Skip to content

Commit

Permalink
nixos/howdy: init
Browse files Browse the repository at this point in the history
  • Loading branch information
fufexan committed Oct 5, 2024
1 parent fb13500 commit 489ed0e
Show file tree
Hide file tree
Showing 5 changed files with 110 additions and 0 deletions.
2 changes: 2 additions & 0 deletions nixos/doc/manual/release-notes/rl-2411.section.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@

- [Goatcounter](https://www.goatcounter.com/), Easy web analytics. No tracking of personal data. Available as [services.goatcounter](options.html#opt-services.goatcocunter.enable).

- [Howdy](https://github.com/boltgolt/howdy), a Windows Hello™ style facial authentication program for Linux.

- [Privatebin](https://github.com/PrivateBin/PrivateBin/), A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Available as [services.privatebin](#opt-services.privatebin.enable)

- [UWSM](https://github.com/Vladimir-csp/uwsm), a wayland session manager to wrap Wayland Compositors into useful systemd units such as `graphical-session.target`. Available as [programs.uwsm](#opt-programs.uwsm.enable).
Expand Down
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
Original file line number Diff line number Diff line change
Expand Up @@ -1313,6 +1313,7 @@
./services/security/hockeypuck.nix
./services/security/hologram-agent.nix
./services/security/hologram-server.nix
./services/security/howdy
./services/security/infnoise.nix
./services/security/intune.nix
./services/security/jitterentropy-rngd.nix
Expand Down
11 changes: 11 additions & 0 deletions nixos/modules/security/pam.nix
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,16 @@ let
'';
};

howdyAuth = lib.mkOption {
default = config.services.howdy.enable;
defaultText = lib.literalExpression "config.services.howdy.enable";
type = lib.types.bool;
description = ''
If set, IR camera will be used (if it exists and your
facial models are enrolled).
'';
};

oathAuth = lib.mkOption {
default = config.security.pam.oath.enable;
defaultText = lib.literalExpression "config.security.pam.oath.enable";
Expand Down Expand Up @@ -696,6 +706,7 @@ let
dp9ik.authserver
]; })
{ name = "fprintd"; enable = cfg.fprintAuth; control = "sufficient"; modulePath = "${config.services.fprintd.package}/lib/security/pam_fprintd.so"; }
{ name = "howdy"; enable = cfg.howdyAuth; control = "sufficient"; modulePath = "${config.services.howdy.package}/lib/security/pam_howdy.so"; }
] ++
# Modules in this block require having the password set in PAM_AUTHTOK.
# pam_unix is marked as 'sufficient' on NixOS which means nothing will run
Expand Down
46 changes: 46 additions & 0 deletions nixos/modules/services/security/howdy/config.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
core = {
detection_notice = false;
timeout_notice = true;
no_confirmation = false;
suppress_unknown = false;
abort_if_ssh = true;
abort_if_lid_closed = true;
disabled = false;
use_cnn = false;
workaround = "off";
};

video = {
certainty = 3.5;
timeout = 4;
device_path = "/dev/video2";
warn_no_device = true;
max_height = 320;
frame_width = -1;
frame_height = -1;
dark_threshold = 60;
recording_plugin = "opencv";
device_format = "v4l2";
force_mjpeg = false;
exposure = -1;
device_fps = -1;
rotate = 0;
};

snapshots = {
save_failed = false;
save_successful = false;
};

rubberstamps = {
enabled = false;
stamp_rules = "nod 5s failsafe min_distance=12";
};

debug = {
end_report = false;
verbose_stamps = false;
gtk_stdout = false;
};
}
50 changes: 50 additions & 0 deletions nixos/modules/services/security/howdy/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.howdy;
settingsType = pkgs.formats.ini { };
in
{
options = {
services.howdy = {
enable = lib.mkEnableOption "" // {
description = ''
Howdy and PAM module for face recognition. See
`services.linux-enable-ir-emitter` for enabling the IR emitter support.
'';
};

package = lib.mkPackageOption pkgs "howdy" { };

settings = lib.mkOption {
inherit (settingsType) type;
default = import ./config.nix;
description = ''
Howdy configuration file. Refer to
<https://github.com/boltgolt/howdy/blob/beta/howdy/src/config.ini>
for options.
'';
};
};
};

config = lib.mkMerge [
(lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
environment.etc."howdy/config.ini".source = settingsType.generate "howdy-config.ini" cfg.settings;
assertions = [
{
assertion = !(builtins.elem "v4l2loopback" config.boot.kernelModules);
message = "Adding 'v4l2loopback' to `boot.kernelModules` causes Howdy to no longer work. Consider adding it to `boot.extraModulePackages` instead.";
}
];
})
{
services.howdy.settings = lib.mapAttrsRecursive (name: lib.mkDefault) (import ./config.nix);
}
];
}

0 comments on commit 489ed0e

Please sign in to comment.