unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#62357] [PATCH] services: base: add pam-mount-volume support for greetd
@ 2023-03-21 21:06 Brian Cully via Guix-patches via
  2023-03-21 21:09 ` Brian Cully via Guix-patches via
  2023-03-28 15:38 ` Ludovic Courtès
  0 siblings, 2 replies; 6+ messages in thread
From: Brian Cully via Guix-patches via @ 2023-03-21 21:06 UTC (permalink / raw)
  To: 62357; +Cc: Brian Cully, ludo

This patch lets users create mounts automatically on login with the greetd
service by adding `pam-mount-volume' records via the `extra-pam-mount-volumes'
field of `greetd-configuration'.

The existing rules for XDG_RUNTIME_DIR have been migrated to
`%base-pam-mount-volumes' and are installed by default.

* gnu/services/base.scm (<pam-mount-volume>): new record
(pam-mount-volume->sxml): new procedure
(%base-pam-mount-volumes): new variable
(greetd-pam-mount-rules): new function
(%greetd-pam-mount-rules): removed variable
(<greetd-configuration>): new field `extra-pam-mount-volumes'
---
 gnu/services/base.scm | 114 +++++++++++++++++++++++++++++++++++++++---
 1 file changed, 107 insertions(+), 7 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 2c984a0747..4da2090141 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -248,6 +248,27 @@ (define-module (gnu services base)
             pam-limits-service-type
             pam-limits-service
 
+            pam-mount-volume
+            pam-mount-volume-user
+            pam-mount-volume-uid
+            pam-mount-volume-pgrp
+            pam-mount-volume-gid
+            pam-mount-volume-sgrp
+            pam-mount-volume-fstype
+            pam-mount-volume-noroot
+            pam-mount-volume-server
+            pam-mount-volume-path
+            pam-mount-volume-path
+            pam-mount-volume-mountpoint
+            pam-mount-volume-header
+            pam-mount-volume-options
+            pam-mount-volume-ssh
+            pam-mount-volume-cipher
+            pam-mount-volume-fskeycipher
+            pam-mount-volume-fskeyhash
+            pam-mount-volume-fskeypath
+            %base-pam-mount-volumes
+
             greetd-service-type
             greetd-configuration
             greetd-terminal-configuration
@@ -3170,6 +3191,82 @@ (define (make-greetd-terminal-configuration-file config)
      "user = " default-session-user "\n"
      "command = " default-session-command "\n")))
 
+(define-record-type* <pam-mount-volume>
+  pam-mount-volume make-pam-mount-volume
+  pam-mount-volume?
+  (user pam-mount-volume-user (default #f)) ; string
+  (uid pam-mount-volume-uid (default #f)) ; number or (number . number)
+  (pgrp pam-mount-volume-pgrp (default #f)) ; string
+  (gid pam-mount-volume-gid (default #f)) ; number or (number . number)
+  (sgrp pam-mount-volume-sgrp (default #f)) ; string
+  (fstype pam-mount-volume-fstype (default #f)) ; string
+  (noroot pam-mount-volume-noroot (default #f)) ; bool
+  (server pam-mount-volume-server (default #f)) ; string
+  (path pam-mount-volume-path (default #f)) ; string
+  (mountpoint pam-mount-volume-mountpoint (default #f)) ; string
+  (header pam-mount-volume-header (default #f)) ; string
+  (options pam-mount-volume-options (default #f)) ; string
+  (ssh pam-mount-volume-ssh (default #f)) ; bool
+  (cipher pam-mount-volume-cipher (default #f)) ; string
+  (fskeycipher pam-mount-volume-fskeycipher (default #f)) ; string
+  (fskeyhash pam-mount-volume-fskeyhash (default #f)) ; string
+  (fskeypath pam-mount-volume-fskeypath (default #f))) ; string
+
+(define (pam-mount-volume->sxml volume)
+  "Return SXML formatted VOLUME, suitable for pam_mount configuration."
+  (define (string-for value)
+    (and value (format #f "~a" value)))
+
+  (define (bool-for value)
+    (if value
+        "1"
+        "0"))
+
+  (define (number-or-range-for value)
+    (match value
+      (#f #f)
+      ((start . end)
+       (format #f "~a-~a" start end))
+      (number
+       (format #f "~a" number))))
+
+  (define attrs
+    (filter
+     (cut cadr <>)
+     (map (lambda (field-desc)
+            (let* ((field-name (car field-desc))
+                   (field-formatter (cdr field-desc))
+                   (field-accessor (record-accessor <pam-mount-volume> field-name)))
+              (list field-name (field-formatter (field-accessor volume)))))
+          `((user . ,string-for)
+            (uid . ,number-or-range-for)
+            (pgrp . ,string-for)
+            (gid . ,number-or-range-for)
+            (sgrp . ,string-for)
+            (fstype . ,string-for)
+            (noroot . ,bool-for)
+            (server . ,string-for)
+            (path . ,string-for)
+            (mountpoint . ,string-for)
+            (header . ,string-for)
+            (options . ,string-for)
+            (ssh . ,bool-for)
+            (cipher . ,string-for)
+            (fskeycipher . ,string-for)
+            (fskeyhash . ,string-for)
+            (fskeypath . ,string-for)))))
+
+  `(volume (@ ,@attrs)))
+
+(define %base-pam-mount-volumes
+  (list
+   (pam-mount-volume->sxml
+    (pam-mount-volume
+     (sgrp "users")
+     (fstype "tmpfs")
+     (mountpoint "/run/user/%(USERUID)")
+     (options "noexec,nosuid,nodev,size=1g,mode=0700,uid=%(USERUID),gid=%(USERGID)")))))
+
 (define %greetd-file-systems
   (list (file-system
           (device "none")
@@ -3180,12 +3277,14 @@ (define %greetd-file-systems
           (options "mode=0755")
           (create-mount-point? #t))))
 
-(define %greetd-pam-mount-rules
+(define (greetd-pam-mount-rules config)
+  (define volumes
+    (append (map pam-mount-volume->sxml
+                 (greetd-extra-pam-mount-volumes config))
+            %base-pam-mount-volumes))
+
   `((debug (@ (enable "0")))
-    (volume (@ (sgrp "users")
-               (fstype "tmpfs")
-               (mountpoint "/run/user/%(USERUID)")
-               (options "noexec,nosuid,nodev,size=1g,mode=0700,uid=%(USERUID),gid=%(USERGID)")))
+    ,@volumes
     (logout (@ (wait "0")
                (hup "0")
                (term "yes")
@@ -3198,7 +3297,8 @@ (define-record-type* <greetd-configuration>
   (motd greetd-motd (default %default-motd))
   (allow-empty-passwords? greetd-allow-empty-passwords? (default #t))
   (terminals greetd-terminals (default '()))
-  (greeter-supplementary-groups greetd-greeter-supplementary-groups (default '())))
+  (greeter-supplementary-groups greetd-greeter-supplementary-groups (default '()))
+  (extra-pam-mount-volumes greetd-extra-pam-mount-volumes (default '())))
 
 (define (greetd-accounts config)
   (list (user-group (name "greeter") (system? #t))
@@ -3219,7 +3319,7 @@ (define (make-greetd-pam-mount-conf-file config)
             '(*TOP*
               (*PI* xml "version='1.0' encoding='utf-8'")
               (pam_mount
-               #$@%greetd-pam-mount-rules
+               #$@(greetd-pam-mount-rules config)
                (pmvarrun
                 #$(file-append greetd-pam-mount
                                "/sbin/pmvarrun -u '%(USER)' -o '%(OPERATION)'"))))

base-commit: 306bd7b8b952b1e721fd36a9d69b3373862e8087
-- 
2.39.2





^ permalink raw reply related	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2023-04-04 18:43 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-21 21:06 [bug#62357] [PATCH] services: base: add pam-mount-volume support for greetd Brian Cully via Guix-patches via
2023-03-21 21:09 ` Brian Cully via Guix-patches via
2023-03-28 15:38 ` Ludovic Courtès
2023-03-28 17:48   ` Guillaume Le Vaillant
2023-03-30 20:35     ` Ludovic Courtès
2023-04-04 18:40       ` Brian Cully via Guix-patches via

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).