nixos/modules/system/boot/systemd/homed.nix at 2bccbf892e4e8c342f2dac4d893fbba0a0a1319f · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / system / boot / systemd / homed.nix
at 2bccbf892e4e8c342f2dac4d893fbba0a0a1319f 2.3 kB view raw
 1{
 2  config,
 3  lib,
 4  utils,
 5  ...
 6}:
 7
 8let
 9  cfg = config.services.homed;
10in
11
12{
13  options.services.homed = {
14    enable = lib.mkEnableOption "systemd home area/user account manager";
15
16    promptOnFirstBoot =
17      lib.mkEnableOption ''
18        interactively prompting for user creation on first boot
19      ''
20      // {
21        default = true;
22      };
23
24    settings.Home = lib.mkOption {
25      default = { };
26      type = lib.types.submodule {
27        freeformType = lib.types.attrsOf utils.systemdUtils.unitOptions.unitOption;
28      };
29      example = {
30        DefaultStorage = "luks";
31        DefaultFileSystemType = "btrfs";
32      };
33      description = ''
34        Options for systemd-homed. See {manpage}`homed.conf(5)` man page for
35        available options.
36      '';
37    };
38  };
39
40  config = lib.mkIf cfg.enable {
41    assertions = [
42      {
43        assertion = config.services.nscd.enable;
44        message = ''
45          systemd-homed requires the use of the systemd nss module.
46          services.nscd.enable must be set to true.
47        '';
48      }
49    ];
50
51    systemd.additionalUpstreamSystemUnits = [
52      "systemd-homed.service"
53      "systemd-homed-activate.service"
54      "systemd-homed-firstboot.service"
55    ];
56
57    # homed exposes SSH public keys and other user metadata using userdb
58    services.userdbd = {
59      enable = true;
60      enableSSHSupport = lib.mkDefault config.services.openssh.enable;
61    };
62
63    # Enable creation and mounting of LUKS home areas with all filesystems
64    # supported by systemd-homed.
65    boot.supportedFilesystems = [
66      "btrfs"
67      "ext4"
68      "xfs"
69    ];
70
71    environment.etc."systemd/homed.conf".text = ''
72      [Home]
73      ${utils.systemdUtils.lib.attrsToSection cfg.settings.Home}
74    '';
75
76    systemd.services = {
77      systemd-homed = {
78        # These packages are required to manage home areas with LUKS storage
79        path = config.system.fsPackages;
80        aliases = [ "dbus-org.freedesktop.home1.service" ];
81        wantedBy = [ "multi-user.target" ];
82      };
83
84      systemd-homed-activate = {
85        wantedBy = [ "systemd-homed.service" ];
86      };
87
88      systemd-homed-firstboot = {
89        enable = cfg.promptOnFirstBoot;
90        wantedBy = [ "systemd-homed.service" ];
91      };
92    };
93  };
94}