nixos/fprintd: add service and pam support

2015-01-03 19:47:38 +03:00 · 2015-01-03 19:47:38 +03:00 · a164a0b4c5
commit a164a0b4c5
parent 006dceba14
3 changed files with 65 additions and 0 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -306,6 +306,7 @@
  ./services/search/solr.nix
  ./services/security/clamav.nix
  ./services/security/fail2ban.nix
+  ./services/security/fprintd.nix
  ./services/security/fprot.nix
  ./services/security/frandom.nix
  ./services/security/haveged.nix
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@ -54,6 +54,15 @@ let
        '';
      };

+      fprintAuth = mkOption {
+        default = config.services.fprintd.enable;
+        type = types.bool;
+        description = ''
+          If set, fingerprint reader will be used (if exists and
+          your fingerprints are enrolled).
+        '';
+      };
+
      sshAgentAuth = mkOption {
        default = false;
        type = types.bool;
@ -179,6 +188,8 @@ let
              "auth required pam_tally.so"}
          ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
              "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
+          ${optionalString cfg.fprintAuth
+              "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
          ${optionalString cfg.usbAuth
              "auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
          ${optionalString cfg.unixAuth
--- a/nixos/modules/services/security/fprintd.nix
+++ b/nixos/modules/services/security/fprintd.nix
@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.services.fprintd;
+
+in
+
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.fprintd = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable fprintd daemon and PAM module for fingerprint readers handling.
+        '';
+      };
+
+    };
+    
+  };
+  
+  
+  ###### implementation
+  
+  config = mkIf cfg.enable {
+
+    services.dbus.packages = [ pkgs.fprintd ];
+
+    environment.systemPackages = [ pkgs.fprintd ];
+
+    systemd.services.fprintd = {
+      description = "Fingerprint Authentication Daemon";
+
+      serviceConfig = {
+        Type = "dbus";
+        BusName = "net.reactivated.Fprint";
+        ExecStart = "${pkgs.fprintd}/libexec/fprintd";
+      };
+    };
+
+  };
+  
+}