nixpkgs/nixos/modules/services/desktops/gnome/gnome-keyring.nix
rnhmjoj fedd7cd690
nixos: explicitely set security.wrappers ownership
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
2021-09-13 13:48:13 +02:00

63 lines
1.2 KiB
Nix

# GNOME Keyring daemon.
{ config, pkgs, lib, ... }:
with lib;
{
meta = {
maintainers = teams.gnome.members;
};
# Added 2021-05-07
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "gnome-keyring" "enable" ]
[ "services" "gnome" "gnome-keyring" "enable" ]
)
];
###### interface
options = {
services.gnome.gnome-keyring = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome.gnome-keyring.enable {
environment.systemPackages = [ pkgs.gnome.gnome-keyring ];
services.dbus.packages = [ pkgs.gnome.gnome-keyring pkgs.gcr ];
xdg.portal.extraPortals = [ pkgs.gnome.gnome-keyring ];
security.pam.services.login.enableGnomeKeyring = true;
security.wrappers.gnome-keyring-daemon = {
owner = "root";
group = "root";
capabilities = "cap_ipc_lock=ep";
source = "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon";
};
};
}