* A module for the old PolicyKit.
svn path=/nixos/trunk/; revision=17433
This commit is contained in:
parent
684eb63658
commit
69f68c319d
|
@ -47,8 +47,10 @@ in
|
|||
gnunetd = 17;
|
||||
pulseaudio = 22; # must match `pulseaudio' GID
|
||||
gpsd = 23;
|
||||
uptimed = 24;
|
||||
ddclient = 25;
|
||||
polkituser = 28;
|
||||
uptimed = 29;
|
||||
ddclient = 30;
|
||||
# When adding a uid, make sure it doesn't match an existing gid.
|
||||
|
||||
nixbld = 30000; # start of range of uids
|
||||
nobody = 65534;
|
||||
|
@ -82,6 +84,8 @@ in
|
|||
tape = 25;
|
||||
video = 26;
|
||||
dialout = 27;
|
||||
polkituser = 28;
|
||||
# When adding a gid, make sure it doesn't match an existing uid.
|
||||
|
||||
users = 100;
|
||||
nixbld = 30000;
|
||||
|
|
|
@ -28,7 +28,8 @@
|
|||
./programs/ssmtp.nix
|
||||
./security/consolekit.nix
|
||||
./security/pam.nix
|
||||
./security/polkit.nix
|
||||
./security/policykit.nix
|
||||
#./security/polkit.nix # Currently disabled; using the old policykit.
|
||||
./security/setuid-wrappers.nix
|
||||
./security/sudo.nix
|
||||
./services/audio/alsa.nix
|
||||
|
|
42
modules/security/policykit.nix
Normal file
42
modules/security/policykit.nix
Normal file
|
@ -0,0 +1,42 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
|
||||
{
|
||||
|
||||
config = {
|
||||
|
||||
environment.systemPackages = [ pkgs.policykit ];
|
||||
|
||||
services.dbus.packages = [ pkgs.policykit ];
|
||||
|
||||
security.pam.services = [ { name = "polkit"; } ];
|
||||
|
||||
users.extraUsers = singleton
|
||||
{ name = "polkituser";
|
||||
uid = config.ids.uids.polkituser;
|
||||
description = "PolicyKit user";
|
||||
};
|
||||
|
||||
users.extraGroups = singleton
|
||||
{ name = "polkituser";
|
||||
gid = config.ids.gids.polkituser;
|
||||
};
|
||||
|
||||
system.activationScripts.policyKit = fullDepEntry
|
||||
''
|
||||
mkdir -m 0770 -p /var/run/PolicyKit
|
||||
chown root.polkituser /var/run/PolicyKit
|
||||
|
||||
mkdir -m 0770 -p /var/lib/PolicyKit
|
||||
chown root.polkituser /var/lib/PolicyKit
|
||||
|
||||
mkdir -p /var/lib/misc
|
||||
touch /var/lib/misc/PolicyKit.reload
|
||||
chmod 0664 /var/lib/misc/PolicyKit.reload
|
||||
chown polkituser.polkituser /var/lib/misc/PolicyKit.reload
|
||||
'' [ "users" ];
|
||||
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in a new issue