nixos/pmount: init module (#439935)

- [Prometheus Storagebox Exporter](https://github.com/fleaz/prometheus-storagebox-exporter), a Prometheus exporter for Hetzner storage boxes.

- [pmount](https://salsa.debian.org/debian/pmount), a tool that allows normal users to mount removable devices without requiring root privileges Available at [programs.pmount](#opt-programs.pmount.enable).

- [lemurs](https://github.com/coastalwhite/lemurs), a customizable TUI display/login manager. Available at [services.displayManager.lemurs](#opt-services.displayManager.lemurs.enable).

- [paisa](https://github.com/ananthakumaran/paisa), a personal finance tracker and dashboard. Available as [services.paisa](#opt-services.paisa.enable).

  ./programs/partition-manager.nix

  ./programs/pay-respects.nix

  ./programs/plotinus.nix

  ./programs/pmount.nix

  ./programs/pqos-wrapper.nix

  ./programs/projecteur.nix

  ./programs/proxychains.nix

{

  config,

  lib,

  pkgs,

  ...

}:

let

  inherit (lib.options) mkEnableOption mkPackageOption;

  inherit (lib.modules) mkIf;

  inherit (lib.meta) getExe';

  cfg = config.programs.pmount;

  mkSetuidWrapper = package: command: {

    setuid = true;

    owner = "root";

    group = "root";

    source = getExe' package command;

  };

in

{

  options.programs.pmount = {

    enable = mkEnableOption ''

      pmount, a tool that allows normal users to mount removable devices

      without requiring root privileges

    '';

    package = mkPackageOption pkgs "pmount" { };

  };

  config = mkIf cfg.enable {

    environment.systemPackages = [ cfg.package ];

    security.wrappers = {

      pmount = mkSetuidWrapper cfg.package "pmount";

      pumount = mkSetuidWrapper cfg.package "pumount";

    };

    systemd.tmpfiles.rules = [

      "d /media - root root - -"

    ];

  };

}