nixos/modules/services/misc/evdevremapkeys.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / misc / evdevremapkeys.nix

at 24.11-pre 1.6 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4let
 5  format = pkgs.formats.yaml { };
 6  cfg = config.services.evdevremapkeys;
 7
 8in
 9{
10  options.services.evdevremapkeys = {
11    enable = mkEnableOption ''evdevremapkeys, a daemon to remap events on linux input devices'';
12
13    settings = mkOption {
14      type = format.type;
15      default = { };
16      description = ''
17        config.yaml for evdevremapkeys
18      '';
19    };
20  };
21
22  config = mkIf cfg.enable {
23    boot.kernelModules = [ "uinput" ];
24    services.udev.extraRules = ''
25      KERNEL=="uinput", MODE="0660", GROUP="input"
26    '';
27    users.groups.evdevremapkeys = { };
28    users.users.evdevremapkeys = {
29      description = "evdevremapkeys service user";
30      group = "evdevremapkeys";
31      extraGroups = [ "input" ];
32      isSystemUser = true;
33    };
34    systemd.services.evdevremapkeys = {
35      description = "evdevremapkeys";
36      wantedBy = [ "multi-user.target" ];
37      serviceConfig =
38        let
39          config = format.generate "config.yaml" cfg.settings;
40        in
41        {
42          ExecStart = "${pkgs.evdevremapkeys}/bin/evdevremapkeys --config-file ${config}";
43          User = "evdevremapkeys";
44          Group = "evdevremapkeys";
45          StateDirectory = "evdevremapkeys";
46          Restart = "always";
47          LockPersonality = true;
48          MemoryDenyWriteExecute = true;
49          NoNewPrivileges = true;
50          PrivateNetwork = true;
51          PrivateTmp = true;
52          ProtectControlGroups = true;
53          ProtectHome = true;
54          ProtectKernelTunables = true;
55          ProtectSystem = true;
56        };
57    };
58  };
59}