systemd: allow wheel
users to start/stop any service
This commit is contained in:
parent
04f4d330a8
commit
3e35210e4b
|
@ -7,9 +7,12 @@ let
|
||||||
haltTimeout = 10;
|
haltTimeout = 10;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# allow ordinary users to `reboot` or `shutdown`.
|
|
||||||
# source: <https://nixos.wiki/wiki/Polkit>
|
|
||||||
security.polkit.extraConfig = ''
|
security.polkit.extraConfig = ''
|
||||||
|
/* allow ordinary users to:
|
||||||
|
* - reboot
|
||||||
|
* - shutdown
|
||||||
|
* source: <https://nixos.wiki/wiki/Polkit>
|
||||||
|
*/
|
||||||
polkit.addRule(function(action, subject) {
|
polkit.addRule(function(action, subject) {
|
||||||
if (
|
if (
|
||||||
subject.isInGroup("users")
|
subject.isInGroup("users")
|
||||||
|
@ -24,6 +27,19 @@ in
|
||||||
return polkit.Result.YES;
|
return polkit.Result.YES;
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
/* allow members of wheel to:
|
||||||
|
* - systemctl daemon-reload
|
||||||
|
* - systemctl stop|start|restart SERVICE
|
||||||
|
*/
|
||||||
|
polkit.addRule(function(action, subject) {
|
||||||
|
if (subject.isInGroup("wheel") && (
|
||||||
|
action.id == "org.freedesktop.systemd1.reload-daemon" ||
|
||||||
|
action.id == "org.freedesktop.systemd1.manage-units"
|
||||||
|
)) {
|
||||||
|
return polkit.Result.YES;
|
||||||
|
}
|
||||||
|
})
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.journald.extraConfig = ''
|
services.journald.extraConfig = ''
|
||||||
|
|
Loading…
Reference in New Issue
Block a user