From 2bf3c6c9269b36f3078529a2f075645d59ddc56e Mon Sep 17 00:00:00 2001
From: William Carroll <wpcarro@gmail.com>
Date: Sun, 16 Aug 2020 19:06:42 +0100
Subject: Log all polkit actions to find action.id for nixos-rebuild

I would like to setup a polkit rule to allow `buildkite-agent` (i.e. a
forthcoming user) to call `nixos-rebuild`. I need to know the `action.id` before
I can write a reliable rule.
---
 nixos/socrates/configuration.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'nixos')

diff --git a/nixos/socrates/configuration.nix b/nixos/socrates/configuration.nix
index b9d2b23485bb..469e2f45dccc 100644
--- a/nixos/socrates/configuration.nix
+++ b/nixos/socrates/configuration.nix
@@ -163,6 +163,12 @@ in {
   # lid.
   services.logind.lidSwitch = "ignore";
 
+  security.polkit.extraConfig = ''
+    polkit.addRule(function(action, subject) {
+      polkit.log("subject.user: " + subject.user + " is attempting action.id: " + action.id);
+    });
+  '';
+
   # Provision SSL certificates to support HTTPS connections.
   security.acme.acceptTerms = true;
   security.acme.email = "wpcarro@gmail.com";
-- 
cgit 1.4.1