modules/security/consolekit.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

{ config, pkgs, ... }:

with pkgs.lib;

let

  # `pam_console' maintains the set of locally logged in users in
  # /var/run/console.  This is obsolete, but D-Bus still uses it for
  # its `at_console' feature.  So maintain it using a ConsoleKit
  # session script.  Borrowed from
  # http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-auth/consolekit/files/pam-foreground-compat.ck
  updateVarRunConsole = pkgs.writeTextFile {
    name = "var-run-console.ck";
    destination = "/etc/ConsoleKit/run-session.d/var-run-console.ck";
    executable = true;

    text =
      ''
        #! ${pkgs.stdenv.shell} -e
        PATH=${pkgs.coreutils}/bin:${pkgs.gnused}/bin:${pkgs.glibc}/bin
        TAGDIR=/var/run/console

        [ -n "$CK_SESSION_USER_UID" ] || exit 1

        TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`"

        if [ "$1" = "session_added" ]; then
            mkdir -p "$TAGDIR"
            echo "$CK_SESSION_ID" >> "$TAGFILE"
        fi

        if [ "$1" = "session_removed" ] && [ -e "$TAGFILE" ]; then
            sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE"
            [ -s "$TAGFILE" ] || rm -f "$TAGFILE"
        fi
      '';
  };

in

{

  config = {

    environment.systemPackages = [ pkgs.consolekit ];

    services.dbus.packages = [ pkgs.consolekit ];

    environment.etc = singleton
      { source = (pkgs.buildEnv {
          name = "consolekit-config";
          pathsToLink = [ "/etc/ConsoleKit" ];
          paths = [ pkgs.consolekit pkgs.udev updateVarRunConsole ];
        }) + "/etc/ConsoleKit";
        target = "ConsoleKit";
      };

  };

}