nixos/modules/programs/i3lock.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / programs / i3lock.nix
at 23.11-pre 1.5 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.programs.i3lock;
 8
 9in {
10
11  ###### interface
12
13  options = {
14    programs.i3lock = {
15      enable = mkEnableOption (mdDoc "i3lock");
16      package = mkOption {
17        type        = types.package;
18        default     = pkgs.i3lock;
19        defaultText = literalExpression "pkgs.i3lock";
20        example     = literalExpression ''
21          pkgs.i3lock-color
22        '';
23        description = mdDoc ''
24          Specify which package to use for the i3lock program,
25          The i3lock package must include a i3lock file or link in its out directory in order for the u2fSupport option to work correctly.
26        '';
27      };
28      u2fSupport = mkOption {
29        type        = types.bool;
30        default     = false;
31        example     = true;
32        description = mdDoc ''
33          Whether to enable U2F support in the i3lock program.
34          U2F enables authentication using a hardware device, such as a security key.
35          When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service,
36        '';
37      };
38    };
39  };
40
41  ###### implementation
42
43  config = mkIf cfg.enable {
44
45    environment.systemPackages = [ cfg.package ];
46
47    security.wrappers.i3lock = mkIf cfg.u2fSupport {
48      setuid = true;
49      owner = "root";
50      group = "root";
51      source = "${cfg.package.out}/bin/i3lock";
52    };
53
54    security.pam.services.i3lock.u2fAuth = cfg.u2fSupport;
55
56  };
57
58}