guix-play/gnu/services/sddm.scm
Josselin Poiret 2df5d4fd18
system: pam: Let PAM extensions add shepherd requirements.
* gnu/system/pam.scm (<pam-extension>): New record type.
(pam-shepherd-service): Add Shepherd synchronization point.

* gnu/services/mail.scm (dovecot-shepherd-service)
* gnu/services/lightdm.scm (lightdm-shepherd-service)
* gnu/services/mail.scm (opensmtpd-shepherd-service)
* gnu/services/sddm.scm (sddm-shepherd-service)
* gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service)
* gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service)
* gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement.

* gnu/system/pam.scm (/etc-entry, extend-configuration,
pam-root-service-type, pam-root-service)
* gnu/services/authentication.scm (pam-ldap-pam-service)
* gnu/services/base.scm (pam-limits-service-type)
(greetd-pam-service)
* gnu/services/desktop.scm (pam-gnome-keyring)
* gnu/services/kerberos.scm (pam-krb5-pam-service)
* gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to use
pam-extension.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-05-11 13:21:45 +02:00

327 lines
13 KiB
Scheme

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Jesse Gildersleve <jessejohngildersleve@protonmail.com>
;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services sddm)
#:use-module (gnu packages admin)
#:use-module (gnu packages display-managers)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages xorg)
#:use-module (gnu services)
#:use-module (gnu services shepherd)
#:use-module (gnu services xorg)
#:use-module (gnu system pam)
#:use-module (gnu system shadow)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix deprecation)
#:export (sddm-configuration
sddm-configuration?
sddm-service-type
sddm-service))
(define-record-type* <sddm-configuration>
sddm-configuration make-sddm-configuration
sddm-configuration?
(sddm sddm-configuration-sddm
(default sddm))
;; [General]
;; valid values are x11 and wayland
;; currently doesn't do anything is enabled by wayland greeter PR
(display-server sddm-configuration-display-server
(default "x11"))
;; valid values are on, off or none
(numlock sddm-configuration-numlock
(default "on"))
(halt-command sddm-configuration-halt-command
(default (file-append shepherd "/sbin/halt")))
(reboot-command sddm-configuration-reboot-command
(default (file-append shepherd "/sbin/reboot")))
;; [Theme]
;; valid values are elarun, maldives or maya
(theme sddm-configuration-theme
(default "maldives"))
(themes-directory sddm-configuration-themes-directory
(default "/run/current-system/profile/share/sddm/themes"))
(faces-directory sddm-configuration-faces-directory
(default "/run/current-system/profile/share/sddm/faces"))
;; [Users]
(default-path sddm-configuration-default-path
(default "/run/current-system/profile/bin"))
(minimum-uid sddm-configuration-minimum-uid
(default 1000))
(maximum-uid sddm-configuration-maximum-uid
(default 2000))
(remember-last-user? sddm-configuration-remember-last-user?
(default #t))
(remember-last-session? sddm-configuration-remember-last-session?
(default #t))
(hide-users sddm-configuration-hide-users
(default ""))
(hide-shells sddm-configuration-hide-shells
(default (file-append shadow "/sbin/nologin")))
;; [Wayland]
(session-command sddm-configuration-session-command
(default (file-append sddm "/share/sddm/scripts/wayland-session")))
(sessions-directory sddm-configuration-sessions-directory
(default "/run/current-system/profile/share/wayland-sessions"))
;; [X11]
(xorg-configuration sddm-configuration-xorg
(default (xorg-configuration)))
(xauth-path sddm-configuration-xauth-path
(default (file-append xauth "/bin/xauth")))
(xephyr-path sddm-configuration-xephyr-path
(default (file-append xorg-server "/bin/Xephyr")))
(xdisplay-start sddm-configuration-xdisplay-start
(default (file-append sddm "/share/sddm/scripts/Xsetup")))
(xdisplay-stop sddm-configuration-xdisplay-stop
(default (file-append sddm "/share/sddm/scripts/Xstop")))
(xsession-command sddm-configuration-xsession-command
(default (xinitrc)))
(xsessions-directory sddm-configuration-xsessions-directory
(default "/run/current-system/profile/share/xsessions"))
(minimum-vt sddm-configuration-minimum-vt
(default 7))
;; [Autologin]
(auto-login-user sddm-configuration-auto-login-user
(default ""))
;; valid values are xfce.desktop gnome.desktop weston.desktop hawaii.desktop
(auto-login-session sddm-configuration-auto-login-session
(default ""))
(relogin? sddm-configuration-relogin?
(default #f)))
(define (sddm-configuration-file config)
(mixed-text-file "sddm.conf" "
[General]
DisplayServer=" (sddm-configuration-display-server config) "
Numlock=" (sddm-configuration-numlock config) "
HaltCommand=" (sddm-configuration-halt-command config) "
RebootCommand=" (sddm-configuration-reboot-command config) "
[Users]
DefaultPath=" (sddm-configuration-default-path config) "
MinimumUid=" (number->string (sddm-configuration-minimum-uid config))"
MaximumUid=" (number->string (sddm-configuration-maximum-uid config))"
RememberLastUser=" (if (sddm-configuration-remember-last-user? config)
"true" "false") "
RememberLastSession=" (if (sddm-configuration-remember-last-session? config)
"true" "false") "
HideUsers=" (sddm-configuration-hide-users config) "
Hideshells=" (sddm-configuration-hide-shells config) "
[Theme]
Current=" (sddm-configuration-theme config) "
ThemeDir=" (sddm-configuration-themes-directory config) "
FacesDir=" (sddm-configuration-faces-directory config) "
[Wayland]
SessionCommand=" (sddm-configuration-session-command config) "
SessionDir=" (sddm-configuration-sessions-directory config) "
[X11]
ServerPath=" (xorg-start-command (sddm-configuration-xorg config)) "
XauthPath=" (sddm-configuration-xauth-path config) "
XephyrPath=" (sddm-configuration-xephyr-path config) "
DisplayCommand=" (sddm-configuration-xdisplay-start config) "
DisplayStopCommand=" (sddm-configuration-xdisplay-stop config) "
SessionCommand=" (sddm-configuration-xsession-command config) "
SessionDir=" (sddm-configuration-xsessions-directory config) "
MinimumVT=" (number->string (sddm-configuration-minimum-vt config)) "
ServerArguments=" (string-join
(xorg-configuration-server-arguments
(sddm-configuration-xorg config))) "
[Autologin]
User=" (sddm-configuration-auto-login-user config) "
Session=" (sddm-configuration-auto-login-session config) "
Relogin=" (if (sddm-configuration-relogin? config)
"true" "false") "
"))
(define (sddm-shepherd-service config)
"Return a <shepherd-service> for sddm with CONFIG."
(define sddm-command
#~(list (string-append #$(sddm-configuration-sddm config) "/bin/sddm")))
(list (shepherd-service
(documentation "SDDM display manager.")
(requirement '(user-processes elogind pam))
(provision '(xorg-server display-manager))
(start #~(make-forkexec-constructor #$sddm-command))
(stop #~(make-kill-destructor)))))
(define (sddm-etc-service config)
(list `("sddm.conf" ,(sddm-configuration-file config))))
(define (sddm-pam-service config)
"Return a PAM service for @command{sddm}."
(pam-service
(name "sddm")
(auth
(list
(pam-entry
(control "requisite")
(module "pam_nologin.so"))
(pam-entry
(control "required")
(module "pam_env.so"))
(pam-entry
(control "required")
(module "pam_succeed_if.so")
(arguments (list (string-append "uid >= "
(number->string (sddm-configuration-minimum-uid config)))
"quiet")))
;; should be factored out into system-auth
(pam-entry
(control "required")
(module "pam_unix.so"))))
(account
(list
;; should be factored out into system-account
(pam-entry
(control "required")
(module "pam_unix.so"))))
(password
(list
;; should be factored out into system-password
(pam-entry
(control "required")
(module "pam_unix.so")
(arguments (list "sha512" "shadow" "try_first_pass")))))
(session
(list
;; lfs has a required pam_limits.so
;; should be factored out into system-session
(pam-entry
(control "required")
(module "pam_unix.so"))))))
(define (sddm-greeter-pam-service)
"Return a PAM service for @command{sddm-greeter}."
(pam-service
(name "sddm-greeter")
(auth
(list
;; Load environment from /etc/environment and ~/.pam_environment
(pam-entry
(control "required")
(module "pam_env.so"))
;; Always let the greeter start without authentication
(pam-entry
(control "required")
(module "pam_permit.so"))))
(account
(list
;; No action required for account management
(pam-entry
(control "required")
(module "pam_permit.so"))))
(password
(list
;; Can't change password
(pam-entry
(control "required")
(module "pam_deny.so"))))
(session
(list
;; Setup session
(pam-entry
(control "required")
(module "pam_unix.so"))))))
(define (sddm-autologin-pam-service config)
"Return a PAM service for @command{sddm-autologin}"
(pam-service
(name "sddm-autologin")
(auth
(list
(pam-entry
(control "requisite")
(module "pam_nologin.so"))
(pam-entry
(control "required")
(module "pam_succeed_if.so")
(arguments (list (string-append "uid >= "
(number->string (sddm-configuration-minimum-uid config)))
"quiet")))
(pam-entry
(control "required")
(module "pam_permit.so"))))
(account
(list
(pam-entry
(control "include")
(module "sddm"))))
(password
(list
(pam-entry
(control "required")
(module "pam_deny.so"))))
(session
(list
(pam-entry
(control "include")
(module "sddm"))))))
(define (sddm-pam-services config)
(list (sddm-pam-service config)
(sddm-greeter-pam-service)
(sddm-autologin-pam-service config)))
(define %sddm-accounts
(list (user-group (name "sddm") (system? #t))
(user-account
(name "sddm")
(group "sddm")
(system? #t)
(comment "SDDM user")
(home-directory "/var/lib/sddm")
(shell (file-append shadow "/sbin/nologin")))))
;; Add default themes to profile
(define sddm-profile-service
(compose list sddm-configuration-sddm))
(define sddm-service-type
(handle-xorg-configuration sddm-configuration
(service-type (name 'sddm)
(extensions
(list (service-extension shepherd-root-service-type
sddm-shepherd-service)
(service-extension etc-service-type
sddm-etc-service)
(service-extension pam-root-service-type
sddm-pam-services)
(service-extension account-service-type
(const %sddm-accounts))
(service-extension profile-service-type
sddm-profile-service)))
(default-value (sddm-configuration))
(description
"Run SDDM, a display and log-in manager for X11 and
Wayland."))))