diff options
| author | Ryan Lahfa <masterancpp@gmail.com> | 2022-12-22 01:04:05 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-22 01:04:05 +0100 |
| commit | 5431f7ccb28faabd449df573b781c4dd46fe767b (patch) | |
| tree | 26040eb10f0aa703119b8e0cc898abcb394b7261 /nixos | |
| parent | 5d6fa6fdeb97ce5763f8bc2fa7b4185c3562c43a (diff) | |
| parent | 131619a3978ee88b8554a32f422c8fdf38a0a197 (diff) | |
| download | nixlib-5431f7ccb28faabd449df573b781c4dd46fe767b.tar nixlib-5431f7ccb28faabd449df573b781c4dd46fe767b.tar.gz nixlib-5431f7ccb28faabd449df573b781c4dd46fe767b.tar.bz2 nixlib-5431f7ccb28faabd449df573b781c4dd46fe767b.tar.lz nixlib-5431f7ccb28faabd449df573b781c4dd46fe767b.tar.xz nixlib-5431f7ccb28faabd449df573b781c4dd46fe767b.tar.zst nixlib-5431f7ccb28faabd449df573b781c4dd46fe767b.zip | |
Merge pull request #205578 from dev-null-undefined/i3lock-yubikey
nixos/i3lock: i3lock program with u2fSupport option
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/programs/i3lock.nix | 58 |
2 files changed, 59 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 6ec6c74565cd..d2f40fafc2b6 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -180,6 +180,7 @@ ./programs/hamster.nix ./programs/htop.nix ./programs/iftop.nix + ./programs/i3lock.nix ./programs/iotop.nix ./programs/java.nix ./programs/k3b.nix diff --git a/nixos/modules/programs/i3lock.nix b/nixos/modules/programs/i3lock.nix new file mode 100644 index 000000000000..466ae59c9277 --- /dev/null +++ b/nixos/modules/programs/i3lock.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.programs.i3lock; + +in { + + ###### interface + + options = { + programs.i3lock = { + enable = mkEnableOption (mdDoc "i3lock"); + package = mkOption { + type = types.package; + default = pkgs.i3lock; + defaultText = literalExpression "pkgs.i3lock"; + example = literalExpression '' + pkgs.i3lock-color + ''; + description = mdDoc '' + Specify which package to use for the i3lock program, + The i3lock package must include a i3lock file or link in its out directory in order for the u2fSupport option to work correctly. + ''; + }; + u2fSupport = mkOption { + type = types.bool; + default = false; + example = true; + description = mdDoc '' + Whether to enable U2F support in the i3lock program. + U2F enables authentication using a hardware device, such as a security key. + When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service, + ''; + }; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + + environment.systemPackages = [ cfg.package ]; + + security.wrappers.i3lock = mkIf cfg.u2fSupport { + setuid = true; + owner = "root"; + group = "root"; + source = "${cfg.package.out}/bin/i3lock"; + }; + + security.pam.services.i3lock.u2fAuth = cfg.u2fSupport; + + }; + +} |