nixos/i2c: add module to set up i2c permissions

This is a very simple module that installs a single udev rule. The rule set the ownership of all /dev/i2c-* devices to a group, "i2c" by default but can be changed. The "uaccess" tag also makes systemd add an ACL for users with a seat[1]. Fix issue #91771 [1]: https://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/
2021-02-05 08:52:51 +01:00 · 2021-02-05 08:52:51 +01:00 · afde028672
commit afde028672
parent 64c1248464
2 changed files with 44 additions and 0 deletions
--- a/nixos/modules/hardware/i2c.nix
+++ b/nixos/modules/hardware/i2c.nix
@ -0,0 +1,43 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.hardware.i2c;
+in
+
+{
+  options.hardware.i2c = {
+    enable = mkEnableOption ''
+      i2c devices support. By default access is granted to users in the "i2c"
+      group (will be created if non-existent) and any user with a seat, meaning
+      logged on the computer locally.
+    '';
+
+    group = mkOption {
+      type = types.str;
+      default = "i2c";
+      description = ''
+        Grant access to i2c devices (/dev/i2c-*) to users in this group.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    boot.kernelModules = [ "i2c-dev" ];
+
+    users.groups = mkIf (cfg.group == "i2c") {
+      i2c = { };
+    };
+
+    services.udev.extraRules = ''
+      # allow group ${cfg.group} and users with a seat use of i2c devices
+      ACTION=="add", KERNEL=="i2c-[0-9]*", TAG+="uaccess", GROUP="${cfg.group}", MODE="660"
+    '';
+
+  };
+
+  meta.maintainers = [ maintainers.rnhmjoj ];
+
+}
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -46,6 +46,7 @@
  ./hardware/cpu/intel-microcode.nix
  ./hardware/digitalbitbox.nix
  ./hardware/device-tree.nix
+  ./hardware/i2c.nix
  ./hardware/sensor/hddtemp.nix
  ./hardware/sensor/iio.nix
  ./hardware/keyboard/zsa.nix