base/polkit: default to username if in group wheel

2026-01-19 17:39:15 +01:00 · 2026-01-17 03:59:55 +09:00
parent d66aab1e61
commit 3a0ea9c338
2 changed files with 16 additions and 0 deletions
--- a/base/services/polkit.nix
+++ b/base/services/polkit.nix
@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+let
+  cfg = config.security.polkit;
+in
+{
+  security.polkit.enable = true;
+
+  environment.etc."polkit-1/rules.d/9-nixos-overrides.rules".text = lib.mkIf cfg.enable ''
+    polkit.addAdminRule(function(action, subject) {
+        if(subject.isInGroup("wheel")) {
+            return ["unix-user:"+subject.user];
+        }
+    });
+  '';
+}