From 65670311112f09f8e36b5ec714de0c222e61a09f Mon Sep 17 00:00:00 2001 From: midchildan Date: Thu, 13 May 2021 02:57:49 +0900 Subject: [PATCH] nixos/mirakurun: add polkit rule for smart card access (#122066) Fixes #122039 --- nixos/modules/services/video/mirakurun.nix | 23 +++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/video/mirakurun.nix b/nixos/modules/services/video/mirakurun.nix index ce1dabe6bfa1..6ea73fa5c679 100644 --- a/nixos/modules/services/video/mirakurun.nix +++ b/nixos/modules/services/video/mirakurun.nix @@ -8,6 +8,18 @@ let username = config.users.users.mirakurun.name; groupname = config.users.users.mirakurun.group; settingsFmt = pkgs.formats.yaml {}; + + polkitRule = pkgs.writeTextDir "share/polkit-1/rules.d/10-mirakurun.rules" '' + polkit.addRule(function (action, subject) { + if ( + (action.id == "org.debian.pcsc-lite.access_pcsc" || + action.id == "org.debian.pcsc-lite.access_card") && + subject.user == "${username}" + ) { + return polkit.Result.YES; + } + }); + ''; in { options = { @@ -48,6 +60,15 @@ in ''; }; + allowSmartCardAccess = mkOption { + type = types.bool; + default = true; + description = '' + Install polkit rules to allow Mirakurun to access smart card readers + which is commonly used along with tuner devices. + ''; + }; + serverSettings = mkOption { type = settingsFmt.type; default = {}; @@ -110,7 +131,7 @@ in }; config = mkIf cfg.enable { - environment.systemPackages = [ mirakurun ]; + environment.systemPackages = [ mirakurun ] ++ optional cfg.allowSmartCardAccess polkitRule; environment.etc = { "mirakurun/server.yml".source = settingsFmt.generate "server.yml" cfg.serverSettings; "mirakurun/tuners.yml" = mkIf (cfg.tunerSettings != null) {