nixpkgs/nixos/modules/security/pam_usb.nix

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.security.pam.usb;

  anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);

in

{
  options = {

    security.pam.usb = {
      enable = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Enable USB login for all login systems that support it.  For
          more information, visit <link
          xlink:href="https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users" />.
        '';
      };

    };

  };

  config = mkIf (cfg.enable || anyUsbAuth) {

    # Make sure pmount and pumount are setuid wrapped.
    security.wrappers = {
      pmount.source = "${pkgs.pmount.out}/bin/pmount";
      pumount.source = "${pkgs.pmount.out}/bin/pumount";
    };

    environment.systemPackages = [ pkgs.pmount ];

  };
}
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`{ config, lib, pkgs, ... }:`
* Add support for pam_usb. svn path=/nixos/trunk/; revision=19185 2010-01-03 11:59:08 +00:00
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`with lib;`
* Add support for pam_usb. svn path=/nixos/trunk/; revision=19185 2010-01-03 11:59:08 +00:00
			`let`

			`cfg = config.security.pam.usb;`

Turn security.pam.services into an attribute set That is, you can say security.pam.services.sshd = { options... }; instead of security.pam.services = [ { name = "sshd"; options... } ]; making it easier to override PAM settings from other modules. 2013-10-15 14:47:51 +02:00			`anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);`
* Add support for pam_usb. svn path=/nixos/trunk/; revision=19185 2010-01-03 11:59:08 +00:00
			`in`

			`{`
			`options = {`

			`security.pam.usb = {`
			`enable = mkOption {`
Add lots of missing option types 2013-10-30 17:37:45 +01:00			`type = types.bool;`
* Add support for pam_usb. svn path=/nixos/trunk/; revision=19185 2010-01-03 11:59:08 +00:00			`default = false;`
			`description = ''`
Turn security.pam.services into an attribute set That is, you can say security.pam.services.sshd = { options... }; instead of security.pam.services = [ { name = "sshd"; options... } ]; making it easier to override PAM settings from other modules. 2013-10-15 14:47:51 +02:00			`Enable USB login for all login systems that support it. For`
			`more information, visit <link`
security.pam.usb: link to wiki on github.com pamusb.org no longer serves the intended content. 2017-09-24 20:42:44 +02:00			`xlink:href="https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users" />.`
* Add support for pam_usb. svn path=/nixos/trunk/; revision=19185 2010-01-03 11:59:08 +00:00			`'';`
			`};`

			`};`

			`};`

			`config = mkIf (cfg.enable \|\| anyUsbAuth) {`

everything?: Updating every package that depended on the old setuidPrograms configuration. 2016-07-15 19:10:48 -05:00			`# Make sure pmount and pumount are setuid wrapped.`
More derp 2017-01-29 05:33:56 -06:00			`security.wrappers = {`
			`pmount.source = "${pkgs.pmount.out}/bin/pmount";`
			`pumount.source = "${pkgs.pmount.out}/bin/pumount";`
			`};`
everything?: Updating every package that depended on the old setuidPrograms configuration. 2016-07-15 19:10:48 -05:00
* Add support for pam_usb. svn path=/nixos/trunk/; revision=19185 2010-01-03 11:59:08 +00:00			`environment.systemPackages = [ pkgs.pmount ];`

			`};`
			`}`