From c5c0caa4c12ca366f2afd00521d4d392a4b0d181 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 24 Jan 2022 19:10:19 +0100 Subject: [PATCH] tv: add org.freedesktop.machine1.host-shell --- tv/3modules/default.nix | 1 + .../org.freedesktop.machine1.host-shell.nix | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 tv/3modules/org.freedesktop.machine1.host-shell.nix diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 9f2f8e606..b6b4faa51 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -8,6 +8,7 @@ ./hw.nix ./im.nix ./iptables.nix + ./org.freedesktop.machine1.host-shell.nix ./slock.nix ./x0vncserver.nix ./Xresources.nix diff --git a/tv/3modules/org.freedesktop.machine1.host-shell.nix b/tv/3modules/org.freedesktop.machine1.host-shell.nix new file mode 100644 index 000000000..e1a5323d6 --- /dev/null +++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix @@ -0,0 +1,28 @@ +{ config, ... }: let lib = import ../../lib; in { + options.org.freedesktop.machine1.host-shell.access = lib.mkOption { + default = {}; + type = + lib.types.addCheck + (lib.types.attrsOf (lib.types.attrsOf lib.types.bool)) + (x: + lib.all + lib.types.username.check + (lib.concatLists + (lib.mapAttrsToList + (name: value: [name] ++ lib.attrNames value) + x))); + }; + config.security.polkit.extraConfig = let + cfg = config.org.freedesktop.machine1.host-shell; + enable = cfg.access != {}; + in lib.optionalString enable /* js */ '' + polkit.addRule(function () { + var access = ${lib.toJSON cfg.access}; + return function(action, subject) { + if (action.id === "org.freedesktop.machine1.host-shell" + && (access[subject.user]||{})[action.lookup("user")]) + return polkit.Result.YES; + } + }()); + ''; +}