summary refs log tree commit diff
path: root/nixos/modules/security/pam_mount.nix
diff options
context:
space:
mode:
authorDavid Reiss <dnr@dnr.im>2020-10-14 17:29:30 -0700
committerDavid Reiss <dnr@dnr.im>2020-10-14 22:55:55 -0700
commit49a749c7299eac1ee1fc401d376db245cb834a73 (patch)
tree40c03d264672c6bb156bed34bf975798739303a9 /nixos/modules/security/pam_mount.nix
parent2a4607f44222a92b8a44e6e1dac715e7eca04239 (diff)
downloadnixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.gz
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.bz2
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.lz
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.xz
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.tar.zst
nixpkgs-49a749c7299eac1ee1fc401d376db245cb834a73.zip
nixos/pam_mount: add pamMount attribute to users
This attribute is a generalized version of cryptHomeLuks for creating an
entry in /etc/security/pam_mount.conf.xml. It lets the configuration
control all the attributes of the <volume> entry, instead of just the
path. The default path remains the value of cryptHomeLuks, for
compatibility.
Diffstat (limited to 'nixos/modules/security/pam_mount.nix')
-rw-r--r--nixos/modules/security/pam_mount.nix12
1 files changed, 10 insertions, 2 deletions
diff --git a/nixos/modules/security/pam_mount.nix b/nixos/modules/security/pam_mount.nix
index 77e22a96b55..89211bfbde4 100644
--- a/nixos/modules/security/pam_mount.nix
+++ b/nixos/modules/security/pam_mount.nix
@@ -39,8 +39,16 @@ in
     environment.etc."security/pam_mount.conf.xml" = {
       source =
         let
-          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
-          userVolumeEntry = user: "<volume user=\"${user.name}\" path=\"${user.cryptHomeLuks}\" mountpoint=\"${user.home}\" />\n";
+          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null || u.pamMount != {}) config.users.users;
+          mkAttr = k: v: ''${k}="${v}"'';
+          userVolumeEntry = user: let
+            attrs = {
+              user = user.name;
+              path = user.cryptHomeLuks;
+              mountpoint = user.home;
+            } // user.pamMount;
+          in
+            "<volume ${concatStringsSep " " (mapAttrsToList mkAttr attrs)} />\n";
         in
          pkgs.writeText "pam_mount.conf.xml" ''
           <?xml version="1.0" encoding="utf-8" ?>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-22 16:13:00 +0000