nixos/soteria: init module

This commit is contained in:
John Titor 2024-11-14 20:25:48 +05:30
parent 6b4078546b
commit 53712fa4a1
No known key found for this signature in database
GPG Key ID: 29B0514F4E3C1CC0
2 changed files with 51 additions and 0 deletions

View File

@ -362,6 +362,7 @@
./security/polkit.nix
./security/rngd.nix
./security/rtkit.nix
./security/soteria.nix
./security/sudo.nix
./security/sudo-rs.nix
./security/systemd-confinement.nix

View File

@ -0,0 +1,50 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.security.soteria;
in
{
options.security.soteria = {
enable = lib.mkEnableOption null // {
description = ''
Whether to enable Soteria, a Polkit authentication agent
for any desktop environment.
::: {.note}
You should only enable this if you are on a Desktop Environment that
does not provide a graphical polkit authentication agent, or you are on
a standalone window manager or Wayland compositor.
:::
'';
};
package = lib.mkPackageOption pkgs "soteria" { };
};
config = lib.mkIf cfg.enable {
security.polkit.enable = true;
environment.systemPackages = [ cfg.package ];
systemd.user.services.polkit-soteria = {
description = "Soteria, Polkit authentication agent for any desktop environment";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
script = lib.getExe cfg.package;
serviceConfig = {
Type = "simple";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
meta.maintainers = with lib.maintainers; [ johnrtitor ];
}