nixos/polkit: remove root from adminIdentities

Fixes https://github.com/NixOS/nixpkgs/issues/75075.

To summarize the report in the aforementioned issue, at a glance,
it's a different default than what upstream polkit has. Apparently
for 8+ years polkit defaults admin identities as members of
the wheel group [0]. This assumption would be appropriate on NixOS, where
every member of group 'wheel' is necessarily privileged.

[0]: https://gitlab.freedesktop.org/polkit/polkit/commit/763faf434b445c20ae9529100d3ef5290976d0c9

1 files changed, 2 insertions, 3 deletions

diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix
index f2b2df4004cb..a6724bd75832 100644
--- a/nixos/modules/security/polkit.nix
+++ b/nixos/modules/security/polkit.nix
@@ -42,15 +42,14 @@ in
 
     security.polkit.adminIdentities = mkOption {
       type = types.listOf types.str;
-      default = [ "unix-user:0" "unix-group:wheel" ];
+      default = [ "unix-group:wheel" ];
       example = [ "unix-user:alice" "unix-group:admin" ];
       description =
         ''
           Specifies which users are considered “administrators”, for those
           actions that require the user to authenticate as an
           administrator (i.e. have an <literal>auth_admin</literal>
-          value).  By default, this is the <literal>root</literal>
-          user and all users in the <literal>wheel</literal> group.
+          value).  By default, this is all users in the <literal>wheel</literal> group.
         '';
     };