nixos/modules/security/pam_usb.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / pam_usb.nix

at 23.11-pre 1.1 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.security.pam.usb;
 8
 9  anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);
10
11in
12
13{
14  options = {
15
16    security.pam.usb = {
17      enable = mkOption {
18        type = types.bool;
19        default = false;
20        description = lib.mdDoc ''
21          Enable USB login for all login systems that support it.  For
22          more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>.
23        '';
24      };
25
26    };
27
28  };
29
30  config = mkIf (cfg.enable || anyUsbAuth) {
31
32    # Make sure pmount and pumount are setuid wrapped.
33    security.wrappers = {
34      pmount =
35        { setuid = true;
36          owner = "root";
37          group = "root";
38          source = "${pkgs.pmount.out}/bin/pmount";
39        };
40      pumount =
41        { setuid = true;
42          owner = "root";
43          group = "root";
44          source = "${pkgs.pmount.out}/bin/pumount";
45        };
46    };
47
48    environment.systemPackages = [ pkgs.pmount ];
49
50  };
51}