blob: 747ad24922e1d5e9d7498226ac79146224b251ee (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
{ config, pkgs, ... }:
with pkgs.lib;
let
conf = pkgs.writeText "PolicyKit.conf"
''
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
<config version="0.1">
</config>
'';
in
{
options = {
security.policykit.enable = mkOption {
default = false;
description = "Enable PolicyKit (obsolete).";
};
};
config = mkIf config.security.policykit.enable {
environment.systemPackages = [ pkgs.policykit ];
services.dbus.packages = [ pkgs.policykit ];
security.pam.services = [ { name = "polkit"; } ];
users.extraUsers = singleton
{ name = "polkituser";
uid = config.ids.uids.polkituser;
description = "PolicyKit user";
};
users.extraGroups = singleton
{ name = "polkituser";
gid = config.ids.gids.polkituser;
};
environment.etc =
[ { source = conf;
target = "PolicyKit/PolicyKit.conf";
}
{ source = (pkgs.buildEnv {
name = "PolicyKit-policies";
pathsToLink = [ "/share/PolicyKit/policy" ];
paths = [ pkgs.policykit pkgs.consolekit pkgs.hal ];
}) + "/share/PolicyKit/policy";
target = "PolicyKit/policy";
}
];
system.activationScripts.policyKit = stringAfter [ "users" ]
''
mkdir -m 0770 -p /var/run/PolicyKit
chown root.polkituser /var/run/PolicyKit
mkdir -m 0770 -p /var/lib/PolicyKit
chown root.polkituser /var/lib/PolicyKit
mkdir -p /var/lib/misc
touch /var/lib/misc/PolicyKit.reload
chmod 0664 /var/lib/misc/PolicyKit.reload
chown polkituser.polkituser /var/lib/misc/PolicyKit.reload
'';
};
}
|