nixos/modules/programs/i3lock.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / programs / i3lock.nix

at 25.11-pre 1.3 kB view raw

 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8let
 9
10  cfg = config.programs.i3lock;
11
12in
13{
14
15  ###### interface
16
17  options = {
18    programs.i3lock = {
19      enable = lib.mkEnableOption "i3lock";
20      package = lib.mkPackageOption pkgs "i3lock" {
21        example = "i3lock-color";
22        extraDescription = ''
23          ::: {.note}
24          The i3lock package must include a i3lock file or link in its out directory in order for the u2fSupport option to work correctly.
25          :::
26        '';
27      };
28      u2fSupport = lib.mkOption {
29        type = lib.types.bool;
30        default = false;
31        example = true;
32        description = ''
33          Whether to enable U2F support in the i3lock program.
34          U2F enables authentication using a hardware device, such as a security key.
35          When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service,
36        '';
37      };
38    };
39  };
40
41  ###### implementation
42
43  config = lib.mkIf cfg.enable {
44
45    environment.systemPackages = [ cfg.package ];
46
47    security.wrappers.i3lock = lib.mkIf cfg.u2fSupport {
48      setuid = true;
49      owner = "root";
50      group = "root";
51      source = "${cfg.package.out}/bin/i3lock";
52    };
53
54    security.pam.services.i3lock.u2fAuth = cfg.u2fSupport;
55
56  };
57
58}