diff options
author | Jan Tojnar <jtojnar@gmail.com> | 2017-11-24 04:07:52 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-24 04:07:52 +0100 |
commit | 193c4c5701604016b565bdb0eba87489586ffe9d (patch) | |
tree | 7a5d05f42787f742322036b799f06f5acaaf8f0f /nixos/modules | |
parent | a072d781d04b79c50f4d3f737364eee5da264293 (diff) | |
parent | c49522edb72a22e89e4bfdf994ce906c93546271 (diff) | |
download | nixlib-193c4c5701604016b565bdb0eba87489586ffe9d.tar nixlib-193c4c5701604016b565bdb0eba87489586ffe9d.tar.gz nixlib-193c4c5701604016b565bdb0eba87489586ffe9d.tar.bz2 nixlib-193c4c5701604016b565bdb0eba87489586ffe9d.tar.lz nixlib-193c4c5701604016b565bdb0eba87489586ffe9d.tar.xz nixlib-193c4c5701604016b565bdb0eba87489586ffe9d.tar.zst nixlib-193c4c5701604016b565bdb0eba87489586ffe9d.zip |
Merge pull request #30252 from jtojnar/fwupd
fwupd: 0.9.6 → 1.0.1
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/hardware/fwupd.nix | 90 |
2 files changed, 91 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 82e065968207..3b4f41171adc 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -226,6 +226,7 @@ ./services/hardware/bluetooth.nix ./services/hardware/brltty.nix ./services/hardware/freefall.nix + ./services/hardware/fwupd.nix ./services/hardware/illum.nix ./services/hardware/interception-tools.nix ./services/hardware/irqbalance.nix diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix new file mode 100644 index 000000000000..c28f5c0bbb53 --- /dev/null +++ b/nixos/modules/services/hardware/fwupd.nix @@ -0,0 +1,90 @@ +# fwupd daemon. + +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.fwupd; + originalEtc = + let + isRegular = v: v == "regular"; + listFiles = d: builtins.attrNames (filterAttrs (const isRegular) (builtins.readDir d)); + copiedDirs = [ "fwupd/remotes.d" "pki/fwupd" "pki/fwupd-metadata" ]; + originalFiles = concatMap (d: map (f: "${d}/${f}") (listFiles "${pkgs.fwupd}/etc/${d}")) copiedDirs; + mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; }; + in listToAttrs (map mkEtcFile originalFiles); + extraTrustedKeys = + let + mkName = p: "pki/fwupd/${baseNameOf (toString p)}"; + mkEtcFile = p: nameValuePair (mkName p) { source = p; }; + in listToAttrs (map mkEtcFile cfg.extraTrustedKeys); +in { + + ###### interface + options = { + services.fwupd = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable fwupd, a DBus service that allows + applications to update firmware. + ''; + }; + + blacklistDevices = mkOption { + type = types.listOf types.string; + default = []; + example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ]; + description = '' + Allow blacklisting specific devices by their GUID + ''; + }; + + blacklistPlugins = mkOption { + type = types.listOf types.string; + default = []; + example = [ "udev" ]; + description = '' + Allow blacklisting specific plugins + ''; + }; + + extraTrustedKeys = mkOption { + type = types.listOf types.path; + default = []; + example = literalExample "[ /etc/nixos/fwupd/myfirmware.pem ]"; + description = '' + Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default. + ''; + }; + }; + }; + + + ###### implementation + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.fwupd ]; + + environment.etc = { + "fwupd/daemon.conf" = { + source = pkgs.writeText "daemon.conf" '' + [fwupd] + BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices} + BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins} + ''; + }; + } // originalEtc // extraTrustedKeys; + + services.dbus.packages = [ pkgs.fwupd ]; + + services.udev.packages = [ pkgs.fwupd ]; + + systemd.packages = [ pkgs.fwupd ]; + + systemd.tmpfiles.rules = [ + "d /var/lib/fwupd 0755 root root -" + ]; + }; +} |