pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / programs / ecryptfs.nix
at 25.11-pre 642 B view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 cfg = config.programs.ecryptfs; 10 11in 12{ 13 options.programs.ecryptfs = { 14 enable = lib.mkEnableOption "ecryptfs setuid mount wrappers"; 15 }; 16 17 config = lib.mkIf cfg.enable { 18 security.wrappers = { 19 20 "mount.ecryptfs_private" = { 21 setuid = true; 22 owner = "root"; 23 group = "root"; 24 source = "${lib.getBin pkgs.ecryptfs}/bin/mount.ecryptfs_private"; 25 }; 26 "umount.ecryptfs_private" = { 27 setuid = true; 28 owner = "root"; 29 group = "root"; 30 source = "${lib.getBin pkgs.ecryptfs}/bin/umount.ecryptfs_private"; 31 }; 32 33 }; 34 }; 35}