From 99a8c45bdde5c59f5a7a7b7d57813f20fbb70a92 Mon Sep 17 00:00:00 2001
From: Nadrieril <nadrieril@gmail.com>
Date: Fri, 19 Jan 2018 23:56:44 +0000
Subject: nixos/ckb: Add option to restrict access to the devices to a
 particular group

fixes #34064
---
 nixos/modules/hardware/ckb-next.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'nixos/modules/hardware/ckb-next.nix')

diff --git a/nixos/modules/hardware/ckb-next.nix b/nixos/modules/hardware/ckb-next.nix
index a275fb8fd60..20b2756d8b2 100644
--- a/nixos/modules/hardware/ckb-next.nix
+++ b/nixos/modules/hardware/ckb-next.nix
@@ -10,6 +10,15 @@ in
     options.hardware.ckb-next = {
       enable = mkEnableOption "the Corsair keyboard/mouse driver";
 
+      gid = mkOption {
+        type = types.nullOr types.int;
+        default = null;
+        example = 100;
+        description = ''
+          Limit access to the ckb daemon to a particular group.
+        '';
+      };
+
       package = mkOption {
         type = types.package;
         default = pkgs.ckb-next;
@@ -26,8 +35,8 @@ in
       systemd.services.ckb-next = {
         description = "Corsair Keyboards and Mice Daemon";
         wantedBy = ["multi-user.target"];
-        script = "exec ${cfg.package}/bin/ckb-next-daemon";
         serviceConfig = {
+          ExecStart = "${cfg.package}/bin/ckb-next-daemon ${optionalString (cfg.gid != null) "--gid=${builtins.toString cfg.gid}"}";
           Restart = "on-failure";
           StandardOutput = "syslog";
         };
-- 
cgit 1.4.1