nixos/pam: kwallet: add the forceRun option

2024-08-01 09:51:31 +05:30 · 2024-08-01 09:51:31 +05:30 · 4074853391
commit 4074853391
parent fedebb68ba
1 changed files with 13 additions and 1 deletions
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@ -489,6 +489,18 @@ let
        package = mkPackageOption pkgs.plasma5Packages "kwallet-pam" {
          pkgsText = "pkgs.plasma5Packages";
        };
+
+        forceRun = mkEnableOption null // {
+          description = ''
+            The `force_run` option is used to tell the PAM module for KWallet
+            to forcefully run even if no graphical session (such as a GUI
+            display manager) is detected. This is useful for when you are
+            starting an X Session or a Wayland Session from a TTY. If you
+            intend to log-in from a TTY, it is recommended that you enable
+            this option **and** ensure that `plasma-kwallet-pam.service` is
+            started by `graphical-session.target`.
+          '';
+        };
      };

      sssdStrictAccess = mkOption {
@ -861,7 +873,7 @@ let
            order = "user,group,default";
            debug = true;
          }; }
-          { name = "kwallet"; enable = cfg.kwallet.enable; control = "optional"; modulePath = "${cfg.kwallet.package}/lib/security/pam_kwallet5.so"; }
+          { name = "kwallet"; enable = cfg.kwallet.enable; control = "optional"; modulePath = "${cfg.kwallet.package}/lib/security/pam_kwallet5.so"; settings = lib.mkIf cfg.kwallet.forceRun { force_run = true; }; }
          { name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so"; settings = {
            auto_start = true;
          }; }