diff --git a/nixos/modules/security/pam_mount.nix b/nixos/modules/security/pam_mount.nix
index 9a0143c155c5..e25ace38f57f 100644
--- a/nixos/modules/security/pam_mount.nix
+++ b/nixos/modules/security/pam_mount.nix
@@ -29,6 +29,28 @@ in
xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />.
'';
};
+
+ additionalSearchPaths = mkOption {
+ type = types.listOf types.package;
+ default = [];
+ example = literalExample "[ pkgs.bindfs ]";
+ description = ''
+ Additional programs to include in the search path of pam_mount.
+ Useful for example if you want to use some FUSE filesystems like bindfs.
+ '';
+ };
+
+ fuseMountOptions = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ example = literalExample ''
+ [ "nodev" "nosuid" "force-user=%(USER)" "gid=%(USERGID)" "perms=0700" "chmod-deny" "chown-deny" "chgrp-deny" ]
+ '';
+ description = ''
+ Global mount options that apply to every FUSE volume.
+ You can define volume-specific options in the volume definitions.
+ '';
+ };
};
};
@@ -60,11 +82,12 @@ in
- ${pkgs.util-linux}/bin
+ ${makeBinPath ([ pkgs.util-linux ] ++ cfg.additionalSearchPaths)}
+ ${pkgs.fuse}/bin/mount.fuse %(VOLUME) %(MNTPT) -o ${concatStringsSep "," (cfg.fuseMountOptions ++ [ "%(OPTIONS)" ])}
${pkgs.pam_mount}/bin/mount.crypt %(VOLUME) %(MNTPT)
${pkgs.pam_mount}/bin/umount.crypt %(MNTPT)
${pkgs.pam_mount}/bin/pmvarrun -u %(USER) -o %(OPERATION)