summary refs log tree commit diff
diff options
context:
space:
mode:
authorDavid Reiss <dnr@dnr.im>2020-10-14 17:29:30 -0700
committerDavid Reiss <dnr@dnr.im>2020-10-14 22:55:55 -0700
commit49a749c7299eac1ee1fc401d376db245cb834a73 (patch)
tree40c03d264672c6bb156bed34bf975798739303a9
parent2a4607f44222a92b8a44e6e1dac715e7eca04239 (diff)
downloadnixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.gz
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.bz2
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.lz
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.xz
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.zst
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.zip
nixos/pam_mount: add pamMount attribute to users
This attribute is a generalized version of cryptHomeLuks for creating an
entry in /etc/security/pam_mount.conf.xml. It lets the configuration
control all the attributes of the <volume> entry, instead of just the
path. The default path remains the value of cryptHomeLuks, for
compatibility.
Diffstat
-rw-r--r--nixos/modules/config/users-groups.nix14
-rw-r--r--nixos/modules/security/pam_mount.nix12
2 files changed, 24 insertions, 2 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index 1bb1317a8e8..5264d5b56fa 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -139,6 +139,20 @@ let
         '';
       };
 
+      pamMount = mkOption {
+        type = with types; attrsOf str;
+        default = {};
+        description = ''
+          Attributes for user's entry in
+          <filename>pam_mount.conf.xml</filename>.
+          Useful attributes might include <code>path</code>,
+          <code>options</code>, <code>fstype</code>, and <code>server</code>.
+          See <link
+          xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />
+          for more information.
+        '';
+      };
+
       shell = mkOption {
         type = types.either types.shellPackage types.path;
         default = pkgs.shadow;
diff --git a/nixos/modules/security/pam_mount.nix b/nixos/modules/security/pam_mount.nix
index 77e22a96b55..89211bfbde4 100644
--- a/nixos/modules/security/pam_mount.nix
+++ b/nixos/modules/security/pam_mount.nix
@@ -39,8 +39,16 @@ in
     environment.etc."security/pam_mount.conf.xml" = {
       source =
         let
-          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
-          userVolumeEntry = user: "<volume user=\"${user.name}\" path=\"${user.cryptHomeLuks}\" mountpoint=\"${user.home}\" />\n";
+          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null || u.pamMount != {}) config.users.users;
+          mkAttr = k: v: ''${k}="${v}"'';
+          userVolumeEntry = user: let
+            attrs = {
+              user = user.name;
+              path = user.cryptHomeLuks;
+              mountpoint = user.home;
+            } // user.pamMount;
+          in
+            "<volume ${concatStringsSep " " (mapAttrsToList mkAttr attrs)} />\n";
         in
          pkgs.writeText "pam_mount.conf.xml" ''
           <?xml version="1.0" encoding="utf-8" ?>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-19 12:47:12 +0000