diff options
| author | Luca Bruno <luca.bruno@immobiliare.it> | 2014-04-02 18:21:00 +0200 |
|---|---|---|
| committer | Luca Bruno <lucabru@src.gnome.org> | 2014-08-12 11:23:42 +0200 |
| commit | 1a29fcae69f4be51411df46477d317a829217659 (patch) | |
| tree | 6778b1c00ad6ca5193c8cf185883c504d122663c /nixos/modules/services/x11/display-managers/gdm.nix | |
| parent | 3962ec068f3bfa4d86576d35db3f2413726b6f9f (diff) | |
| download | nixpkgs-1a29fcae69f4be51411df46477d317a829217659.tar nixpkgs-1a29fcae69f4be51411df46477d317a829217659.tar.gz nixpkgs-1a29fcae69f4be51411df46477d317a829217659.tar.bz2 nixpkgs-1a29fcae69f4be51411df46477d317a829217659.tar.lz nixpkgs-1a29fcae69f4be51411df46477d317a829217659.tar.xz nixpkgs-1a29fcae69f4be51411df46477d317a829217659.tar.zst nixpkgs-1a29fcae69f4be51411df46477d317a829217659.zip | |
gdm: Add very experimental display manager
Diffstat (limited to 'nixos/modules/services/x11/display-managers/gdm.nix')
| -rw-r--r-- | nixos/modules/services/x11/display-managers/gdm.nix | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix new file mode 100644 index 00000000000..9d14fc2e137 --- /dev/null +++ b/nixos/modules/services/x11/display-managers/gdm.nix @@ -0,0 +1,151 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.xserver.displayManager; + gdm = pkgs.gnome3_12.gdm; # gdm 3.10 not supported + gnome3 = config.environment.gnome3.packageSet; + +in + +{ + + ###### interface + + options = { + + services.xserver.displayManager.gdm = { + + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether to enable GDM as the display manager. + <emphasis>GDM is very experimental and may render system unusable.</emphasis> + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.gdm.enable { + + services.xserver.displayManager.slim.enable = false; + + users.extraUsers.gdm = + { name = "gdm"; + uid = config.ids.uids.gdm; + group = "gdm"; + home = "/run/gdm"; + description = "GDM user"; + }; + + users.extraGroups.gdm.gid = config.ids.gids.gdm; + + services.xserver.displayManager.job = + { + environment = { + GDM_X_SERVER = "${cfg.xserverBin} ${cfg.xserverArgs}"; + GDM_SESSIONS_DIR = "${cfg.session.desktops}"; + XDG_CONFIG_DIRS = "${gnome3.gnome_settings_daemon}/etc/xdg"; + }; + execCmd = "exec ${gdm}/sbin/gdm"; + }; + + # Because sd_login_monitor_new requires /run/systemd/machines + systemd.services.display-manager.wants = [ "systemd-machined.service" ]; + systemd.services.display-manager.after = [ "systemd-machined.service" ]; + + systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou ]; + + services.dbus.packages = [ gdm ]; + + programs.dconf.profiles.gdm = "${gdm}/share/dconf/profile/gdm"; + + # GDM LFS PAM modules, adapted somehow to NixOS + security.pam.services = { + gdm-launch-environment.text = '' + auth required pam_succeed_if.so audit quiet_success user = gdm + auth optional pam_permit.so + + account required pam_succeed_if.so audit quiet_success user = gdm + account sufficient pam_unix.so + + password required pam_deny.so + + session required pam_succeed_if.so audit quiet_success user = gdm + session required pam_env.so envfile=${config.system.build.pamEnvironment} + session optional ${pkgs.systemd}/lib/security/pam_systemd.so + session optional pam_keyinit.so force revoke + session optional pam_permit.so + ''; + + gdm.text = '' + auth requisite pam_nologin.so + auth required pam_env.so + + auth required pam_succeed_if.so uid >= 1000 quiet + auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so + auth sufficient pam_unix.so nullok likeauth + auth required pam_deny.so + + account sufficient pam_unix.so + + password requisite pam_unix.so nullok sha512 + + session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_unix.so + session required pam_loginuid.so + session optional ${pkgs.systemd}/lib/security/pam_systemd.so + session optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start + ''; + + gdm-password.text = '' + auth requisite pam_nologin.so + auth required pam_env.so envfile=${config.system.build.pamEnvironment} + + auth required pam_succeed_if.so uid >= 1000 quiet + auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so + auth sufficient pam_unix.so nullok likeauth + auth required pam_deny.so + + account sufficient pam_unix.so + + password requisite pam_unix.so nullok sha512 + + session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_unix.so + session required pam_loginuid.so + session optional ${pkgs.systemd}/lib/security/pam_systemd.so + session optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start + ''; + + gdm-autologin.text = '' + auth requisite pam_nologin.so + + auth required pam_succeed_if.so uid >= 1000 quiet + auth required pam_permit.so + + account sufficient pam_unix.so + + password requisite pam_unix.so nullok sha512 + + session optional pam_keyinit.so revoke + session required pam_env.so envfile=${config.system.build.pamEnvironment} + session required pam_unix.so + session required pam_loginuid.so + session optional ${pkgs.systemd}/lib/security/pam_systemd.so + ''; + + }; + + }; + +} |