Merge pull request #315874 from JohnRTitor/gnome-keyring-module

nixos/gnome-keyring: rewrite module and fix unlocking on GDM session login
This commit is contained in:
Thomas Gerbet 2024-06-21 21:07:43 +02:00 committed by GitHub
commit 6d04aa54ba
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1,45 +1,52 @@
# GNOME Keyring daemon.
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.gnome.gnome-keyring;
in
{
meta = {
maintainers = lib.teams.gnome.members;
};
###### interface
options = {
services.gnome.gnome-keyring = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords.
'';
};
enable = lib.mkEnableOption ''
GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords
'';
};
};
###### implementation
config = lib.mkIf config.services.gnome.gnome-keyring.enable {
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.gnome.gnome-keyring ];
services.dbus.packages = [ pkgs.gnome.gnome-keyring pkgs.gcr ];
services.dbus.packages = [
pkgs.gnome.gnome-keyring
pkgs.gcr
];
xdg.portal.extraPortals = [ pkgs.gnome.gnome-keyring ];
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services = lib.mkMerge [
{
login.enableGnomeKeyring = true;
}
(lib.mkIf config.services.xserver.displayManager.gdm.enable {
gdm-password.enableGnomeKeyring = true;
gdm-autologin.enableGnomeKeyring = true;
})
(lib.mkIf (config.services.xserver.displayManager.gdm.enable && config.services.fprintd.enable) {
gdm-fingerprint.enableGnomeKeyring = true;
})
];
security.wrappers.gnome-keyring-daemon = {
owner = "root";
@ -47,7 +54,5 @@
capabilities = "cap_ipc_lock=ep";
source = "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon";
};
};
}