diff options
author | tv <tv@krebsco.de> | 2022-01-24 19:10:19 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-01-24 19:10:19 +0100 |
commit | c5c0caa4c12ca366f2afd00521d4d392a4b0d181 (patch) | |
tree | d613f4053def298643fa78880371168a13467fd3 | |
parent | 61afd178952038883f40d3684d82754515221469 (diff) |
tv: add org.freedesktop.machine1.host-shell
-rw-r--r-- | tv/3modules/default.nix | 1 | ||||
-rw-r--r-- | tv/3modules/org.freedesktop.machine1.host-shell.nix | 28 |
2 files changed, 29 insertions, 0 deletions
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 9f2f8e606..b6b4faa51 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -8,6 +8,7 @@ ./hw.nix ./im.nix ./iptables.nix + ./org.freedesktop.machine1.host-shell.nix ./slock.nix ./x0vncserver.nix ./Xresources.nix diff --git a/tv/3modules/org.freedesktop.machine1.host-shell.nix b/tv/3modules/org.freedesktop.machine1.host-shell.nix new file mode 100644 index 000000000..e1a5323d6 --- /dev/null +++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix @@ -0,0 +1,28 @@ +{ config, ... }: let lib = import ../../lib; in { + options.org.freedesktop.machine1.host-shell.access = lib.mkOption { + default = {}; + type = + lib.types.addCheck + (lib.types.attrsOf (lib.types.attrsOf lib.types.bool)) + (x: + lib.all + lib.types.username.check + (lib.concatLists + (lib.mapAttrsToList + (name: value: [name] ++ lib.attrNames value) + x))); + }; + config.security.polkit.extraConfig = let + cfg = config.org.freedesktop.machine1.host-shell; + enable = cfg.access != {}; + in lib.optionalString enable /* js */ '' + polkit.addRule(function () { + var access = ${lib.toJSON cfg.access}; + return function(action, subject) { + if (action.id === "org.freedesktop.machine1.host-shell" + && (access[subject.user]||{})[action.lookup("user")]) + return polkit.Result.YES; + } + }()); + ''; +} |