nixos/ecryptfs: init

Currently, ecryptfs support is coupled to `security.pam.enableEcryptfs`, but one might want to use ecryptfs without enabling the PAM functionality. This commit splits it out into a `boot.supportedFilesystems` switch.
author: edef <edef@edef.eu> 2017-10-07 17:27:46 +0200
committer: obadz <obadz-git@obadz.com> 2017-10-20 17:42:04 +0100
commit: ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba (patch)
tree: 1eebdaa574d935def3e7f988271d0af44df7ba9b /nixos/modules/security/pam.nix
parent: 7867b508817f1acfe3a524ed93ac83cb45e87720 (diff)
download: nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar
nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.gz
nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.bz2
nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.lz
nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.xz
nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.zst
nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.zip
1 files changed, 4 insertions, 6 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 1e8ca4f90223..5ded36329f33 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -486,8 +486,9 @@ in
       ++ optionals config.krb5.enable [pam_krb5 pam_ccreds]
       ++ optionals config.security.pam.enableOTPW [ pkgs.otpw ]
       ++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ]
-      ++ optionals config.security.pam.enableU2F [ pkgs.pam_u2f ]
-      ++ optionals config.security.pam.enableEcryptfs [ pkgs.ecryptfs ];
+      ++ optionals config.security.pam.enableU2F [ pkgs.pam_u2f ];
+
+    boot.supportedFilesystems = optionals config.security.pam.enableEcryptfs [ "ecryptfs" ];
 
     security.wrappers = {
       unix_chkpwd = {
@@ -495,10 +496,7 @@ in
         owner = "root";
         setuid = true;
       };
-    } // (if config.security.pam.enableEcryptfs then {
-      "mount.ecryptfs_private".source = "${pkgs.ecryptfs.out}/bin/mount.ecryptfs_private";
-       "umount.ecryptfs_private".source = "${pkgs.ecryptfs.out}/bin/umount.ecryptfs_private";
-    } else {});
+    };
 
     environment.etc =
       mapAttrsToList (n: v: makePAMService v) config.security.pam.services;
author	edef <edef@edef.eu>	2017-10-07 17:27:46 +0200
committer	obadz <obadz-git@obadz.com>	2017-10-20 17:42:04 +0100
commit	ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba (patch)
tree	1eebdaa574d935def3e7f988271d0af44df7ba9b /nixos/modules/security/pam.nix
parent	7867b508817f1acfe3a524ed93ac83cb45e87720 (diff)
download	nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.gz nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.bz2 nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.lz nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.xz nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.zst nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.zip