2014-04-14 16:26:48 +02:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
2013-03-25 19:26:07 +01:00
|
|
|
|
|
2014-04-14 16:26:48 +02:00
|
|
|
|
with lib;
|
2013-03-25 19:26:07 +01:00
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
|
2016-07-17 18:51:55 +02:00
|
|
|
|
xcfg = config.services.xserver;
|
|
|
|
|
dmcfg = xcfg.displayManager;
|
2019-08-13 23:52:01 +02:00
|
|
|
|
xEnv = config.systemd.services.display-manager.environment;
|
2013-03-25 19:26:07 +01:00
|
|
|
|
cfg = dmcfg.lightdm;
|
2019-12-10 15:10:30 +01:00
|
|
|
|
sessionData = dmcfg.sessionData;
|
2013-03-25 19:26:07 +01:00
|
|
|
|
|
2019-12-10 15:10:30 +01:00
|
|
|
|
setSessionScript = pkgs.callPackage ./account-service-util.nix { };
|
2018-03-04 18:29:08 +01:00
|
|
|
|
|
2018-07-20 21:36:12 +02:00
|
|
|
|
inherit (pkgs) lightdm writeScript writeText;
|
2013-03-25 19:26:07 +01:00
|
|
|
|
|
2018-08-16 14:50:41 +02:00
|
|
|
|
# lightdm runs with clearenv(), but we need a few things in the environment for X to startup
|
2013-03-25 19:26:07 +01:00
|
|
|
|
xserverWrapper = writeScript "xserver-wrapper"
|
|
|
|
|
''
|
2015-11-29 01:18:59 +01:00
|
|
|
|
#! ${pkgs.bash}/bin/bash
|
2013-09-09 10:22:08 +02:00
|
|
|
|
${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)}
|
2015-11-29 01:18:59 +01:00
|
|
|
|
|
|
|
|
|
display=$(echo "$@" | xargs -n 1 | grep -P ^:\\d\$ | head -n 1 | sed s/^://)
|
|
|
|
|
if [ -z "$display" ]
|
|
|
|
|
then additionalArgs=":0 -logfile /var/log/X.0.log"
|
|
|
|
|
else additionalArgs="-logfile /var/log/X.$display.log"
|
|
|
|
|
fi
|
|
|
|
|
|
2016-12-04 14:48:47 +01:00
|
|
|
|
exec ${dmcfg.xserverBin} ${toString dmcfg.xserverArgs} $additionalArgs "$@"
|
2013-03-25 19:26:07 +01:00
|
|
|
|
'';
|
|
|
|
|
|
2015-03-10 02:04:40 +01:00
|
|
|
|
usersConf = writeText "users.conf"
|
|
|
|
|
''
|
|
|
|
|
[UserList]
|
|
|
|
|
minimum-uid=500
|
2015-03-10 22:35:49 +01:00
|
|
|
|
hidden-users=${concatStringsSep " " dmcfg.hiddenUsers}
|
2015-04-01 22:57:06 +02:00
|
|
|
|
hidden-shells=/run/current-system/sw/bin/nologin
|
2015-03-10 02:04:40 +01:00
|
|
|
|
'';
|
|
|
|
|
|
2013-03-25 19:26:07 +01:00
|
|
|
|
lightdmConf = writeText "lightdm.conf"
|
|
|
|
|
''
|
2013-04-22 21:31:29 +02:00
|
|
|
|
[LightDM]
|
2016-07-17 18:51:55 +02:00
|
|
|
|
${optionalString cfg.greeter.enable ''
|
2018-06-30 01:58:35 +02:00
|
|
|
|
greeter-user = ${config.users.users.lightdm.name}
|
2016-07-17 18:51:55 +02:00
|
|
|
|
greeters-directory = ${cfg.greeter.package}
|
|
|
|
|
''}
|
2019-12-10 15:10:30 +01:00
|
|
|
|
sessions-directory = ${dmcfg.sessionData.desktops}/share/xsessions:${dmcfg.sessionData.desktops}/share/wayland-sessions
|
2018-10-02 00:35:32 +02:00
|
|
|
|
${cfg.extraConfig}
|
2013-03-25 19:26:07 +01:00
|
|
|
|
|
2015-05-21 00:12:55 +02:00
|
|
|
|
[Seat:*]
|
2013-04-22 21:31:29 +02:00
|
|
|
|
xserver-command = ${xserverWrapper}
|
2019-12-10 15:10:30 +01:00
|
|
|
|
session-wrapper = ${dmcfg.sessionData.wrapper}
|
2016-07-17 18:51:55 +02:00
|
|
|
|
${optionalString cfg.greeter.enable ''
|
|
|
|
|
greeter-session = ${cfg.greeter.name}
|
|
|
|
|
''}
|
2020-04-12 12:43:50 +02:00
|
|
|
|
${optionalString dmcfg.autoLogin.enable ''
|
|
|
|
|
autologin-user = ${dmcfg.autoLogin.user}
|
2016-07-17 18:51:55 +02:00
|
|
|
|
autologin-user-timeout = ${toString cfg.autoLogin.timeout}
|
2019-12-10 15:10:30 +01:00
|
|
|
|
autologin-session = ${sessionData.autologinSession}
|
2018-03-04 18:29:08 +01:00
|
|
|
|
''}
|
2018-06-30 09:33:45 +02:00
|
|
|
|
${optionalString (dmcfg.setupCommands != "") ''
|
|
|
|
|
display-setup-script=${pkgs.writeScript "lightdm-display-setup" ''
|
|
|
|
|
#!${pkgs.bash}/bin/bash
|
|
|
|
|
${dmcfg.setupCommands}
|
|
|
|
|
''}
|
|
|
|
|
''}
|
2015-04-18 21:14:10 +02:00
|
|
|
|
${cfg.extraSeatDefaults}
|
2013-03-25 19:26:07 +01:00
|
|
|
|
'';
|
2016-07-17 18:51:55 +02:00
|
|
|
|
|
2013-03-25 19:26:07 +01:00
|
|
|
|
in
|
|
|
|
|
{
|
2021-08-02 02:46:24 +02:00
|
|
|
|
meta = with lib; {
|
|
|
|
|
maintainers = with maintainers; [ ] ++ teams.pantheon.members;
|
2020-04-02 02:16:24 +02:00
|
|
|
|
};
|
|
|
|
|
|
2015-11-28 10:55:46 +01:00
|
|
|
|
# Note: the order in which lightdm greeter modules are imported
|
|
|
|
|
# here determines the default: later modules (if enable) are
|
|
|
|
|
# preferred.
|
|
|
|
|
imports = [
|
|
|
|
|
./lightdm-greeters/gtk.nix
|
2018-04-19 05:45:06 +02:00
|
|
|
|
./lightdm-greeters/mini.nix
|
2018-08-12 04:13:14 +02:00
|
|
|
|
./lightdm-greeters/enso-os.nix
|
2018-08-20 22:31:18 +02:00
|
|
|
|
./lightdm-greeters/pantheon.nix
|
2020-02-23 14:27:49 +01:00
|
|
|
|
./lightdm-greeters/tiny.nix
|
2020-04-12 12:43:50 +02:00
|
|
|
|
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "lightdm" "autoLogin" "enable" ] [
|
|
|
|
|
"services"
|
|
|
|
|
"xserver"
|
|
|
|
|
"displayManager"
|
|
|
|
|
"autoLogin"
|
|
|
|
|
"enable"
|
|
|
|
|
])
|
|
|
|
|
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "lightdm" "autoLogin" "user" ] [
|
|
|
|
|
"services"
|
|
|
|
|
"xserver"
|
|
|
|
|
"displayManager"
|
|
|
|
|
"autoLogin"
|
|
|
|
|
"user"
|
|
|
|
|
])
|
2015-11-28 10:55:46 +01:00
|
|
|
|
];
|
|
|
|
|
|
2013-03-25 19:26:07 +01:00
|
|
|
|
options = {
|
2015-11-28 10:55:46 +01:00
|
|
|
|
|
2013-03-25 19:26:07 +01:00
|
|
|
|
services.xserver.displayManager.lightdm = {
|
2015-03-10 22:55:54 +01:00
|
|
|
|
|
2013-03-25 19:26:07 +01:00
|
|
|
|
enable = mkOption {
|
2015-11-28 10:55:46 +01:00
|
|
|
|
type = types.bool;
|
2013-03-25 19:26:07 +01:00
|
|
|
|
default = false;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to enable lightdm as the display manager.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-11-28 10:55:46 +01:00
|
|
|
|
greeter = {
|
2016-07-17 18:51:55 +02:00
|
|
|
|
enable = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = true;
|
|
|
|
|
description = ''
|
|
|
|
|
If set to false, run lightdm in greeterless mode. This only works if autologin
|
|
|
|
|
is enabled and autoLogin.timeout is zero.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2015-11-28 10:55:46 +01:00
|
|
|
|
package = mkOption {
|
2016-01-17 19:34:55 +01:00
|
|
|
|
type = types.package;
|
2015-11-28 10:55:46 +01:00
|
|
|
|
description = ''
|
|
|
|
|
The LightDM greeter to login via. The package should be a directory
|
|
|
|
|
containing a .desktop file matching the name in the 'name' option.
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
name = mkOption {
|
2019-08-08 22:48:27 +02:00
|
|
|
|
type = types.str;
|
2015-11-28 10:55:46 +01:00
|
|
|
|
description = ''
|
|
|
|
|
The name of a .desktop file in the directory specified
|
|
|
|
|
in the 'package' option.
|
|
|
|
|
'';
|
2013-03-25 19:26:07 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
2015-03-10 02:04:40 +01:00
|
|
|
|
|
2018-10-02 00:35:32 +02:00
|
|
|
|
extraConfig = mkOption {
|
|
|
|
|
type = types.lines;
|
|
|
|
|
default = "";
|
|
|
|
|
example = ''
|
|
|
|
|
user-authority-in-system-dir = true
|
|
|
|
|
'';
|
|
|
|
|
description = "Extra lines to append to LightDM section.";
|
|
|
|
|
};
|
|
|
|
|
|
2015-03-10 23:57:46 +01:00
|
|
|
|
background = mkOption {
|
2021-09-18 00:52:30 +02:00
|
|
|
|
type = types.either types.path (types.strMatching "^#[0-9]\{6\}$");
|
2020-04-28 04:35:31 +02:00
|
|
|
|
# Manual cannot depend on packages, we are actually setting the default in config below.
|
2021-10-03 18:06:03 +02:00
|
|
|
|
defaultText = literalExpression "pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath";
|
2015-03-10 23:57:46 +01:00
|
|
|
|
description = ''
|
|
|
|
|
The background image or color to use.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2015-04-18 21:14:10 +02:00
|
|
|
|
extraSeatDefaults = mkOption {
|
|
|
|
|
type = types.lines;
|
|
|
|
|
default = "";
|
|
|
|
|
example = ''
|
|
|
|
|
greeter-show-manual-login=true
|
|
|
|
|
'';
|
|
|
|
|
description = "Extra lines to append to SeatDefaults section.";
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-12 12:43:50 +02:00
|
|
|
|
# Configuration for automatic login specific to LightDM
|
|
|
|
|
autoLogin.timeout = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 0;
|
2016-07-17 18:51:55 +02:00
|
|
|
|
description = ''
|
2020-04-12 12:43:50 +02:00
|
|
|
|
Show the greeter for this many seconds before automatic login occurs.
|
2016-07-17 18:51:55 +02:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2013-03-25 19:26:07 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2016-07-17 18:51:55 +02:00
|
|
|
|
|
|
|
|
|
assertions = [
|
2019-05-02 18:19:59 +02:00
|
|
|
|
{ assertion = xcfg.enable;
|
|
|
|
|
message = ''
|
|
|
|
|
LightDM requires services.xserver.enable to be true
|
|
|
|
|
'';
|
|
|
|
|
}
|
2020-04-12 12:43:50 +02:00
|
|
|
|
{ assertion = dmcfg.autoLogin.enable -> sessionData.autologinSession != null;
|
2016-07-17 18:51:55 +02:00
|
|
|
|
message = ''
|
2019-12-10 15:10:30 +01:00
|
|
|
|
LightDM auto-login requires that services.xserver.displayManager.defaultSession is set.
|
2016-07-17 18:51:55 +02:00
|
|
|
|
'';
|
|
|
|
|
}
|
2020-04-12 12:43:50 +02:00
|
|
|
|
{ assertion = !cfg.greeter.enable -> (dmcfg.autoLogin.enable && cfg.autoLogin.timeout == 0);
|
2016-07-17 18:51:55 +02:00
|
|
|
|
message = ''
|
|
|
|
|
LightDM can only run without greeter if automatic login is enabled and the timeout for it
|
|
|
|
|
is set to zero.
|
|
|
|
|
'';
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
2020-04-28 04:35:31 +02:00
|
|
|
|
# Keep in sync with the defaultText value from the option definition.
|
|
|
|
|
services.xserver.displayManager.lightdm.background = mkDefault pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath;
|
|
|
|
|
|
2019-12-10 15:10:30 +01:00
|
|
|
|
# Set default session in session chooser to a specified values – basically ignore session history.
|
|
|
|
|
# Auto-login is already covered by a config value.
|
2020-04-12 12:43:50 +02:00
|
|
|
|
services.xserver.displayManager.job.preStart = optionalString (!dmcfg.autoLogin.enable && dmcfg.defaultSession != null) ''
|
2019-12-10 15:10:30 +01:00
|
|
|
|
${setSessionScript}/bin/set-session ${dmcfg.defaultSession}
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
# setSessionScript needs session-files in XDG_DATA_DIRS
|
|
|
|
|
services.xserver.displayManager.job.environment.XDG_DATA_DIRS = "${dmcfg.sessionData.desktops}/share/";
|
|
|
|
|
|
|
|
|
|
# setSessionScript wants AccountsService
|
|
|
|
|
systemd.services.display-manager.wants = [
|
|
|
|
|
"accounts-daemon.service"
|
|
|
|
|
];
|
|
|
|
|
|
2018-11-09 16:47:16 +01:00
|
|
|
|
# lightdm relaunches itself via just `lightdm`, so needs to be on the PATH
|
|
|
|
|
services.xserver.displayManager.job.execCmd = ''
|
|
|
|
|
export PATH=${lightdm}/sbin:$PATH
|
|
|
|
|
exec ${lightdm}/sbin/lightdm
|
|
|
|
|
'';
|
2013-03-25 19:26:07 +01:00
|
|
|
|
|
2019-10-13 10:03:54 +02:00
|
|
|
|
# Replaces getty
|
2019-10-05 11:45:48 +02:00
|
|
|
|
systemd.services.display-manager.conflicts = [
|
|
|
|
|
"getty@tty7.service"
|
2019-10-13 10:03:54 +02:00
|
|
|
|
# TODO: Add "plymouth-quit.service" so LightDM can control when plymouth
|
|
|
|
|
# quits. Currently this breaks switching to configurations with plymouth.
|
2019-10-05 11:45:48 +02:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Pull in dependencies of services we replace.
|
|
|
|
|
systemd.services.display-manager.after = [
|
|
|
|
|
"rc-local.service"
|
|
|
|
|
"systemd-machined.service"
|
|
|
|
|
"systemd-user-sessions.service"
|
|
|
|
|
"getty@tty7.service"
|
|
|
|
|
"user.slice"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# user.slice needs to be present
|
|
|
|
|
systemd.services.display-manager.requires = [
|
|
|
|
|
"user.slice"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# lightdm stops plymouth so when it fails make sure plymouth stops.
|
|
|
|
|
systemd.services.display-manager.onFailure = [
|
|
|
|
|
"plymouth-quit.service"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
systemd.services.display-manager.serviceConfig = {
|
|
|
|
|
BusName = "org.freedesktop.DisplayManager";
|
|
|
|
|
IgnoreSIGPIPE = "no";
|
|
|
|
|
# This allows lightdm to pass the LUKS password through to PAM.
|
|
|
|
|
# login keyring is unlocked automatic when autologin is used.
|
|
|
|
|
KeyringMode = "shared";
|
|
|
|
|
KillMode = "mixed";
|
|
|
|
|
StandardError = "inherit";
|
|
|
|
|
};
|
|
|
|
|
|
2015-03-10 01:59:21 +01:00
|
|
|
|
environment.etc."lightdm/lightdm.conf".source = lightdmConf;
|
2015-03-10 02:04:40 +01:00
|
|
|
|
environment.etc."lightdm/users.conf".source = usersConf;
|
2015-03-10 01:59:21 +01:00
|
|
|
|
|
2013-03-25 19:26:07 +01:00
|
|
|
|
services.dbus.enable = true;
|
|
|
|
|
services.dbus.packages = [ lightdm ];
|
|
|
|
|
|
2018-08-16 14:50:41 +02:00
|
|
|
|
# lightdm uses the accounts daemon to remember language/window-manager per user
|
2016-10-15 14:16:47 +02:00
|
|
|
|
services.accounts-daemon.enable = true;
|
|
|
|
|
|
2018-08-16 10:56:44 +02:00
|
|
|
|
# Enable the accounts daemon to find lightdm's dbus interface
|
|
|
|
|
environment.systemPackages = [ lightdm ];
|
|
|
|
|
|
2019-07-14 12:32:44 +02:00
|
|
|
|
security.pam.services.lightdm.text = ''
|
|
|
|
|
auth substack login
|
|
|
|
|
account include login
|
|
|
|
|
password substack login
|
|
|
|
|
session include login
|
|
|
|
|
'';
|
2015-05-22 04:06:03 +02:00
|
|
|
|
|
2019-07-14 12:32:44 +02:00
|
|
|
|
security.pam.services.lightdm-greeter.text = ''
|
|
|
|
|
auth required pam_succeed_if.so audit quiet_success user = lightdm
|
|
|
|
|
auth optional pam_permit.so
|
2015-05-22 04:06:03 +02:00
|
|
|
|
|
2019-07-14 12:32:44 +02:00
|
|
|
|
account required pam_succeed_if.so audit quiet_success user = lightdm
|
|
|
|
|
account sufficient pam_unix.so
|
|
|
|
|
|
|
|
|
|
password required pam_deny.so
|
|
|
|
|
|
|
|
|
|
session required pam_succeed_if.so audit quiet_success user = lightdm
|
2021-07-28 06:28:25 +02:00
|
|
|
|
session required pam_env.so conffile=/etc/pam/environment readenv=0
|
2019-07-14 12:32:44 +02:00
|
|
|
|
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
|
|
|
|
|
session optional pam_keyinit.so force revoke
|
|
|
|
|
session optional pam_permit.so
|
|
|
|
|
'';
|
2015-05-22 04:06:03 +02:00
|
|
|
|
|
2016-07-17 18:51:55 +02:00
|
|
|
|
security.pam.services.lightdm-autologin.text = ''
|
2019-07-14 12:32:44 +02:00
|
|
|
|
auth requisite pam_nologin.so
|
|
|
|
|
|
|
|
|
|
auth required pam_succeed_if.so uid >= 1000 quiet
|
|
|
|
|
auth required pam_permit.so
|
2016-07-17 18:51:55 +02:00
|
|
|
|
|
2019-07-14 12:32:44 +02:00
|
|
|
|
account sufficient pam_unix.so
|
2016-07-17 18:51:55 +02:00
|
|
|
|
|
2019-07-14 12:32:44 +02:00
|
|
|
|
password requisite pam_unix.so nullok sha512
|
2016-07-17 18:51:55 +02:00
|
|
|
|
|
2019-07-14 12:32:44 +02:00
|
|
|
|
session optional pam_keyinit.so revoke
|
|
|
|
|
session include login
|
2016-07-17 18:51:55 +02:00
|
|
|
|
'';
|
2013-03-25 19:26:07 +01:00
|
|
|
|
|
2018-06-30 01:58:35 +02:00
|
|
|
|
users.users.lightdm = {
|
2018-09-17 11:02:21 +02:00
|
|
|
|
home = "/var/lib/lightdm";
|
2013-08-26 15:20:25 +02:00
|
|
|
|
group = "lightdm";
|
|
|
|
|
uid = config.ids.uids.lightdm;
|
2020-10-24 17:28:18 +02:00
|
|
|
|
shell = pkgs.bash;
|
2013-03-25 19:26:07 +01:00
|
|
|
|
};
|
2013-08-26 15:20:25 +02:00
|
|
|
|
|
2018-09-17 11:02:21 +02:00
|
|
|
|
systemd.tmpfiles.rules = [
|
2021-12-03 05:22:21 +01:00
|
|
|
|
"d /run/lightdm 0711 lightdm lightdm -"
|
2018-09-17 11:02:21 +02:00
|
|
|
|
"d /var/cache/lightdm 0711 root lightdm -"
|
|
|
|
|
"d /var/lib/lightdm 1770 lightdm lightdm -"
|
|
|
|
|
"d /var/lib/lightdm-data 1775 lightdm lightdm -"
|
|
|
|
|
"d /var/log/lightdm 0711 root lightdm -"
|
|
|
|
|
];
|
|
|
|
|
|
2018-06-30 01:58:35 +02:00
|
|
|
|
users.groups.lightdm.gid = config.ids.gids.lightdm;
|
2015-11-29 01:18:59 +01:00
|
|
|
|
services.xserver.tty = null; # We might start multiple X servers so let the tty increment themselves..
|
|
|
|
|
services.xserver.display = null; # We specify our own display (and logfile) in xserver-wrapper up there
|
2013-03-25 19:26:07 +01:00
|
|
|
|
};
|
|
|
|
|
}
|