-- if activated, requires ofl from hxtools to be present -->
61          <logout wait="0" hup="no" term="no" kill="no" />
62          <!-- set PATH variable for pam_mount module -->
63          <path>${pkgs.util-linux}/bin</path>
64          <!-- create mount point if not present -->
65          <mkmountpoint enable="1" remove="true" />
66
67          <!-- specify the binaries to be called -->
68          <cryptmount>${pkgs.pam_mount}/bin/mount.crypt %(VOLUME) %(MNTPT)</cryptmount>
69          <cryptumount>${pkgs.pam_mount}/bin/umount.crypt %(MNTPT)</cryptumount>
70          <pmvarrun>${pkgs.pam_mount}/bin/pmvarrun -u %(USER) -o %(OPERATION)</pmvarrun>
71
72          ${concatStrings (map userVolumeEntry (attrValues extraUserVolumes))}
73          ${concatStringsSep "\n" cfg.extraVolumes}
74          </pam_mount>
75          '';
76    };
77
78  };
79}