nixos/modules/programs/i3lock.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / programs / i3lock.nix

at 24.11-pre 1.3 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3let
 4
 5  cfg = config.programs.i3lock;
 6
 7in {
 8
 9  ###### interface
10
11  options = {
12    programs.i3lock = {
13      enable = lib.mkEnableOption "i3lock";
14      package = lib.mkPackageOption pkgs "i3lock" {
15        example = "i3lock-color";
16        extraDescription = ''
17          ::: {.note}
18          The i3lock package must include a i3lock file or link in its out directory in order for the u2fSupport option to work correctly.
19          :::
20        '';
21      };
22      u2fSupport = lib.mkOption {
23        type        = lib.types.bool;
24        default     = false;
25        example     = true;
26        description = ''
27          Whether to enable U2F support in the i3lock program.
28          U2F enables authentication using a hardware device, such as a security key.
29          When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service,
30        '';
31      };
32    };
33  };
34
35  ###### implementation
36
37  config = lib.mkIf cfg.enable {
38
39    environment.systemPackages = [ cfg.package ];
40
41    security.wrappers.i3lock = lib.mkIf cfg.u2fSupport {
42      setuid = true;
43      owner = "root";
44      group = "root";
45      source = "${cfg.package.out}/bin/i3lock";
46    };
47
48    security.pam.services.i3lock.u2fAuth = cfg.u2fSupport;
49
50  };
51
52}