1 files changed, 39 insertions, 0 deletions
diff --git a/system-profiles/sudo.nix b/system-profiles/sudo.nix
new file mode 100644
index 00000000..f2401b9f
--- /dev/null
+++ b/system-profiles/sudo.nix
@@ -0,0 +1,39 @@
+{ ... }:
+{
+  security.sudo.extraRules = [
+    { groups = "wheel";
+      commands = map (command: { inherit command; options = "NOPASSWD"; }) [
+        "/run/current-system/sw/sbin/shutdown"
+        "/run/current-system/sw/sbin/reboot"
+        "/run/current-system/sw/sbin/halt"
+        "/run/current-system/sw/bin/systemctl"
+      ];
+    }
+  ];
+  users.extraGroups.network = {};
+  security.polkit = {
+    enable = true;
+    extraConfig = ''
+      polkit.addRule(function(action, subject) {
+        if (    action.id == "org.freedesktop.systemd1.manage-units"
+             && subject.isInGroup("wheel")
+           ) {
+          return polkit.Result.YES;
+        }
+      });
+      polkit.addRule(function(action, subject) {
+        if ((action.id == "org.blueman.rfkill.setstate" ||
+             action.id == "org.blueman.network.setup" ||
+             action.id == "org.freedesktop.NetworkManager.settings.modify.system"
+            ) && subject.local
+            && subject.active && subject.isInGroup("network")
+           ) {
+          return polkit.Result.YES;
+        }
+      });
+    '';
+  };
+}

diff --git a/system-profiles/sudo.nix b/system-profiles/sudo.nix new file mode 100644 index 00000000..f2401b9f --- /dev/null +++ b/system-profiles/sudo.nix
@@ -0,0 +1,39 @@
	1	{ ... }:
	2	{
	3	security.sudo.extraRules = [
	4	{ groups = "wheel";
	5	commands = map (command: { inherit command; options = "NOPASSWD"; }) [
	6	"/run/current-system/sw/sbin/shutdown"
	7	"/run/current-system/sw/sbin/reboot"
	8	"/run/current-system/sw/sbin/halt"
	9	"/run/current-system/sw/bin/systemctl"
	10	];
	11	}
	12	];
	13
	14	users.extraGroups.network = {};
	15
	16	security.polkit = {
	17	enable = true;
	18	extraConfig = ''
	19	polkit.addRule(function(action, subject) {
	20	if ( action.id == "org.freedesktop.systemd1.manage-units"
	21	&& subject.isInGroup("wheel")
	22	) {
	23	return polkit.Result.YES;
	24	}
	25	});
	26
	27	polkit.addRule(function(action, subject) {
	28	if ((action.id == "org.blueman.rfkill.setstate" \|\|
	29	action.id == "org.blueman.network.setup" \|\|
	30	action.id == "org.freedesktop.NetworkManager.settings.modify.system"
	31	) && subject.local
	32	&& subject.active && subject.isInGroup("network")
	33	) {
	34	return polkit.Result.YES;
	35	}
	36	});
	37	'';
	38	};
	39	}