nixos/pam_mount: add pamMount attribute to users

This attribute is a generalized version of cryptHomeLuks for creating an
entry in /etc/security/pam_mount.conf.xml. It lets the configuration
control all the attributes of the <volume> entry, instead of just the
path. The default path remains the value of cryptHomeLuks, for
compatibility.
This commit is contained in:
David Reiss 2020-10-14 17:29:30 -07:00
parent 2a4607f442
commit 49a749c729
2 changed files with 24 additions and 2 deletions

View file

@ -139,6 +139,20 @@ let
'';
};
pamMount = mkOption {
type = with types; attrsOf str;
default = {};
description = ''
Attributes for user's entry in
<filename>pam_mount.conf.xml</filename>.
Useful attributes might include <code>path</code>,
<code>options</code>, <code>fstype</code>, and <code>server</code>.
See <link
xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />
for more information.
'';
};
shell = mkOption {
type = types.either types.shellPackage types.path;
default = pkgs.shadow;

View file

@ -39,8 +39,16 @@ in
environment.etc."security/pam_mount.conf.xml" = {
source =
let
extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
userVolumeEntry = user: "<volume user=\"${user.name}\" path=\"${user.cryptHomeLuks}\" mountpoint=\"${user.home}\" />\n";
extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null || u.pamMount != {}) config.users.users;
mkAttr = k: v: ''${k}="${v}"'';
userVolumeEntry = user: let
attrs = {
user = user.name;
path = user.cryptHomeLuks;
mountpoint = user.home;
} // user.pamMount;
in
"<volume ${concatStringsSep " " (mapAttrsToList mkAttr attrs)} />\n";
in
pkgs.writeText "pam_mount.conf.xml" ''
<?xml version="1.0" encoding="utf-8" ?>