From afde0286728e1933ead350d7aabc72668db0194c Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Fri, 5 Feb 2021 08:52:51 +0100 Subject: [PATCH] nixos/i2c: add module to set up i2c permissions This is a very simple module that installs a single udev rule. The rule set the ownership of all /dev/i2c-* devices to a group, "i2c" by default but can be changed. The "uaccess" tag also makes systemd add an ACL for users with a seat[1]. Fix issue #91771 [1]: https://enotty.pipebreaker.pl/2012/05/23/linux-automatic-user-acl-management/ --- nixos/modules/hardware/i2c.nix | 43 ++++++++++++++++++++++++++++++++++ nixos/modules/module-list.nix | 1 + 2 files changed, 44 insertions(+) create mode 100644 nixos/modules/hardware/i2c.nix diff --git a/nixos/modules/hardware/i2c.nix b/nixos/modules/hardware/i2c.nix new file mode 100644 index 000000000000..ff14b4b1c891 --- /dev/null +++ b/nixos/modules/hardware/i2c.nix @@ -0,0 +1,43 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.hardware.i2c; +in + +{ + options.hardware.i2c = { + enable = mkEnableOption '' + i2c devices support. By default access is granted to users in the "i2c" + group (will be created if non-existent) and any user with a seat, meaning + logged on the computer locally. + ''; + + group = mkOption { + type = types.str; + default = "i2c"; + description = '' + Grant access to i2c devices (/dev/i2c-*) to users in this group. + ''; + }; + }; + + config = mkIf cfg.enable { + + boot.kernelModules = [ "i2c-dev" ]; + + users.groups = mkIf (cfg.group == "i2c") { + i2c = { }; + }; + + services.udev.extraRules = '' + # allow group ${cfg.group} and users with a seat use of i2c devices + ACTION=="add", KERNEL=="i2c-[0-9]*", TAG+="uaccess", GROUP="${cfg.group}", MODE="660" + ''; + + }; + + meta.maintainers = [ maintainers.rnhmjoj ]; + +} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0d26b7300d05..3d9b73a81509 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -46,6 +46,7 @@ ./hardware/cpu/intel-microcode.nix ./hardware/digitalbitbox.nix ./hardware/device-tree.nix + ./hardware/i2c.nix ./hardware/sensor/hddtemp.nix ./hardware/sensor/iio.nix ./hardware/keyboard/zsa.nix