2d6247a414
From gkd-capability.c: This program needs the CAP_IPC_LOCK posix capability. We want to allow either setuid root or file system based capabilies to work. If file system based capabilities, this is a no-op unless the root user is running the program. In that case we just drop capabilities down to IPC_LOCK. If we are setuid root, then change to the invoking user retaining just the IPC_LOCK capability. The application is aborted if for any reason we are unable to drop privileges.
47 lines
912 B
Nix
47 lines
912 B
Nix
# GNOME Keyring daemon.
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.gnome3.gnome-keyring = {
|
|
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to enable GNOME Keyring daemon, a service designed to
|
|
take care of the user's security credentials,
|
|
such as user names and passwords.
|
|
'';
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
###### implementation
|
|
|
|
config = mkIf config.services.gnome3.gnome-keyring.enable {
|
|
|
|
environment.systemPackages = [ pkgs.gnome3.gnome-keyring ];
|
|
|
|
services.dbus.packages = [ pkgs.gnome3.gnome-keyring pkgs.gcr ];
|
|
|
|
security.pam.services.login.enableGnomeKeyring = true;
|
|
|
|
security.wrappers.gnome-keyring-daemon = {
|
|
source = "${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon";
|
|
capabilities = "cap_ipc_lock=ep";
|
|
};
|
|
|
|
};
|
|
|
|
}
|