nixpkgs/modules/security/policykit.nix

{ config, pkgs, ... }:

with pkgs.lib;

let

  conf = pkgs.writeText "PolicyKit.conf"
    ''
      <?xml version="1.0" encoding="UTF-8"?>

      <!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
        "http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">

      <config version="0.1">
      </config>
    '';

in

{

  options = {

    security.policykit.enable = mkOption {
      default = false;
      description = "Enable PolicyKit (obsolete).";
    };

  };


  config = mkIf config.security.policykit.enable {

    environment.systemPackages = [ pkgs.policykit ];

    services.dbus.packages = [ pkgs.policykit ];

    security.pam.services = [ { name = "polkit"; } ];

    users.extraUsers = singleton
      { name = "polkituser";
        uid = config.ids.uids.polkituser;
        description = "PolicyKit user";
      };

    users.extraGroups = singleton
      { name = "polkituser";
        gid = config.ids.gids.polkituser;
      };

    environment.etc =
      [ { source = conf;
          target = "PolicyKit/PolicyKit.conf";
        }
        { source = (pkgs.buildEnv {
            name = "PolicyKit-policies";
            pathsToLink = [ "/share/PolicyKit/policy" ];
            paths = [ pkgs.policykit pkgs.consolekit pkgs.hal ];
          }) + "/share/PolicyKit/policy";
          target = "PolicyKit/policy";
        }
      ];

    system.activationScripts.policyKit = stringAfter [ "users" ]
      ''
        mkdir -m 0770 -p /var/run/PolicyKit
        chown root:polkituser /var/run/PolicyKit

        mkdir -m 0770 -p /var/lib/PolicyKit
        chown root:polkituser /var/lib/PolicyKit

        mkdir -p /var/lib/misc
        touch /var/lib/misc/PolicyKit.reload
        chmod 0664 /var/lib/misc/PolicyKit.reload
        chown polkituser:polkituser /var/lib/misc/PolicyKit.reload
      '';

  };

}
* A module for the old PolicyKit. svn path=/nixos/trunk/; revision=17433 2009-09-26 01:06:38 +02:00			`{ config, pkgs, ... }:`

			`with pkgs.lib;`

* Install a PolicyKit policy configuration file. There should be a configuration option to add to this file. svn path=/nixos/trunk/; revision=17436 2009-09-26 02:07:52 +02:00			`let`

			`conf = pkgs.writeText "PolicyKit.conf"`
			`''`
			`<?xml version="1.0" encoding="UTF-8"?>`

			`<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"`
			`"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">`

			`<config version="0.1">`
			`</config>`
			`'';`

			`in`

* A module for the old PolicyKit. svn path=/nixos/trunk/; revision=17433 2009-09-26 01:06:38 +02:00			`{`

* Don't enable HAL by default anymore. It's obsolete. It's still enabled by modules that need it (KDE < 4.7, Xfce). * Don't enable the PolicyKit module by default either, it's also obsolete (replaced by PolKit). It's still enabled if HAL is enabled. svn path=/nixos/trunk/; revision=27933 2011-07-25 02:52:59 +02:00			`options = {`
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285 2011-09-14 20:20:50 +02:00
* Don't enable HAL by default anymore. It's obsolete. It's still enabled by modules that need it (KDE < 4.7, Xfce). * Don't enable the PolicyKit module by default either, it's also obsolete (replaced by PolKit). It's still enabled if HAL is enabled. svn path=/nixos/trunk/; revision=27933 2011-07-25 02:52:59 +02:00			`security.policykit.enable = mkOption {`
			`default = false;`
			`description = "Enable PolicyKit (obsolete).";`
			`};`

			`};`


			`config = mkIf config.security.policykit.enable {`
* A module for the old PolicyKit. svn path=/nixos/trunk/; revision=17433 2009-09-26 01:06:38 +02:00
			`environment.systemPackages = [ pkgs.policykit ];`

			`services.dbus.packages = [ pkgs.policykit ];`

			`security.pam.services = [ { name = "polkit"; } ];`

			`users.extraUsers = singleton`
			`{ name = "polkituser";`
			`uid = config.ids.uids.polkituser;`
			`description = "PolicyKit user";`
			`};`

			`users.extraGroups = singleton`
			`{ name = "polkituser";`
			`gid = config.ids.gids.polkituser;`
			`};`

* Tell PolicyKit about the policies of HAL and ConsoleKit. svn path=/nixos/trunk/; revision=17439 2009-09-26 12:32:57 +02:00			`environment.etc =`
			`[ { source = conf;`
			`target = "PolicyKit/PolicyKit.conf";`
			`}`
			`{ source = (pkgs.buildEnv {`
			`name = "PolicyKit-policies";`
			`pathsToLink = [ "/share/PolicyKit/policy" ];`
			`paths = [ pkgs.policykit pkgs.consolekit pkgs.hal ];`
			`}) + "/share/PolicyKit/policy";`
			`target = "PolicyKit/policy";`
			`}`
			`];`
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285 2011-09-14 20:20:50 +02:00
Some cleanups in the activation script: * Moved some scriptlets to the appropriate modules. * Put the scriptlet that sets the default path at the start, since it never makes sense not to have it there. It no longer needs to be declared as a dependency. * If a scriptlet has no dependencies, it can be denoted as a plain string (i.e., `noDepEntry' is not needed anymore). svn path=/nixos/trunk/; revision=23762 2010-09-13 17:41:38 +02:00			`system.activationScripts.policyKit = stringAfter [ "users" ]`
* A module for the old PolicyKit. svn path=/nixos/trunk/; revision=17433 2009-09-26 01:06:38 +02:00			`''`
			`mkdir -m 0770 -p /var/run/PolicyKit`
* Don't use ‘chown user.group’ since that syntax is not officially supported (you're supposed to say ‘chown user:group’). svn path=/nixos/trunk/; revision=34161 2012-05-17 21:43:32 +02:00			`chown root:polkituser /var/run/PolicyKit`
* A module for the old PolicyKit. svn path=/nixos/trunk/; revision=17433 2009-09-26 01:06:38 +02:00
			`mkdir -m 0770 -p /var/lib/PolicyKit`
* Don't use ‘chown user.group’ since that syntax is not officially supported (you're supposed to say ‘chown user:group’). svn path=/nixos/trunk/; revision=34161 2012-05-17 21:43:32 +02:00			`chown root:polkituser /var/lib/PolicyKit`
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285 2011-09-14 20:20:50 +02:00
* A module for the old PolicyKit. svn path=/nixos/trunk/; revision=17433 2009-09-26 01:06:38 +02:00			`mkdir -p /var/lib/misc`
			`touch /var/lib/misc/PolicyKit.reload`
			`chmod 0664 /var/lib/misc/PolicyKit.reload`
* Don't use ‘chown user.group’ since that syntax is not officially supported (you're supposed to say ‘chown user:group’). svn path=/nixos/trunk/; revision=34161 2012-05-17 21:43:32 +02:00			`chown polkituser:polkituser /var/lib/misc/PolicyKit.reload`
Some cleanups in the activation script: * Moved some scriptlets to the appropriate modules. * Put the scriptlet that sets the default path at the start, since it never makes sense not to have it there. It no longer needs to be declared as a dependency. * If a scriptlet has no dependencies, it can be denoted as a plain string (i.e., `noDepEntry' is not needed anymore). svn path=/nixos/trunk/; revision=23762 2010-09-13 17:41:38 +02:00			`'';`
* A module for the old PolicyKit. svn path=/nixos/trunk/; revision=17433 2009-09-26 01:06:38 +02:00
			`};`

			`}`