nixos/pam_mount: add pamMount attribute to users
This attribute is a generalized version of cryptHomeLuks for creating an entry in /etc/security/pam_mount.conf.xml. It lets the configuration control all the attributes of the <volume> entry, instead of just the path. The default path remains the value of cryptHomeLuks, for compatibility.
This commit is contained in:
parent
2a4607f442
commit
49a749c729
2 changed files with 24 additions and 2 deletions
|
@ -139,6 +139,20 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
pamMount = mkOption {
|
||||
type = with types; attrsOf str;
|
||||
default = {};
|
||||
description = ''
|
||||
Attributes for user's entry in
|
||||
<filename>pam_mount.conf.xml</filename>.
|
||||
Useful attributes might include <code>path</code>,
|
||||
<code>options</code>, <code>fstype</code>, and <code>server</code>.
|
||||
See <link
|
||||
xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />
|
||||
for more information.
|
||||
'';
|
||||
};
|
||||
|
||||
shell = mkOption {
|
||||
type = types.either types.shellPackage types.path;
|
||||
default = pkgs.shadow;
|
||||
|
|
|
@ -39,8 +39,16 @@ in
|
|||
environment.etc."security/pam_mount.conf.xml" = {
|
||||
source =
|
||||
let
|
||||
extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
|
||||
userVolumeEntry = user: "<volume user=\"${user.name}\" path=\"${user.cryptHomeLuks}\" mountpoint=\"${user.home}\" />\n";
|
||||
extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null || u.pamMount != {}) config.users.users;
|
||||
mkAttr = k: v: ''${k}="${v}"'';
|
||||
userVolumeEntry = user: let
|
||||
attrs = {
|
||||
user = user.name;
|
||||
path = user.cryptHomeLuks;
|
||||
mountpoint = user.home;
|
||||
} // user.pamMount;
|
||||
in
|
||||
"<volume ${concatStringsSep " " (mapAttrsToList mkAttr attrs)} />\n";
|
||||
in
|
||||
pkgs.writeText "pam_mount.conf.xml" ''
|
||||
<?xml version="1.0" encoding="utf-8" ?>
|
||||
|
|
Loading…
Reference in a new issue