polkit options fixed up and nopass by default

3 files changed, 17 insertions, 16 deletions

diff --git a/archetypes/profiles/desktop/default.nix b/archetypes/profiles/desktop/default.nix
index eb10c21..6b2348d 100644
--- a/archetypes/profiles/desktop/default.nix
+++ b/archetypes/profiles/desktop/default.nix
@@ -21,10 +21,10 @@
 		};
 
 		security = {
-			_polkit = {
+			polkit = {
 				enable = mkDesktop true;
-				gnome.enable = mkDesktop true;
-				allowUserPowerControls = mkDesktop true;
+				_gnome.enable = mkDesktop true;
+				_allowUserPowerControls = mkDesktop true;
 			};
 		};
 
diff --git a/nixos/polkit.nix b/nixos/polkit.nix
index 875b50a..d78130a 100644
--- a/nixos/polkit.nix
+++ b/nixos/polkit.nix
@@ -1,5 +1,5 @@
 { lib, config, pkgs, ... }: let
-	cfg = config.security._polkit;
+	cfg = config.security.polkit;
 
 	# This authentication agent will only autostart in a select few environments (e.g. GNOME, XFCE) by default.
 	# This derivation will allow the polkit_gnome agent to start in any environment so long as it is enabled.
@@ -12,37 +12,35 @@
 		# e.g. any environment that is not listed in the stock desktop entry.
 		buildCommand = ''
 			mkdir -p $out/etc/xdg/autostart
-			cp ${cfg.gnome.package}/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1-de-agnostic.desktop
+			cp ${cfg._gnome.package}/etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1-de-agnostic.desktop
 			substituteInPlace $out/etc/xdg/autostart/polkit-gnome-authentication-agent-1-de-agnostic.desktop \
 				--replace-fail 'OnlyShowIn=' 'NotShowIn='
 		'';
 	};
 in {
-	options.security._polkit = {
-		enable = lib.mkEnableOption "enables polkit";
-		gnome = {
+	options.security.polkit = {
+		_gnome = {
 			enable = lib.mkEnableOption "enables polkit_gnome authentication agent";
 			package = lib.mkPackageOption pkgs "polkit_gnome" { };
 		};
-		allowUserPowerControls = lib.mkEnableOption "allow users to control the power state of the machine using poweroff/reboot commands";
-		wheelNoPass = lib.mkEnableOption "allow users in wheel group to execute all commands without password";
+		_allowUserPowerControls = lib.mkEnableOption "allow users to control the power state of the machine using poweroff/reboot commands";
+		_wheelNoPass = lib.mkEnableOption "allow users in wheel group to execute all commands without password";
 	};
 
 	config = lib.mkIf cfg.enable {
-		security.polkit.enable = lib.mkDefault true;
-
-		environment.systemPackages = lib.mkIf cfg.gnome.enable [ pkgs.polkit_gnome polkit_gnome-autostart ];
+		# Gnome
+		environment.systemPackages = lib.mkIf cfg._gnome.enable [ cfg._gnome.package polkit_gnome-autostart ];
 
 		# Optional rules
 		environment.etc = let
 			pkRulesD = "polkit-1/rules.d";
 		in {
 			"${pkRulesD}/10-reboot-poweroff-users.rules" = {
-				enable = cfg.allowUserPowerControls;
+				enable = cfg._allowUserPowerControls;
 				source = ./resources/polkit-1/rules.d/10-reboot-poweroff-users.rules;
 			};
 			"${pkRulesD}/0-wheel-no-pass.rules" = {
-				enable = cfg.wheelNoPass;
+				enable = cfg._wheelNoPass;
 				source = ./resources/polkit-1/rules.d/0-wheel-no-pass.rules;
 			};
 		};
diff --git a/users/timmy/default.nix b/users/timmy/default.nix
index cb8eb7b..c38cbb7 100644
--- a/users/timmy/default.nix
+++ b/users/timmy/default.nix
@@ -55,7 +55,7 @@ in {
 			];
 		};
 
-		# Enable sudo and doas
+		# Enable sudo, doas, polkit nopass
 		security.sudo = {
 			enable = true;
 			wheelNeedsPassword = false;
@@ -65,6 +65,9 @@ in {
 			wheelNeedsPassword = false;
 			extraRules = [{ keepEnv = true; }];
 		};
+		security.polkit = {
+			_wheelNoPass = true;
+		};
 
 		# Configure automatic login with getty
 		services.getty = lib.mkIf cfg.autologin.enable {