nixos/modules/services/misc/evdevremapkeys.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / evdevremapkeys.nix
at master 1.6 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  format = pkgs.formats.yaml { };
 9  cfg = config.services.evdevremapkeys;
10
11in
12{
13  options.services.evdevremapkeys = {
14    enable = lib.mkEnableOption ''evdevremapkeys, a daemon to remap events on linux input devices'';
15
16    settings = lib.mkOption {
17      type = format.type;
18      default = { };
19      description = ''
20        config.yaml for evdevremapkeys
21      '';
22    };
23  };
24
25  config = lib.mkIf cfg.enable {
26    boot.kernelModules = [ "uinput" ];
27    services.udev.extraRules = ''
28      KERNEL=="uinput", MODE="0660", GROUP="input"
29    '';
30    users.groups.evdevremapkeys = { };
31    users.users.evdevremapkeys = {
32      description = "evdevremapkeys service user";
33      group = "evdevremapkeys";
34      extraGroups = [ "input" ];
35      isSystemUser = true;
36    };
37    systemd.services.evdevremapkeys = {
38      description = "evdevremapkeys";
39      wantedBy = [ "multi-user.target" ];
40      serviceConfig =
41        let
42          config = format.generate "config.yaml" cfg.settings;
43        in
44        {
45          ExecStart = "${pkgs.evdevremapkeys}/bin/evdevremapkeys --config-file ${config}";
46          User = "evdevremapkeys";
47          Group = "evdevremapkeys";
48          StateDirectory = "evdevremapkeys";
49          Restart = "always";
50          LockPersonality = true;
51          MemoryDenyWriteExecute = true;
52          NoNewPrivileges = true;
53          PrivateNetwork = true;
54          PrivateTmp = true;
55          ProtectControlGroups = true;
56          ProtectHome = true;
57          ProtectKernelTunables = true;
58          ProtectSystem = true;
59        };
60    };
61  };
62}