meta: reorganize nix-os and hosts to single directory nixos

2025-05-18 18:44:51 +02:00 · 2025-05-18 18:44:51 +02:00 · cb05ce5b44
commit cb05ce5b44
parent be46e02c61
76 changed files with 54 additions and 52 deletions
--- a/nixos/modules/polkit/disable-shutdown.nix
+++ b/nixos/modules/polkit/disable-shutdown.nix
@ -0,0 +1,44 @@
+{
+  config = {
+    security.polkit.extraConfig = ''
+      polkit.addRule(function(action, subject) {
+        polkit.log("action=" + action);
+        polkit.log("subject=" + subject);
+        if (
+          action.id == "org.freedesktop.login1.halt" ||
+          action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.halt-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.hibernate" ||
+          action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.inhibit-block-idle" ||
+          action.id == "org.freedesktop.login1.inhibit-block-shutdown" ||
+          action.id == "org.freedesktop.login1.inhibit-block-sleep" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-hibernate-key" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-lid-switch" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-power-key" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-reboot-key" ||
+          action.id == "org.freedesktop.login1.inhibit-handle-suspend-key" ||
+          action.id == "org.freedesktop.login1.power-off" ||
+          action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.reboot" ||
+          action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+          action.id == "org.freedesktop.login1.set-reboot-parameter" ||
+          action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" ||
+          action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" ||
+          action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
+          action.id == "org.freedesktop.login1.set-self-linger" ||
+          action.id == "org.freedesktop.login1.set-user-linger" ||
+          action.id == "org.freedesktop.login1.set-wall-message" ||
+          action.id == "org.freedesktop.login1.suspend" ||
+          action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
+          action.id == "org.freedesktop.login1.suspend-multiple-sessions"
+        ) {
+          return subject.active ? polkit.Result.AUTH_ADMIN : polkit.Result.NO;
+        };
+      });
+    '';
+  };
+}
--- a/nixos/modules/polkit/network.nix
+++ b/nixos/modules/polkit/network.nix
@ -0,0 +1,17 @@
+{
+  config = {
+    security.polkit.extraConfig = ''
+      polkit.addRule(function(action, subject) {
+        // Allow to start and stop wireguard client services
+        if (
+          action.id == "org.freedesktop.systemd1.manage-units" &&
+          subject.isInGroup("users") &&
+          action.lookup("unit") &&
+          action.lookup("unit").match(/^wg-quick-.*\.service$/)
+        ) {
+          return polkit.Result.YES;
+        };
+      });
+    '';
+  };
+}