2024-05-29 11:42:16 +00:00
|
|
|
|
{ ... }:
|
2024-03-07 01:01:06 +00:00
|
|
|
|
let
|
|
|
|
|
# N.B.: systemd doesn't like to honor its timeout settings.
|
|
|
|
|
# a timeout of 20s is actually closer to 70s,
|
|
|
|
|
# because it allows 20s, then after the 20s passes decides to allow 40s, then 60s,
|
|
|
|
|
# finally it peacefully kills stuff, and then 10s later actually kills shit.
|
|
|
|
|
haltTimeout = 10;
|
|
|
|
|
in
|
2024-02-20 12:18:28 +00:00
|
|
|
|
{
|
2024-02-20 12:25:04 +00:00
|
|
|
|
security.polkit.extraConfig = ''
|
2024-06-13 01:30:18 +00:00
|
|
|
|
/* allow ordinary users to:
|
|
|
|
|
* - reboot
|
|
|
|
|
* - shutdown
|
|
|
|
|
* source: <https://nixos.wiki/wiki/Polkit>
|
|
|
|
|
*/
|
2024-02-20 12:25:04 +00:00
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
|
if (
|
|
|
|
|
subject.isInGroup("users")
|
|
|
|
|
&& (
|
|
|
|
|
action.id == "org.freedesktop.login1.reboot" ||
|
|
|
|
|
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
|
|
|
|
|
action.id == "org.freedesktop.login1.power-off" ||
|
|
|
|
|
action.id == "org.freedesktop.login1.power-off-multiple-sessions"
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
{
|
|
|
|
|
return polkit.Result.YES;
|
|
|
|
|
}
|
|
|
|
|
})
|
2024-06-13 01:30:18 +00:00
|
|
|
|
|
|
|
|
|
/* allow members of wheel to:
|
|
|
|
|
* - systemctl daemon-reload
|
|
|
|
|
* - systemctl stop|start|restart SERVICE
|
|
|
|
|
*/
|
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
|
if (subject.isInGroup("wheel") && (
|
|
|
|
|
action.id == "org.freedesktop.systemd1.reload-daemon" ||
|
|
|
|
|
action.id == "org.freedesktop.systemd1.manage-units"
|
|
|
|
|
)) {
|
|
|
|
|
return polkit.Result.YES;
|
|
|
|
|
}
|
|
|
|
|
})
|
2024-02-20 12:25:04 +00:00
|
|
|
|
'';
|
2024-06-04 14:09:58 +00:00
|
|
|
|
|
|
|
|
|
services.journald.extraConfig = ''
|
|
|
|
|
# docs: `man journald.conf`
|
|
|
|
|
# merged journald config is deployed to /etc/systemd/journald.conf
|
|
|
|
|
[Journal]
|
|
|
|
|
# disable journal compression because the underlying fs is compressed
|
|
|
|
|
Compress=no
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
# see: `man logind.conf`
|
|
|
|
|
# don’t shutdown when power button is short-pressed (commonly done an accident, or by cats).
|
|
|
|
|
# but do on long-press: useful to gracefully power-off server.
|
|
|
|
|
services.logind.powerKey = "lock";
|
|
|
|
|
services.logind.powerKeyLongPress = "poweroff";
|
|
|
|
|
services.logind.lidSwitch = "lock";
|
|
|
|
|
|
|
|
|
|
systemd.extraConfig = ''
|
|
|
|
|
# DefaultTimeoutStopSec defaults to 90s, and frequently blocks overall system shutdown.
|
|
|
|
|
DefaultTimeoutStopSec=${builtins.toString haltTimeout}
|
|
|
|
|
'';
|
2024-02-20 12:18:28 +00:00
|
|
|
|
}
|