nixos/pam/kwallet: rename option, allow setting package

2025-07-14 06:00:33 +03:00 · 2024-02-06 21:09:19 +03:00 · 2024-02-06 21:09:19 +03:00 · 8be79e54c5
commit 8be79e54c5
parent 606c879892
2 changed files with 24 additions and 17 deletions
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@ -96,6 +96,10 @@ let

  pamOpts = { config, name, ... }: let cfg = config; in let config = parentConfig; in {

+    imports = [
+      (lib.mkRenamedOptionModule [ "enableKwallet" ] [ "kwallet" "enable" ])
+    ];
+
    options = {

      name = mkOption {
@ -462,7 +466,8 @@ let
        '';
      };

-      enableKwallet = mkOption {
+      kwallet = {
+        enable = mkOption {
          default = false;
          type = types.bool;
          description = lib.mdDoc ''
@ -472,6 +477,12 @@ let
            password, KDE will prompt separately after login.
          '';
        };
+
+        package = mkPackageOption pkgs.plasma5Packages "kwallet-pam" {
+          pkgsText = "pkgs.plasma5Packages";
+        };
+      };
+
      sssdStrictAccess = mkOption {
        default = false;
        type = types.bool;
@ -686,7 +697,7 @@ let
            (config.security.pam.enableEcryptfs
              || config.security.pam.enableFscrypt
              || cfg.pamMount
-              || cfg.enableKwallet
+              || cfg.kwallet.enable
              || cfg.enableGnomeKeyring
              || config.services.intune.enable
              || cfg.googleAuthenticator.enable
@ -711,9 +722,7 @@ let
              { name = "mount"; enable = cfg.pamMount; control = "optional"; modulePath = "${pkgs.pam_mount}/lib/security/pam_mount.so"; settings = {
                disable_interactive = true;
              }; }
-              { name = "kwallet5"; enable = cfg.enableKwallet; control = "optional"; modulePath = "${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so"; settings = {
-                kwalletd = "${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5";
-              }; }
+              { name = "kwallet"; enable = cfg.kwallet.enable; control = "optional"; modulePath = "${cfg.kwallet.package}/lib/security/pam_kwallet5.so"; }
              { name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so"; }
              { name = "intune"; enable = config.services.intune.enable; control = "optional"; modulePath = "${pkgs.intune-portal}/lib/security/pam_intune.so"; }
              { name = "gnupg"; enable = cfg.gnupg.enable; control = "optional"; modulePath = "${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"; settings = {
@ -848,9 +857,7 @@ let
            order = "user,group,default";
            debug = true;
          }; }
-          { name = "kwallet5"; enable = cfg.enableKwallet; control = "optional"; modulePath = "${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so"; settings = {
-            kwalletd = "${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5";
-          }; }
+          { name = "kwallet"; enable = cfg.kwallet.enable; control = "optional"; modulePath = "${cfg.kwallet.package}/lib/security/pam_kwallet5.so"; }
          { name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so"; settings = {
            auto_start = true;
          }; }
--- a/nixos/modules/services/x11/desktop-managers/plasma5.nix
+++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix
@ -362,7 +362,7 @@ in

      security.pam.services.kde = { allowNullPassword = true; };

-      security.pam.services.login.enableKwallet = true;
+      security.pam.services.login.kwallet.enable = true;

      systemd.user.services = {
        plasma-early-setup = mkIf cfg.runUsingSystemd {