From 49a749c7299eac1ee1fc401d376db245cb834a73 Mon Sep 17 00:00:00 2001 From: David Reiss Date: Wed, 14 Oct 2020 17:29:30 -0700 Subject: [PATCH] nixos/pam_mount: add pamMount attribute to users This attribute is a generalized version of cryptHomeLuks for creating an entry in /etc/security/pam_mount.conf.xml. It lets the configuration control all the attributes of the entry, instead of just the path. The default path remains the value of cryptHomeLuks, for compatibility. --- nixos/modules/config/users-groups.nix | 14 ++++++++++++++ nixos/modules/security/pam_mount.nix | 12 ++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 1bb1317a8e85..5264d5b56fa5 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -139,6 +139,20 @@ let ''; }; + pamMount = mkOption { + type = with types; attrsOf str; + default = {}; + description = '' + Attributes for user's entry in + pam_mount.conf.xml. + Useful attributes might include path, + options, fstype, and server. + See + for more information. + ''; + }; + shell = mkOption { type = types.either types.shellPackage types.path; default = pkgs.shadow; diff --git a/nixos/modules/security/pam_mount.nix b/nixos/modules/security/pam_mount.nix index 77e22a96b553..89211bfbde48 100644 --- a/nixos/modules/security/pam_mount.nix +++ b/nixos/modules/security/pam_mount.nix @@ -39,8 +39,16 @@ in environment.etc."security/pam_mount.conf.xml" = { source = let - extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users; - userVolumeEntry = user: "\n"; + extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null || u.pamMount != {}) config.users.users; + mkAttr = k: v: ''${k}="${v}"''; + userVolumeEntry = user: let + attrs = { + user = user.name; + path = user.cryptHomeLuks; + mountpoint = user.home; + } // user.pamMount; + in + "\n"; in pkgs.writeText "pam_mount.conf.xml" ''