7c34c28cfa
Adds programs.mosh.withUtempter (default: true). The option enables -with-utempter for mosh, allowing it to write to /var/run/utmp and thus making connected sessions appear in the output of `who -a`. For that, a guid-wrapper is required. Also, the path to the `utempter` was hardcoded in the resulting binary until now (so it could never been found), thus, libutempter was patched accordingly to point to /run/wrappers/bin/utempter which at least works when the wrapper is configured.
44 lines
1.1 KiB
Nix
44 lines
1.1 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.programs.mosh;
|
|
|
|
in
|
|
{
|
|
options.programs.mosh = {
|
|
enable = mkOption {
|
|
description = ''
|
|
Whether to enable mosh. Note, this will open ports in your firewall!
|
|
'';
|
|
default = false;
|
|
type = lib.types.bool;
|
|
};
|
|
withUtempter = mkOption {
|
|
description = ''
|
|
Whether to enable libutempter for mosh.
|
|
This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions).
|
|
Note, this will add a guid wrapper for the group utmp!
|
|
'';
|
|
default = true;
|
|
type = lib.types.bool;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = with pkgs; [ mosh ];
|
|
networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
|
|
security.wrappers = mkIf cfg.withUtempter {
|
|
utempter = {
|
|
source = "${pkgs.libutempter}/lib/utempter/utempter";
|
|
owner = "nobody";
|
|
group = "utmp";
|
|
setuid = false;
|
|
setgid = true;
|
|
};
|
|
};
|
|
};
|
|
}
|