christoph/flake-nixinator
1
Fork 0
Code Activity

Use polkit module for vpn services

Browse Source
This commit is contained in:
Christoph Urlacher
2023-05-27 15:08:44 +02:00
parent 05b5a0c8a4
commit c251de3510
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
system/modules/polkit/default.nix
View File

@ -18,11 +18,7 @@ in {
# TODO: Don't hardcode subject.user == "christoph" # TODO: Don't hardcode subject.user == "christoph"
security.polkit.extraConfig = let security.polkit.extraConfig = let
# Stuff that is non-negotiable # Stuff that is non-negotiable
always-predicates = [ always-predicates = [];
# TODO: Those should be set by the VPN/networkd module
"wg0-de-115.service"
"wg0-lu-16.service"
];
mkServicePredicate = service: "action.lookup(\"unit\") == \"${service}\""; mkServicePredicate = service: "action.lookup(\"unit\") == \"${service}\"";
predicates = lib.pipe (cfg.allowed-system-services ++ always-predicates) [ predicates = lib.pipe (cfg.allowed-system-services ++ always-predicates) [

8
system/modules/systemd-networkd/default.nix
View File

@ -34,6 +34,14 @@ in {
in in
names; names;
modules.polkit.allowed-system-services = let
vpn-services = lib.pipe cfg.wireguard-tunnels [
attrNames
(map (v: "${v}.service"))
];
in
vpn-services;
# General Networking Settings # General Networking Settings
networking = { networking = {
# Gets inherited from flake in nixos mylib and passed through the module option # Gets inherited from flake in nixos mylib and passed through the module option