nixos/modules/services/system/dbus.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / system / dbus.nix
at 23.05-pre 3.3 kB view raw
  1# D-Bus configuration and system bus daemon.
  2
  3{ config, lib, pkgs, ... }:
  4
  5let
  6
  7  cfg = config.services.dbus;
  8
  9  homeDir = "/run/dbus";
 10
 11  configDir = pkgs.makeDBusConf {
 12    inherit (cfg) apparmor;
 13    suidHelper = "${config.security.wrapperDir}/dbus-daemon-launch-helper";
 14    serviceDirectories = cfg.packages;
 15  };
 16
 17  inherit (lib) mkOption types;
 18
 19in
 20
 21{
 22  options = {
 23
 24    services.dbus = {
 25
 26      enable = mkOption {
 27        type = types.bool;
 28        default = false;
 29        internal = true;
 30        description = lib.mdDoc ''
 31          Whether to start the D-Bus message bus daemon, which is
 32          required by many other system services and applications.
 33        '';
 34      };
 35
 36      packages = mkOption {
 37        type = types.listOf types.path;
 38        default = [ ];
 39        description = lib.mdDoc ''
 40          Packages whose D-Bus configuration files should be included in
 41          the configuration of the D-Bus system-wide or session-wide
 42          message bus.  Specifically, files in the following directories
 43          will be included into their respective DBus configuration paths:
 44          {file}`«pkg»/etc/dbus-1/system.d`
 45          {file}`«pkg»/share/dbus-1/system.d`
 46          {file}`«pkg»/share/dbus-1/system-services`
 47          {file}`«pkg»/etc/dbus-1/session.d`
 48          {file}`«pkg»/share/dbus-1/session.d`
 49          {file}`«pkg»/share/dbus-1/services`
 50        '';
 51      };
 52
 53      apparmor = mkOption {
 54        type = types.enum [ "enabled" "disabled" "required" ];
 55        description = lib.mdDoc ''
 56          AppArmor mode for dbus.
 57
 58          `enabled` enables mediation when it's
 59          supported in the kernel, `disabled`
 60          always disables AppArmor even with kernel support, and
 61          `required` fails when AppArmor was not found
 62          in the kernel.
 63        '';
 64        default = "disabled";
 65      };
 66    };
 67  };
 68
 69  config = lib.mkIf cfg.enable {
 70    environment.systemPackages = [
 71      pkgs.dbus
 72    ];
 73
 74    environment.etc."dbus-1".source = configDir;
 75
 76    users.users.messagebus = {
 77      uid = config.ids.uids.messagebus;
 78      description = "D-Bus system message bus daemon user";
 79      home = homeDir;
 80      group = "messagebus";
 81    };
 82
 83    users.groups.messagebus.gid = config.ids.gids.messagebus;
 84
 85    systemd.packages = [
 86      pkgs.dbus
 87    ];
 88
 89    security.wrappers.dbus-daemon-launch-helper = {
 90      source = "${pkgs.dbus}/libexec/dbus-daemon-launch-helper";
 91      owner = "root";
 92      group = "messagebus";
 93      setuid = true;
 94      setgid = false;
 95      permissions = "u+rx,g+rx,o-rx";
 96    };
 97
 98    services.dbus.packages = [
 99      pkgs.dbus
100      config.system.path
101    ];
102
103    systemd.services.dbus = {
104      # Don't restart dbus-daemon. Bad things tend to happen if we do.
105      reloadIfChanged = true;
106      restartTriggers = [
107        configDir
108      ];
109      environment = {
110        LD_LIBRARY_PATH = config.system.nssModules.path;
111      };
112    };
113
114    systemd.user.services.dbus = {
115      # Don't restart dbus-daemon. Bad things tend to happen if we do.
116      reloadIfChanged = true;
117      restartTriggers = [
118        configDir
119      ];
120    };
121
122    systemd.user.sockets.dbus.wantedBy = [
123      "sockets.target"
124    ];
125
126    environment.pathsToLink = [
127      "/etc/dbus-1"
128      "/share/dbus-1"
129    ];
130  };
131}