tv: add org.freedesktop.machine1.host-shell

2022-01-24 19:10:19 +01:00 · 2022-01-24 19:10:19 +01:00 · c5c0caa4c1
commit c5c0caa4c1
parent 61afd17895
2 changed files with 29 additions and 0 deletions
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@ -8,6 +8,7 @@
    ./hw.nix
    ./im.nix
    ./iptables.nix
+    ./org.freedesktop.machine1.host-shell.nix
    ./slock.nix
    ./x0vncserver.nix
    ./Xresources.nix
--- a/tv/3modules/org.freedesktop.machine1.host-shell.nix
+++ b/tv/3modules/org.freedesktop.machine1.host-shell.nix
@ -0,0 +1,28 @@
+{ config, ... }: let lib = import ../../lib; in {
+  options.org.freedesktop.machine1.host-shell.access = lib.mkOption {
+    default = {};
+    type =
+      lib.types.addCheck
+        (lib.types.attrsOf (lib.types.attrsOf lib.types.bool))
+        (x:
+          lib.all
+            lib.types.username.check
+            (lib.concatLists
+              (lib.mapAttrsToList
+                (name: value: [name] ++ lib.attrNames value)
+                x)));
+  };
+  config.security.polkit.extraConfig = let
+    cfg = config.org.freedesktop.machine1.host-shell;
+    enable = cfg.access != {};
+  in lib.optionalString enable /* js */ ''
+    polkit.addRule(function () {
+      var access = ${lib.toJSON cfg.access};
+      return function(action, subject) {
+        if (action.id === "org.freedesktop.machine1.host-shell"
+            && (access[subject.user]||{})[action.lookup("user")])
+          return polkit.Result.YES;
+      }
+    }());
+  '';
+}