diff options
Diffstat (limited to 'tv/3modules/org.freedesktop.machine1.host-shell.nix')
| -rw-r--r-- | tv/3modules/org.freedesktop.machine1.host-shell.nix | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/tv/3modules/org.freedesktop.machine1.host-shell.nix b/tv/3modules/org.freedesktop.machine1.host-shell.nix new file mode 100644 index 00000000..e1a5323d --- /dev/null +++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix @@ -0,0 +1,28 @@ +{ config, ... }: let lib = import ../../lib; in { + options.org.freedesktop.machine1.host-shell.access = lib.mkOption { + default = {}; + type = + lib.types.addCheck + (lib.types.attrsOf (lib.types.attrsOf lib.types.bool)) + (x: + lib.all + lib.types.username.check + (lib.concatLists + (lib.mapAttrsToList + (name: value: [name] ++ lib.attrNames value) + x))); + }; + config.security.polkit.extraConfig = let + cfg = config.org.freedesktop.machine1.host-shell; + enable = cfg.access != {}; + in lib.optionalString enable /* js */ '' + polkit.addRule(function () { + var access = ${lib.toJSON cfg.access}; + return function(action, subject) { + if (action.id === "org.freedesktop.machine1.host-shell" + && (access[subject.user]||{})[action.lookup("user")]) + return polkit.Result.YES; + } + }()); + ''; +} |