pyrox.dev / nixpkgs
lol
fork atom

nixos/i3lock: i3lock program with u2fSupport option

i3lock program with option to enable u2fAuth.

dev-null-undefined 1cd6b068 2dea0f4c

+59
+1
nixos/modules/module-list.nix
··· 180 180 ./programs/hamster.nix 181 181 ./programs/htop.nix 182 182 ./programs/iftop.nix 183 + ./programs/i3lock.nix 183 184 ./programs/iotop.nix 184 185 ./programs/java.nix 185 186 ./programs/k40-whisperer.nix
+58
nixos/modules/programs/i3lock.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + 7 + cfg = config.programs.i3lock; 8 + 9 + in { 10 + 11 + ###### interface 12 + 13 + options = { 14 + programs.i3lock = { 15 + enable = mkEnableOption (mdDoc "i3lock"); 16 + package = mkOption { 17 + type = types.package; 18 + default = pkgs.i3lock; 19 + defaultText = literalExpression "pkgs.i3lock"; 20 + example = literalExpression '' 21 + pkgs.i3lock-color 22 + ''; 23 + description = mdDoc '' 24 + Specify which package to use for the i3lock program, 25 + The i3lock package must include a i3lock file or link in its out directory in order for the u2fSupport option to work correctly. 26 + ''; 27 + }; 28 + u2fSupport = mkOption { 29 + type = types.bool; 30 + default = false; 31 + example = true; 32 + description = mdDoc '' 33 + Whether to enable U2F support in the i3lock program. 34 + U2F enables authentication using a hardware device, such as a security key. 35 + When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service, 36 + ''; 37 + }; 38 + }; 39 + }; 40 + 41 + ###### implementation 42 + 43 + config = mkIf cfg.enable { 44 + 45 + environment.systemPackages = [ cfg.package ]; 46 + 47 + security.wrappers.i3lock = mkIf cfg.u2fSupport { 48 + setuid = true; 49 + owner = "root"; 50 + group = "root"; 51 + source = "${cfg.package.out}/bin/i3lock"; 52 + }; 53 + 54 + security.pam.services.i3lock.u2fAuth = cfg.u2fSupport; 55 + 56 + }; 57 + 58 + }