nixos/bitlbee: option to use pam

2018-09-22 10:27:49 +01:00 · 2018-09-22 10:27:49 +01:00 · d334c1c1d0
commit d334c1c1d0
parent 14cc9a2f0f
2 changed files with 40 additions and 18 deletions
--- a/nixos/modules/services/networking/bitlbee.nix
+++ b/nixos/modules/services/networking/bitlbee.nix
@ -7,9 +7,10 @@ let
  cfg = config.services.bitlbee;
  bitlbeeUid = config.ids.uids.bitlbee;

-  bitlbeePkg = if cfg.libpurple_plugins == []
-  then pkgs.bitlbee
-  else pkgs.bitlbee.override { enableLibPurple = true; };
+  bitlbeePkg = pkgs.bitlbee.override {
+    enableLibPurple = cfg.libpurple_plugins != [];
+    enablePam = cfg.authBackend == "pam";
+  };

  bitlbeeConfig = pkgs.writeText "bitlbee.conf"
    ''
@ -20,6 +21,7 @@ let
    DaemonInterface = ${cfg.interface}
    DaemonPort = ${toString cfg.portNumber}
    AuthMode = ${cfg.authMode}
+    AuthBackend = ${cfg.authBackend}
    Plugindir = ${pkgs.bitlbee-plugins cfg.plugins}/lib/bitlbee
    ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"}
    ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"}
@ -70,6 +72,16 @@ in
        '';
      };

+      authBackend = mkOption {
+        default = "storage";
+        type = types.enum [ "storage" "pam" ];
+        description = ''
+          How users are authenticated
+            storage -- save passwords internally
+            pam -- Linux PAM authentication
+        '';
+      };
+
      authMode = mkOption {
        default = "Open";
        type = types.enum [ "Open" "Closed" "Registered" ];
@ -147,23 +159,22 @@ in

  ###### implementation

-  config = mkIf config.services.bitlbee.enable {
-
-    users.users = singleton
-      { name = "bitlbee";
+  config =  mkMerge [
+    (mkIf config.services.bitlbee.enable {
+      users.users = singleton {
+        name = "bitlbee";
        uid = bitlbeeUid;
        description = "BitlBee user";
        home = "/var/lib/bitlbee";
        createHome = true;
      };

-    users.groups = singleton
-      { name = "bitlbee";
+      users.groups = singleton {
+        name = "bitlbee";
        gid = config.ids.gids.bitlbee;
      };

-    systemd.services.bitlbee =
-      {
+      systemd.services.bitlbee = {
        environment.PURPLE_PLUGIN_PATH = purple_plugin_path;
        description = "BitlBee IRC to other chat networks gateway";
        after = [ "network.target" ];
@ -172,8 +183,12 @@ in
        serviceConfig.ExecStart = "${bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}";
      };

-    environment.systemPackages = [ bitlbeePkg ];
+      environment.systemPackages = [ bitlbeePkg ];

-  };
+    })
+    (mkIf (config.services.bitlbee.authBackend == "pam") {
+      security.pam.services.bitlbee = {};
+    })
+  ];

 }
--- a/pkgs/applications/networking/instant-messengers/bitlbee/default.nix
+++ b/pkgs/applications/networking/instant-messengers/bitlbee/default.nix
@ -1,5 +1,7 @@
-{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python,
-enableLibPurple ? false, pidgin ? null }:
+{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python
+, enableLibPurple ? false, pidgin ? null
+, enablePam ? false, pam ? null
+}:

 with stdenv.lib;
 stdenv.mkDerivation rec {
@ -13,18 +15,23 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [ pkgconfig ] ++ optional doCheck check;

  buildInputs = [ gnutls glib libotr python ]
-    ++ optional enableLibPurple pidgin;
+    ++ optional enableLibPurple pidgin
+    ++ optional enablePam pam;

  configureFlags = [
    "--otr=1"
    "--ssl=gnutls"
    "--pidfile=/var/lib/bitlbee/bitlbee.pid"
-  ]
-  ++ optional enableLibPurple "--purple=1";
+  ] ++ optional enableLibPurple "--purple=1"
+    ++ optional enablePam "--pam=1";

  installTargets = [ "install" "install-dev" ];

  doCheck = !enableLibPurple; # Checks fail with libpurple for some reason
+  checkPhase = ''
+    # check flags set VERBOSE=y which breaks the build due overriding a command
+    make check
+  '';

  enableParallelBuilding = true;