diff options
| author | Alyssa Ross <hi@alyssa.is> | 2019-04-22 21:15:06 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2019-04-22 21:18:23 +0000 |
| commit | b935ae5f3cfb2bb4f9a3746d284f156a6dece505 (patch) | |
| tree | 5efe4e2e7a7723a737d0130a333b057c5e76df40 /nixpkgs/nixos/modules/services/x11/display-managers | |
| parent | dc9566e91c9453378c24e98b5737234364670df5 (diff) | |
| parent | d26027792812fbfad4d0f451b5f47fdabf7fdeb9 (diff) | |
| download | nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.gz nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.bz2 nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.lz nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.xz nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.tar.zst nixlib-b935ae5f3cfb2bb4f9a3746d284f156a6dece505.zip | |
Merge commit 'd26027792812fbfad4d0f451b5f47fdabf7fdeb9'
Diffstat (limited to 'nixpkgs/nixos/modules/services/x11/display-managers')
3 files changed, 20 insertions, 64 deletions
diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix index 226fee7491c1..3edf7c8d9cab 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix @@ -208,76 +208,25 @@ in session optional pam_permit.so ''; - gdm.text = '' - auth requisite pam_nologin.so - auth required pam_env.so envfile=${config.system.build.pamEnvironment} - - auth required pam_succeed_if.so uid >= 1000 quiet - auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so - auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth - ${optionalString config.security.pam.enableEcryptfs - "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} - - ${optionalString (! config.security.pam.enableEcryptfs) - "auth required pam_deny.so"} - - account sufficient pam_unix.so - - password requisite pam_unix.so nullok sha512 - ${optionalString config.security.pam.enableEcryptfs - "password optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - - session required pam_env.so envfile=${config.system.build.pamEnvironment} - session required pam_unix.so - ${optionalString config.security.pam.enableEcryptfs - "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - session required pam_loginuid.so - session optional ${pkgs.systemd}/lib/security/pam_systemd.so - session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start - ''; - gdm-password.text = '' - auth requisite pam_nologin.so - auth required pam_env.so envfile=${config.system.build.pamEnvironment} - - auth required pam_succeed_if.so uid >= 1000 quiet - auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so - auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth - ${optionalString config.security.pam.enableEcryptfs - "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} - ${optionalString (! config.security.pam.enableEcryptfs) - "auth required pam_deny.so"} - - account sufficient pam_unix.so - - password requisite pam_unix.so nullok sha512 - ${optionalString config.security.pam.enableEcryptfs - "password optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - - session required pam_env.so envfile=${config.system.build.pamEnvironment} - session required pam_unix.so - ${optionalString config.security.pam.enableEcryptfs - "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - session required pam_loginuid.so - session optional ${pkgs.systemd}/lib/security/pam_systemd.so - session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start + auth substack login + account include login + password substack login + session include login ''; gdm-autologin.text = '' - auth requisite pam_nologin.so + auth requisite pam_nologin.so - auth required pam_succeed_if.so uid >= 1000 quiet - auth required pam_permit.so + auth required pam_succeed_if.so uid >= 1000 quiet + auth required pam_permit.so - account sufficient pam_unix.so + account sufficient pam_unix.so - password requisite pam_unix.so nullok sha512 + password requisite pam_unix.so nullok sha512 - session optional pam_keyinit.so revoke - session required pam_env.so envfile=${config.system.build.pamEnvironment} - session required pam_unix.so - session required pam_loginuid.so - session optional ${pkgs.systemd}/lib/security/pam_systemd.so + session optional pam_keyinit.so revoke + session include login ''; }; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix index 05011b999f2b..bfba174144a1 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix @@ -33,6 +33,13 @@ in config = mkIf (ldmcfg.enable && cfg.enable) { + warnings = [ + '' + The Pantheon greeter is suboptimal in NixOS and can possibly put you in + a situation where you cannot start a session when switching desktopManagers. + '' + ]; + services.xserver.displayManager.lightdm.greeters.gtk.enable = false; services.xserver.displayManager.lightdm.greeter = mkDefault { diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix b/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix index a4b57cfdab64..40a1680da537 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix @@ -221,7 +221,7 @@ in services.xserver.displayManager.job.execCmd = '' ${optionalString (cfg.pulseaudio) - "export PULSE_COOKIE=/var/run/pulse/.config/pulse/cookie"} + "export PULSE_COOKIE=/run/pulse/.config/pulse/cookie"} exec ${pkgs.xpra}/bin/xpra start \ --daemon=off \ --log-dir=/var/log \ @@ -233,7 +233,7 @@ in --mdns=no \ --pulseaudio=no \ ${optionalString (cfg.pulseaudio) "--sound-source=pulse"} \ - --socket-dirs=/var/run/xpra \ + --socket-dirs=/run/xpra \ --xvfb="xpra_Xdummy ${concatStringsSep " " dmcfg.xserverArgs}" \ ${optionalString (cfg.bindTcp != null) "--bind-tcp=${cfg.bindTcp}"} \ --auth=${cfg.auth} \ |