gnu: greetd-service-type: Add supplementary groups to greeter.

* gnu/services/base.scm (<greetd-configuration>) [greeter-supplementary-groups]: New field. (%greetd-accounts): Rename to... (greetd-accounts): ... this. Convert to a function that takes a config argument. Use greeter-supplementary-groups. (greetd-service-type): Adjust accordingly. * gnu/tests/desktop.scm (%minimal-services): Add test for greeter-supplementary-groups. * doc/guix.texi ("Base Services")[greetd-service-type]: Document greeter-supplementary-groups.
2022-07-22 14:28:57 +03:00 · 2022-07-22 14:28:57 +03:00 · cac3914dfc
parent d1815a68ea
commit cac3914dfc
3 changed files with 26 additions and 13 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -18559,6 +18559,13 @@ the 'root' account has just been created.
@item @code{terminals} (default: @code{'()})
 List of @code{greetd-terminal-configuration} per terminal for which
@code{greetd} should be started.
+
+@item @code{greeter-supplementary-groups} (default: @code{'()})
+List of groups which should be added to @code{greeter} user. For instance:
+@lisp
+(greeter-supplementary-groups '("seat" "video"))
+@end lisp
+Note that this example will fail if @code{seat} group does not exist.
@end table
@end deftp

--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@ -2918,17 +2918,6 @@ to handle."
     "user = " default-session-user "\n"
     "command = " default-session-command "\n")))

-(define %greetd-accounts
-  (list (user-account
-         (name "greeter")
-         (group "greeter")
-         ;; video group is required for graphical greeters.
-         (supplementary-groups '("video"))
-         (system? #t))
-        (user-group
-         (name "greeter")
-         (system? #t))))
-
 (define %greetd-file-systems
  (list (file-system
          (device "none")
@ -2956,7 +2945,16 @@ to handle."
  greetd-configuration?
  (motd greetd-motd (default %default-motd))
  (allow-empty-passwords? greetd-allow-empty-passwords? (default #t))
-  (terminals greetd-terminals (default '())))
+  (terminals greetd-terminals (default '()))
+  (greeter-supplementary-groups greetd-greeter-supplementary-groups (default '())))
+
+(define (greetd-accounts config)
+  (list (user-group (name "greeter") (system? #t))
+        (user-account
+         (name "greeter")
+         (group "greeter")
+         (supplementary-groups (greetd-greeter-supplementary-groups config))
+         (system? #t))))

 (define (make-greetd-pam-mount-conf-file config)
  (computed-file
@ -3033,7 +3031,7 @@ mount/unmount /run/user/<uid> directory for user and @code{greetd}
 login manager daemon.")
   (extensions
    (list
-     (service-extension account-service-type (const %greetd-accounts))
+     (service-extension account-service-type greetd-accounts)
     (service-extension file-system-service-type (const %greetd-file-systems))
     (service-extension etc-service-type greetd-etc-service)
     (service-extension pam-root-service-type greetd-pam-service)
--- a/gnu/tests/desktop.scm
+++ b/gnu/tests/desktop.scm
@ -122,6 +122,7 @@
    (service seatd-service-type)
    (service greetd-service-type
             (greetd-configuration
+              (greeter-supplementary-groups '("input" "video"))
              (terminals
               (list
                ;; we can make any terminal active by default
@ -295,6 +296,13 @@ minimal %BASE-SERVICES."
              (marionette-type "echo alice > /run/user/1000/test\n" marionette)
              (file-get-all-strings "/run/user/1000/test")))

+          (test-equal "check greeter user has correct groups"
+            "greeter input video\n"
+            (begin
+              (marionette-type "id -Gn greeter > /run/user/1000/greeter-groups\n"
+                               marionette)
+              (file-get-all-strings "/run/user/1000/greeter-groups")))
+
          (test-assert "screendump"
            (begin
              (marionette-control (string-append "screendump " #$output