christoph/flake-nixinator
1
Fork 0
Code Activity

Nixos: Use ${username} in polkit system module

Browse Source
This commit is contained in:
Christoph Urlacher
2024-10-13 13:00:33 +02:00
parent df5ab8e0c6
commit 0c1989a6b6
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
system/modules/polkit/default.nix
View File

@ -1,9 +1,8 @@
{ {
config, config,
nixosConfig,
lib, lib,
mylib, mylib,
pkgs, username,
... ...
}: }:
with lib; with lib;
@ -15,9 +14,8 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.polkit.enable = true; security.polkit.enable = true;
# TODO: Don't hardcode subject.user == "christoph"
security.polkit.extraConfig = let security.polkit.extraConfig = let
# Stuff that is non-negotiable # Stuff that should always get a rule
always-predicates = []; always-predicates = [];
mkServicePredicate = service: "action.lookup(\"unit\") == \"${service}\""; mkServicePredicate = service: "action.lookup(\"unit\") == \"${service}\"";
@ -27,7 +25,7 @@ in {
]; ];
in '' in ''
polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" && subject.user == "christoph" && ( if (action.id == "org.freedesktop.systemd1.manage-units" && subject.user == "${username}" && (
${predicates} ${predicates}
)) { )) {
return polkit.Result.YES; return polkit.Result.YES;