(address . guix-patches@gnu.org)
* gnu/services/desktop.scm (seatd-service-type): Uses "seat" group.
[extensions]: Added account-service-type with %seatd-accounts.
(%seatd-accounts): List with "seat" group.
(<seatd-configuration>): [group] Change default value to "seat".
* doc/guix.texi: Mention that users may need to become members of
"seat" group and update default value for group field.
---
doc/guix.texi | 18 +++++++++++++++++-
gnu/services/desktop.scm | 8 ++++++--
2 files changed, 23 insertions(+), 3 deletions(-)
Toggle diff (78 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 3c5864ec1a..750ed9b121 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23151,6 +23151,22 @@ input), without requiring the applications needing access to be root.
%base-services)
@end lisp
+
+Users which are going to interact with @code{seatd} daemon while logged in
+should be added to @code{seat} group. For instance:
+
+@lisp
+(user-account
+ (name "alice")
+ (group "users")
+ (supplementary-groups '("wheel" ;allow use of sudo, etc.
+ "seat" ;interact with seatd
+ "audio" ;sound card
+ "video" ;video devices such as webcams
+ "cdrom")) ;the good ol' CD-ROM
+ (comment "Bob's sister"))
+@end lisp
+
@end defvr
@deftp {Data Type} seatd-configuration
@@ -23163,7 +23179,7 @@ The seatd package to use.
@item @code{user} (default: @samp{"root"})
User to own the seatd socket.
-@item @code{group} (default: @samp{"users"})
+@item @code{group} (default: @samp{"seat"})
Group to own the seatd socket.
@item @code{socket} (default: @samp{"/run/seatd.sock"})
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 29a3722f1b..0d7cd71732 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -13,7 +13,7 @@
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2020 Reza Alizadeh Majd <r.majd@pantherx.org>
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
-;;; Copyright © 2021 muradm <mail@muradm.net>
+;;; Copyright © 2021, 2022 muradm <mail@muradm.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -1646,7 +1646,7 @@ (define-record-type* <seatd-configuration> seatd-configuration
seatd-configuration?
(seatd seatd-package (default seatd))
(user seatd-user (default "root"))
- (group seatd-group (default "users"))
+ (group seatd-group (default "seat"))
(socket seatd-socket (default "/run/seatd.sock"))
(logfile seatd-logfile (default "/var/log/seatd.log"))
(loglevel seatd-loglevel (default "info")))
@@ -1670,6 +1670,9 @@ (define (seatd-shepherd-service config)
#:log-file #$(seatd-logfile config)))
(stop #~(make-kill-destructor)))))
+(define %seatd-accounts
+ (list (user-group (name "seat") (system? #t))))
+
(define seatd-environment
(match-lambda
(($ <seatd-configuration> _ _ _ socket)
@@ -1683,6 +1686,7 @@ (define seatd-service-type
applications needing access to be root.")
(extensions
(list
+ (service-extension account-service-type (const %seatd-accounts))
(service-extension session-environment-service-type seatd-environment)
;; TODO: once cgroups is separate dependency we should not mount it here
;; for now it is mounted here, because elogind mounts it
--
2.36.1