From 465c9269dd6a1fadc2d5f27889db13e93db576cf Mon Sep 17 00:00:00 2001 From: Romanos Skiadas Date: Thu, 22 Jul 2021 16:04:57 +0300 Subject: [PATCH] nixos/openrazer: Add a users option --- .../from_md/release-notes/rl-2111.section.xml | 7 +++++-- nixos/doc/manual/release-notes/rl-2111.section.md | 2 +- nixos/modules/hardware/openrazer.nix | 15 ++++++++++++--- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 5dc0f1b15b34..7c58539bcafa 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -656,8 +656,11 @@ no longer need be granted the entire set of plugdev group permissions, which can include permissions other than those required by - openrazer. This can be desirable from a - security point of view. + openrazer. This is desirable from a + security point of view. The setting + harware.openrazer.users + can be used to add users to the openrazer + group. diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index be83ab2d6a44..ee40b509d0e7 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -164,7 +164,7 @@ pt-services.clipcat.enable). - `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument. -- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This can be desirable from a security point of view. +- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group. ## Other Notable Changes {#sec-release-21.11-notable-changes} diff --git a/nixos/modules/hardware/openrazer.nix b/nixos/modules/hardware/openrazer.nix index b4c1ddd1b336..bd9fc485e17e 100644 --- a/nixos/modules/hardware/openrazer.nix +++ b/nixos/modules/hardware/openrazer.nix @@ -51,8 +51,6 @@ in hardware.openrazer = { enable = mkEnableOption '' OpenRazer drivers and userspace daemon. - Any users that wish to make use of the daemon need to be - members of the "openrazer" group. ''; verboseLogging = mkOption { @@ -96,6 +94,15 @@ in generate a heatmap. ''; }; + + users = mkOption { + type = with types; listOf str; + default = []; + description = '' + Usernames to be added to the "openrazer" group, so that they + can start and interact with the OpenRazer userspace daemon. + ''; + }; }; }; @@ -113,7 +120,9 @@ in # A user must be a member of the openrazer group in order to start # the openrazer-daemon. Therefore we make sure that the group # exists. - users.groups.openrazer = {}; + users.groups.openrazer = { + members = cfg.users; + }; systemd.user.services.openrazer-daemon = { description = "Daemon to manage razer devices in userspace";