nixpkgs-suyu/modules/security/policykit.nix
Eelco Dolstra 801cd7402c * Don't use ‘chown user.group’ since that syntax is not officially
supported (you're supposed to say ‘chown user:group’).

svn path=/nixos/trunk/; revision=34161
2012-05-17 19:43:32 +00:00

80 lines
1.8 KiB
Nix

{ config, pkgs, ... }:
with pkgs.lib;
let
conf = pkgs.writeText "PolicyKit.conf"
''
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
<config version="0.1">
</config>
'';
in
{
options = {
security.policykit.enable = mkOption {
default = false;
description = "Enable PolicyKit (obsolete).";
};
};
config = mkIf config.security.policykit.enable {
environment.systemPackages = [ pkgs.policykit ];
services.dbus.packages = [ pkgs.policykit ];
security.pam.services = [ { name = "polkit"; } ];
users.extraUsers = singleton
{ name = "polkituser";
uid = config.ids.uids.polkituser;
description = "PolicyKit user";
};
users.extraGroups = singleton
{ name = "polkituser";
gid = config.ids.gids.polkituser;
};
environment.etc =
[ { source = conf;
target = "PolicyKit/PolicyKit.conf";
}
{ source = (pkgs.buildEnv {
name = "PolicyKit-policies";
pathsToLink = [ "/share/PolicyKit/policy" ];
paths = [ pkgs.policykit pkgs.consolekit pkgs.hal ];
}) + "/share/PolicyKit/policy";
target = "PolicyKit/policy";
}
];
system.activationScripts.policyKit = stringAfter [ "users" ]
''
mkdir -m 0770 -p /var/run/PolicyKit
chown root:polkituser /var/run/PolicyKit
mkdir -m 0770 -p /var/lib/PolicyKit
chown root:polkituser /var/lib/PolicyKit
mkdir -p /var/lib/misc
touch /var/lib/misc/PolicyKit.reload
chmod 0664 /var/lib/misc/PolicyKit.reload
chown polkituser:polkituser /var/lib/misc/PolicyKit.reload
'';
};
}