diff options
author | lassulus <git@lassul.us> | 2023-09-14 12:18:45 +0200 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-09-14 12:18:45 +0200 |
commit | 4820fc27cdc44a12b57d52c5fb7a932407d765a1 (patch) | |
tree | 3a31e612fe6141c1079a7fee37db1bb80486ac33 /tv/3modules/systemd.nix | |
parent | d5305cdab1eadfe972ae0d1adc94192bb62ca6bc (diff) | |
parent | 1e03553fe6058d06c00a6c92e0ef486282057595 (diff) |
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'tv/3modules/systemd.nix')
-rw-r--r-- | tv/3modules/systemd.nix | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/tv/3modules/systemd.nix b/tv/3modules/systemd.nix deleted file mode 100644 index db8a5199..00000000 --- a/tv/3modules/systemd.nix +++ /dev/null @@ -1,47 +0,0 @@ -with import ./lib; -{ config, ... }: let - normalUsers = filterAttrs (_: getAttr "isNormalUser") config.users.users; -in { - options = { - tv.systemd.services = mkOption { - type = types.attrsOf (types.submodule (self: { - options = { - operators = mkOption { - type = with types; listOf (enum (attrNames normalUsers)); - default = []; - }; - }; - })); - default = {}; - }; - }; - config = { - security.polkit.extraConfig = let - access = - mapAttrs' - (name: cfg: - nameValuePair "${name}.service" - (genAttrs cfg.operators (const true)) - ) - config.tv.systemd.services; - in optionalString (access != {}) /* js */ '' - polkit.addRule(function () { - const access = ${lib.toJSON access}; - return function (action, subject) { - if (action.id === "org.freedesktop.systemd1.manage-units") { - const unit = action.lookup("unit"); - if ( - (access[unit]||{})[subject.user] || - ( - unit.includes("@") && - (access[unit.replace(/@[^.]+/, "@")]||{})[subject.user] - ) - ) { - return polkit.Result.YES; - } - } - } - }()); - ''; - }; -} |