summary refs log tree commit diff
diff options
context:
space:
mode:
authorEduard Bachmakov <eduarrrd@users.noreply.github.com>2023-02-21 22:48:03 +0100
committerEduard Bachmakov <eduarrrd@users.noreply.github.com>2023-02-21 22:48:09 +0100
commit45a6488f9c18c57e05c248a3cd5722be114e9952 (patch)
treee2273410df4fd00094f37210c660f56fb3818909
parent2ca5a88f8e7396b022ae7345f6a2592cb0301187 (diff)
downloadnixpkgs-45a6488f9c18c57e05c248a3cd5722be114e9952.tar
nixpkgs-45a6488f9c18c57e05c248a3cd5722be114e9952.tar.gz
nixpkgs-45a6488f9c18c57e05c248a3cd5722be114e9952.tar.bz2
nixpkgs-45a6488f9c18c57e05c248a3cd5722be114e9952.tar.lz
nixpkgs-45a6488f9c18c57e05c248a3cd5722be114e9952.tar.xz
nixpkgs-45a6488f9c18c57e05c248a3cd5722be114e9952.tar.zst
nixpkgs-45a6488f9c18c57e05c248a3cd5722be114e9952.zip
nixos/sddm + nixos/plasma5: switch PAM service to `login`.
GDM and LightDM are already using this approach. It also allows us to
enable Kwallet integration more globally without generating stray PAM
services.

The default configuration of login service includes both options sddm
was setting explicitly.
Diffstat
-rw-r--r--nixos/modules/services/x11/desktop-managers/plasma5.nix2
-rw-r--r--nixos/modules/services/x11/display-managers/sddm.nix10
2 files changed, 7 insertions, 5 deletions
diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix
index 9a26681d1f9..73322696aea 100644
--- a/nixos/modules/services/x11/desktop-managers/plasma5.nix
+++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix
@@ -379,7 +379,7 @@ in
 
       security.pam.services.kde = { allowNullPassword = true; };
 
-      security.pam.services.sddm.enableKwallet = true;
+      security.pam.services.login.enableKwallet = true;
 
       systemd.user.services = {
         plasma-early-setup = mkIf cfg.runUsingSystemd {
diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix
index a3f03d7a19a..0ddeac0f109 100644
--- a/nixos/modules/services/x11/display-managers/sddm.nix
+++ b/nixos/modules/services/x11/display-managers/sddm.nix
@@ -215,10 +215,12 @@ in
     };
 
     security.pam.services = {
-      sddm = {
-        allowNullPassword = true;
-        startSession = true;
-      };
+      sddm.text = ''
+        auth      substack      login
+        account   include       login
+        password  substack      login
+        session   include       login
+      '';
 
       sddm-greeter.text = ''
         auth     required       pam_succeed_if.so audit quiet_success user = sddm
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-07 19:49:50 +0000