base/polkit: default to username if in group wheel

2026-01-17 03:59:55 +09:00
parent 0040c310f0
commit 7c0a233f7e
2 changed files with 16 additions and 0 deletions
@@ -24,6 +24,7 @@
    ./services/logrotate.nix
    ./services/nginx.nix
    ./services/openssh.nix
+    ./services/polkit.nix
    ./services/postfix.nix
    ./services/prometheus-node-exporter.nix
    ./services/prometheus-systemd-exporter.nix
@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+let
+  cfg = config.security.polkit;
+in
+{
+  security.polkit.enable = true;
+
+  environment.etc."polkit-1/rules.d/9-nixos-overrides.rules".text = lib.mkIf cfg.enable ''
+    polkit.addAdminRule(function(action, subject) {
+        if(subject.isInGroup("wheel")) {
+            return ["unix-user:"+subject.user];
+        }
+    });
+  '';
+}