From 40748533919fdfbc4c11792c2e0541941a2b64a6 Mon Sep 17 00:00:00 2001 From: Pratham Patel Date: Thu, 1 Aug 2024 09:51:31 +0530 Subject: [PATCH] nixos/pam: kwallet: add the `forceRun` option --- nixos/modules/security/pam.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index b44daa528167..e74858f4ce85 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -489,6 +489,18 @@ let package = mkPackageOption pkgs.plasma5Packages "kwallet-pam" { pkgsText = "pkgs.plasma5Packages"; }; + + forceRun = mkEnableOption null // { + description = '' + The `force_run` option is used to tell the PAM module for KWallet + to forcefully run even if no graphical session (such as a GUI + display manager) is detected. This is useful for when you are + starting an X Session or a Wayland Session from a TTY. If you + intend to log-in from a TTY, it is recommended that you enable + this option **and** ensure that `plasma-kwallet-pam.service` is + started by `graphical-session.target`. + ''; + }; }; sssdStrictAccess = mkOption { @@ -861,7 +873,7 @@ let order = "user,group,default"; debug = true; }; } - { name = "kwallet"; enable = cfg.kwallet.enable; control = "optional"; modulePath = "${cfg.kwallet.package}/lib/security/pam_kwallet5.so"; } + { name = "kwallet"; enable = cfg.kwallet.enable; control = "optional"; modulePath = "${cfg.kwallet.package}/lib/security/pam_kwallet5.so"; settings = lib.mkIf cfg.kwallet.forceRun { force_run = true; }; } { name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so"; settings = { auto_start = true; }; }