movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nixos/pam/kwallet: rename option, allow setting package

Browse source
This commit is contained in:
K900 2024-02-06 21:09:19 +03:00
parent 606c879892
commit 8be79e54c5
2 changed files with 24 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

39
nixos/modules/security/pam.nix
View file

@ -96,6 +96,10 @@ let
pamOpts = { config, name, ... }: let cfg = config; in let config = parentConfig; in { pamOpts = { config, name, ... }: let cfg = config; in let config = parentConfig; in {
imports = [
(lib.mkRenamedOptionModule [ "enableKwallet" ] [ "kwallet" "enable" ])
];
options = { options = {
name = mkOption { name = mkOption {
@ -462,16 +466,23 @@ let
''; '';
}; };
enableKwallet = mkOption { kwallet = {
default = false; enable = mkOption {
type = types.bool; default = false;
description = lib.mdDoc '' type = types.bool;
If enabled, pam_wallet will attempt to automatically unlock the description = lib.mdDoc ''
user's default KDE wallet upon login. If the user has no wallet named If enabled, pam_wallet will attempt to automatically unlock the
"kdewallet", or the login password does not match their wallet user's default KDE wallet upon login. If the user has no wallet named
password, KDE will prompt separately after login. "kdewallet", or the login password does not match their wallet
''; password, KDE will prompt separately after login.
'';
};
package = mkPackageOption pkgs.plasma5Packages "kwallet-pam" {
pkgsText = "pkgs.plasma5Packages";
};
}; };
sssdStrictAccess = mkOption { sssdStrictAccess = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
@ -686,7 +697,7 @@ let
(config.security.pam.enableEcryptfs (config.security.pam.enableEcryptfs
|| config.security.pam.enableFscrypt || config.security.pam.enableFscrypt
|| cfg.pamMount || cfg.pamMount
|| cfg.enableKwallet || cfg.kwallet.enable
|| cfg.enableGnomeKeyring || cfg.enableGnomeKeyring
|| config.services.intune.enable || config.services.intune.enable
|| cfg.googleAuthenticator.enable || cfg.googleAuthenticator.enable
@ -711,9 +722,7 @@ let
{ name = "mount"; enable = cfg.pamMount; control = "optional"; modulePath = "${pkgs.pam_mount}/lib/security/pam_mount.so"; settings = { { name = "mount"; enable = cfg.pamMount; control = "optional"; modulePath = "${pkgs.pam_mount}/lib/security/pam_mount.so"; settings = {
disable_interactive = true; disable_interactive = true;
}; } }; }
{ name = "kwallet5"; enable = cfg.enableKwallet; control = "optional"; modulePath = "${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so"; settings = { { name = "kwallet"; enable = cfg.kwallet.enable; control = "optional"; modulePath = "${cfg.kwallet.package}/lib/security/pam_kwallet5.so"; }
kwalletd = "${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5";
}; }
{ name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so"; } { name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so"; }
{ name = "intune"; enable = config.services.intune.enable; control = "optional"; modulePath = "${pkgs.intune-portal}/lib/security/pam_intune.so"; } { name = "intune"; enable = config.services.intune.enable; control = "optional"; modulePath = "${pkgs.intune-portal}/lib/security/pam_intune.so"; }
{ name = "gnupg"; enable = cfg.gnupg.enable; control = "optional"; modulePath = "${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"; settings = { { name = "gnupg"; enable = cfg.gnupg.enable; control = "optional"; modulePath = "${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"; settings = {
@ -848,9 +857,7 @@ let
order = "user,group,default"; order = "user,group,default";
debug = true; debug = true;
}; } }; }
{ name = "kwallet5"; enable = cfg.enableKwallet; control = "optional"; modulePath = "${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so"; settings = { { name = "kwallet"; enable = cfg.kwallet.enable; control = "optional"; modulePath = "${cfg.kwallet.package}/lib/security/pam_kwallet5.so"; }
kwalletd = "${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5";
}; }
{ name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so"; settings = { { name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so"; settings = {
auto_start = true; auto_start = true;
}; } }; }

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View file

@ -362,7 +362,7 @@ in
security.pam.services.kde = { allowNullPassword = true; }; security.pam.services.kde = { allowNullPassword = true; };
security.pam.services.login.enableKwallet = true; security.pam.services.login.kwallet.enable = true;
systemd.user.services = { systemd.user.services = {
plasma-early-setup = mkIf cfg.runUsingSystemd { plasma-early-setup = mkIf cfg.runUsingSystemd {