nixos/openrazer: Add a users option

This commit is contained in:
Romanos Skiadas 2021-07-22 16:04:57 +03:00
parent 42c6771744
commit 465c9269dd
3 changed files with 18 additions and 6 deletions

View file

@ -656,8 +656,11 @@
no longer need be granted the entire set of
<literal>plugdev</literal> group permissions, which can
include permissions other than those required by
<literal>openrazer</literal>. This can be desirable from a
security point of view.
<literal>openrazer</literal>. This is desirable from a
security point of view. The setting
<link xlink:href="options.html#opt-services.hardware.openrazer.users"><literal>harware.openrazer.users</literal></link>
can be used to add users to the <literal>openrazer</literal>
group.
</para>
</listitem>
</itemizedlist>

View file

@ -164,7 +164,7 @@ pt-services.clipcat.enable).
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This can be desirable from a security point of view.
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
## Other Notable Changes {#sec-release-21.11-notable-changes}

View file

@ -51,8 +51,6 @@ in
hardware.openrazer = {
enable = mkEnableOption ''
OpenRazer drivers and userspace daemon.
Any users that wish to make use of the daemon need to be
members of the "openrazer" group.
'';
verboseLogging = mkOption {
@ -96,6 +94,15 @@ in
generate a heatmap.
'';
};
users = mkOption {
type = with types; listOf str;
default = [];
description = ''
Usernames to be added to the "openrazer" group, so that they
can start and interact with the OpenRazer userspace daemon.
'';
};
};
};
@ -113,7 +120,9 @@ in
# A user must be a member of the openrazer group in order to start
# the openrazer-daemon. Therefore we make sure that the group
# exists.
users.groups.openrazer = {};
users.groups.openrazer = {
members = cfg.users;
};
systemd.user.services.openrazer-daemon = {
description = "Daemon to manage razer devices in userspace";