gnu: greetd-service-type: Add supplementary groups to greeter.

* gnu/services/base.scm (<greetd-configuration>)
[greeter-supplementary-groups]: New field.
(%greetd-accounts): Rename to...
(greetd-accounts): ... this.  Convert to a function that takes a config
argument.  Use greeter-supplementary-groups.
(greetd-service-type): Adjust accordingly.
* gnu/tests/desktop.scm (%minimal-services): Add test for
greeter-supplementary-groups.
* doc/guix.texi ("Base Services")[greetd-service-type]: Document
greeter-supplementary-groups.
This commit is contained in:
muradm 2022-07-22 14:28:57 +03:00 committed by Liliana Marie Prikler
parent d1815a68ea
commit cac3914dfc
No known key found for this signature in database
GPG key ID: 442A84B8C70E2F87
3 changed files with 26 additions and 13 deletions

View file

@ -18559,6 +18559,13 @@ the 'root' account has just been created.
@item @code{terminals} (default: @code{'()})
List of @code{greetd-terminal-configuration} per terminal for which
@code{greetd} should be started.
@item @code{greeter-supplementary-groups} (default: @code{'()})
List of groups which should be added to @code{greeter} user. For instance:
@lisp
(greeter-supplementary-groups '("seat" "video"))
@end lisp
Note that this example will fail if @code{seat} group does not exist.
@end table
@end deftp

View file

@ -2918,17 +2918,6 @@ (define (make-greetd-terminal-configuration-file config)
"user = " default-session-user "\n"
"command = " default-session-command "\n")))
(define %greetd-accounts
(list (user-account
(name "greeter")
(group "greeter")
;; video group is required for graphical greeters.
(supplementary-groups '("video"))
(system? #t))
(user-group
(name "greeter")
(system? #t))))
(define %greetd-file-systems
(list (file-system
(device "none")
@ -2956,7 +2945,16 @@ (define-record-type* <greetd-configuration>
greetd-configuration?
(motd greetd-motd (default %default-motd))
(allow-empty-passwords? greetd-allow-empty-passwords? (default #t))
(terminals greetd-terminals (default '())))
(terminals greetd-terminals (default '()))
(greeter-supplementary-groups greetd-greeter-supplementary-groups (default '())))
(define (greetd-accounts config)
(list (user-group (name "greeter") (system? #t))
(user-account
(name "greeter")
(group "greeter")
(supplementary-groups (greetd-greeter-supplementary-groups config))
(system? #t))))
(define (make-greetd-pam-mount-conf-file config)
(computed-file
@ -3033,7 +3031,7 @@ (define greetd-service-type
login manager daemon.")
(extensions
(list
(service-extension account-service-type (const %greetd-accounts))
(service-extension account-service-type greetd-accounts)
(service-extension file-system-service-type (const %greetd-file-systems))
(service-extension etc-service-type greetd-etc-service)
(service-extension pam-root-service-type greetd-pam-service)

View file

@ -122,6 +122,7 @@ (define %minimal-services
(service seatd-service-type)
(service greetd-service-type
(greetd-configuration
(greeter-supplementary-groups '("input" "video"))
(terminals
(list
;; we can make any terminal active by default
@ -295,6 +296,13 @@ (define (greetd-pid-to-sock pid)
(marionette-type "echo alice > /run/user/1000/test\n" marionette)
(file-get-all-strings "/run/user/1000/test")))
(test-equal "check greeter user has correct groups"
"greeter input video\n"
(begin
(marionette-type "id -Gn greeter > /run/user/1000/greeter-groups\n"
marionette)
(file-get-all-strings "/run/user/1000/greeter-groups")))
(test-assert "screendump"
(begin
(marionette-control (string-append "screendump " #$output