* A module for the old PolicyKit.

svn path=/nixos/trunk/; revision=17433

modules/misc/ids.nix

@@ -47,8 +47,10 @@ in
     gnunetd = 17;
     pulseaudio = 22; # must match `pulseaudio' GID
     gpsd = 23;
-    uptimed = 24;
+    polkituser = 28;
-    ddclient = 25;
+    uptimed = 29;
+    ddclient = 30;
+    # When adding a uid, make sure it doesn't match an existing gid.
 
     nixbld = 30000; # start of range of uids
     nobody = 65534;
@@ -82,6 +84,8 @@ in
     tape = 25;
     video = 26;
     dialout = 27;
+    polkituser = 28;
+    # When adding a gid, make sure it doesn't match an existing uid.
 
     users = 100;
     nixbld = 30000;

modules/module-list.nix

@@ -28,7 +28,8 @@
   ./programs/ssmtp.nix
   ./security/consolekit.nix
   ./security/pam.nix
-  ./security/polkit.nix
+  ./security/policykit.nix
+  #./security/polkit.nix # Currently disabled; using the old policykit.
   ./security/setuid-wrappers.nix
   ./security/sudo.nix
   ./services/audio/alsa.nix

modules/security/policykit.nix

@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  config = {
+
+    environment.systemPackages = [ pkgs.policykit ];
+
+    services.dbus.packages = [ pkgs.policykit ];
+
+    security.pam.services = [ { name = "polkit"; } ];
+
+    users.extraUsers = singleton
+      { name = "polkituser";
+        uid = config.ids.uids.polkituser;
+        description = "PolicyKit user";
+      };
+
+    users.extraGroups = singleton
+      { name = "polkituser";
+        gid = config.ids.gids.polkituser;
+      };
+
+    system.activationScripts.policyKit = fullDepEntry
+      ''
+        mkdir -m 0770 -p /var/run/PolicyKit
+        chown root.polkituser /var/run/PolicyKit
+
+        mkdir -m 0770 -p /var/lib/PolicyKit
+        chown root.polkituser /var/lib/PolicyKit
+        
+        mkdir -p /var/lib/misc
+        touch /var/lib/misc/PolicyKit.reload
+        chmod 0664 /var/lib/misc/PolicyKit.reload
+        chown polkituser.polkituser /var/lib/misc/PolicyKit.reload
+      '' [ "users" ];
+
+  };
+
+}