forked from colin/nix-files
systemd: allow wheel
users to start/stop any service
This commit is contained in:
parent
04f4d330a8
commit
3e35210e4b
|
@ -7,9 +7,12 @@ let
|
|||
haltTimeout = 10;
|
||||
in
|
||||
{
|
||||
# allow ordinary users to `reboot` or `shutdown`.
|
||||
# source: <https://nixos.wiki/wiki/Polkit>
|
||||
security.polkit.extraConfig = ''
|
||||
/* allow ordinary users to:
|
||||
* - reboot
|
||||
* - shutdown
|
||||
* source: <https://nixos.wiki/wiki/Polkit>
|
||||
*/
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (
|
||||
subject.isInGroup("users")
|
||||
|
@ -24,6 +27,19 @@ in
|
|||
return polkit.Result.YES;
|
||||
}
|
||||
})
|
||||
|
||||
/* allow members of wheel to:
|
||||
* - systemctl daemon-reload
|
||||
* - systemctl stop|start|restart SERVICE
|
||||
*/
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (subject.isInGroup("wheel") && (
|
||||
action.id == "org.freedesktop.systemd1.reload-daemon" ||
|
||||
action.id == "org.freedesktop.systemd1.manage-units"
|
||||
)) {
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
})
|
||||
'';
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
|
|
Loading…
Reference in New Issue
Block a user