fedd7cd690
This is slightly more verbose and inconvenient, but it forces you to think about what the wrapper ownership and permissions will be.
63 lines
1.2 KiB
Nix
63 lines
1.2 KiB
Nix
# GNOME Keyring daemon.
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
|
|
meta = {
|
|
maintainers = teams.gnome.members;
|
|
};
|
|
|
|
# Added 2021-05-07
|
|
imports = [
|
|
(mkRenamedOptionModule
|
|
[ "services" "gnome3" "gnome-keyring" "enable" ]
|
|
[ "services" "gnome" "gnome-keyring" "enable" ]
|
|
)
|
|
];
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.gnome.gnome-keyring = {
|
|
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to enable GNOME Keyring daemon, a service designed to
|
|
take care of the user's security credentials,
|
|
such as user names and passwords.
|
|
'';
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
###### implementation
|
|
|
|
config = mkIf config.services.gnome.gnome-keyring.enable {
|
|
|
|
environment.systemPackages = [ pkgs.gnome.gnome-keyring ];
|
|
|
|
services.dbus.packages = [ pkgs.gnome.gnome-keyring pkgs.gcr ];
|
|
|
|
xdg.portal.extraPortals = [ pkgs.gnome.gnome-keyring ];
|
|
|
|
security.pam.services.login.enableGnomeKeyring = true;
|
|
|
|
security.wrappers.gnome-keyring-daemon = {
|
|
owner = "root";
|
|
group = "root";
|
|
capabilities = "cap_ipc_lock=ep";
|
|
source = "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon";
|
|
};
|
|
|
|
};
|
|
|
|
}
|