nixos/ydotool: Make group configurable

Allows users to refer to `config.programs.ydotool.group` rather than hard-coding "ydotool". Allows users to override the group name for whatever reason. This closes #317013. Co-authored-by: Cosima Neidahl <opna2608@protonmail.com>
2024-06-04 20:04:49 +12:00 · 2024-06-04 20:04:49 +12:00 · 408406c2ff
commit 408406c2ff
parent 7203cf8e3d
2 changed files with 54 additions and 4 deletions
--- a/nixos/modules/programs/ydotool.nix
+++ b/nixos/modules/programs/ydotool.nix
@ -14,22 +14,29 @@ in

  options.programs.ydotool = {
    enable = lib.mkEnableOption ''
-      ydotoold system service and install ydotool.
-      Add yourself to the 'ydotool' group to be able to use it.
+      ydotoold system service and {command}`ydotool` for members of
+      {option}`programs.ydotool.group`.
    '';
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "ydotool";
+      description = ''
+        Group which users must be in to use {command}`ydotool`.
+      '';
+    };
  };

  config = let
    runtimeDirectory = "ydotoold";
  in lib.mkIf cfg.enable {
-    users.groups.ydotool = { };
+    users.groups."${config.programs.ydotool.group}" = { };

    systemd.services.ydotoold = {
      description = "ydotoold - backend for ydotool";
      wantedBy = [ "multi-user.target" ];
      partOf = [ "multi-user.target" ];
      serviceConfig = {
-        Group = "ydotool";
+        Group = config.programs.ydotool.group;
        RuntimeDirectory = runtimeDirectory;
        RuntimeDirectoryMode = "0750";
        ExecStart = "${lib.getExe' pkgs.ydotool "ydotoold"} --socket-path=${config.environment.variables.YDOTOOL_SOCKET} --socket-perm=0660";
--- a/nixos/tests/ydotool.nix
+++ b/nixos/tests/ydotool.nix
@ -138,4 +138,47 @@ in
      quantenzitrone
    ];
  };
+
+  customGroup =
+    let
+      name = "customGroup";
+      nodeName = "${name}Node";
+      insideGroupUsername = "ydotool-user";
+      outsideGroupUsername = "other-user";
+      groupName = "custom-group";
+    in
+    makeTest {
+      inherit name;
+
+      nodes."${nodeName}" = {
+        programs.ydotool = {
+          enable = true;
+          group = groupName;
+        };
+
+        users.users = {
+          "${insideGroupUsername}" = {
+            isNormalUser = true;
+            extraGroups = [ groupName ];
+          };
+          "${outsideGroupUsername}".isNormalUser = true;
+        };
+      };
+
+      testScript = ''
+        start_all()
+
+        # Wait for service to start
+        ${nodeName}.wait_for_unit("multi-user.target")
+        ${nodeName}.wait_for_unit("ydotoold.service")
+
+        # Verify that user with the configured group can use the service
+        ${nodeName}.succeed("sudo --login --user=${insideGroupUsername} ydotool type 'Hello, World!'")
+
+        # Verify that user without the configured group can't use the service
+        ${nodeName}.fail("sudo --login --user=${outsideGroupUsername} ydotool type 'Hello, World!'")
+      '';
+
+      meta.maintainers = with lib.maintainers; [ l0b0 ];
+    };
 }