diff options
| author | tv <tv@krebsco.de> | 2025-07-18 15:04:21 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2025-07-18 15:04:21 +0200 |
| commit | f8d750f864aef25ae54293bbfde10dc3183c9e6b (patch) | |
| tree | 77b0be95db802be65f13f0a4d21907a404fa6ef1 /modules/org.freedesktop.machine1.host-shell.nix | |
| parent | 3a14327adc466beb2be96a8a21751f01b92d73e9 (diff) | |
org.freedesktop.machine1.host-shell: use writePolkitRules
Diffstat (limited to 'modules/org.freedesktop.machine1.host-shell.nix')
| -rw-r--r-- | modules/org.freedesktop.machine1.host-shell.nix | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/modules/org.freedesktop.machine1.host-shell.nix b/modules/org.freedesktop.machine1.host-shell.nix index 73825a5..1556ccf 100644 --- a/modules/org.freedesktop.machine1.host-shell.nix +++ b/modules/org.freedesktop.machine1.host-shell.nix @@ -1,4 +1,4 @@ -{ config, lib, mylib, ... }: { +{ config, lib, mylib, pkgs, ... }: { options.org.freedesktop.machine1.host-shell.access = lib.mkOption { default = {}; type = @@ -12,17 +12,19 @@ (name: value: [name] ++ lib.attrNames value) x))); }; - config.security.polkit.extraConfig = let + config.environment.etc."polkit-1/rules.d/30-hrm-access.rules" = let cfg = config.org.freedesktop.machine1.host-shell; + in { enable = cfg.access != {}; - in lib.optionalString enable /* js */ '' - polkit.addRule(function () { - const access = ${builtins.toJSON cfg.access}; - return function(action, subject) { - if (action.id === "org.freedesktop.machine1.host-shell" - && (access[subject.user]||{})[action.lookup("user")]) - return polkit.Result.YES; - } - }()); - ''; + source = pkgs.writePolkitRules "30-hrm-access.rules" /* js */ '' + polkit.addRule(function () { + const access = ${builtins.toJSON cfg.access}; + return function (action, subject) { + if (action.id === "org.freedesktop.machine1.host-shell" + && (access[subject.user]||{})[action.lookup("user")]) + return polkit.Result.YES; + } + }()); + ''; + }; } |