pyrox.dev
lol
nixos/pcscd: Allow configuration of filters (#425047)
authored by
GitHub
7c854b91
f503158c
+41
-1
+41
-1
nixos/modules/services/hardware/pcscd.nix
+41
-1
nixos/modules/services/hardware/pcscd.nix
···
66
66
default = [ ];
67
67
description = "Extra command line arguments to be passed to the PCSC daemon.";
68
68
};
69
+
70
+
ignoreReaderNames = lib.mkOption {
71
+
type = lib.types.listOf (lib.types.strMatching "[^:]+");
72
+
default = [ ];
73
+
description = ''
74
+
List of reader name patterns for the PCSC daemon to ignore.
75
+
76
+
For more precise control, readers can be ignored through udev rules
77
+
(cf. {option}`services.udev.extraRules`) by setting the
78
+
`PCSCLITE_IGNORE` property, for example:
79
+
80
+
```
81
+
ACTION!="remove|unbind", SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ENV{PCSCLITE_IGNORE}="1"
82
+
```
83
+
'';
84
+
example = [
85
+
"Nitrokey"
86
+
"YubiKey"
87
+
];
88
+
};
89
+
90
+
extendReaderNames = lib.mkOption {
91
+
type = lib.types.nullOr lib.types.str;
92
+
default = null;
93
+
description = ''
94
+
String to append to every reader name. The special variable `$HOSTNAME`
95
+
will be expanded to the current host name.
96
+
'';
97
+
example = " $HOSTNAME";
98
+
};
69
99
};
70
100
71
101
config = lib.mkIf config.services.pcscd.enable {
···
79
109
systemd.sockets.pcscd.wantedBy = [ "sockets.target" ];
80
110
81
111
systemd.services.pcscd = {
82
-
environment.PCSCLITE_HP_DROPDIR = pluginEnv;
112
+
environment = {
113
+
PCSCLITE_HP_DROPDIR = pluginEnv;
114
+
115
+
PCSCLITE_FILTER_IGNORE_READER_NAMES = lib.mkIf (cfg.ignoreReaderNames) (
116
+
lib.concatStringsSep ":" cfg.ignoreReaderNames
117
+
);
118
+
119
+
PCSCLITE_FILTER_EXTEND_READER_NAMES = lib.mkIf (
120
+
cfg.extendReaderNames != null
121
+
) cfg.extendReaderNames;
122
+
};
83
123
84
124
# If the cfgFile is empty and not specified (in which case the default
85
125
# /etc/reader.conf is assumed), pcscd will happily start going through the