nixos/modules/security/pam_usb.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / pam_usb.nix

at 22.05-pre 1.1 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.security.pam.usb;
 8
 9  anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);
10
11in
12
13{
14  options = {
15
16    security.pam.usb = {
17      enable = mkOption {
18        type = types.bool;
19        default = false;
20        description = ''
21          Enable USB login for all login systems that support it.  For
22          more information, visit <link
23          xlink:href="https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users" />.
24        '';
25      };
26
27    };
28
29  };
30
31  config = mkIf (cfg.enable || anyUsbAuth) {
32
33    # Make sure pmount and pumount are setuid wrapped.
34    security.wrappers = {
35      pmount =
36        { setuid = true;
37          owner = "root";
38          group = "root";
39          source = "${pkgs.pmount.out}/bin/pmount";
40        };
41      pumount =
42        { setuid = true;
43          owner = "root";
44          group = "root";
45          source = "${pkgs.pmount.out}/bin/pumount";
46        };
47    };
48
49    environment.systemPackages = [ pkgs.pmount ];
50
51  };
52}