trivionomicon: athena-bccr: fix Polkit authentication failures

author: Alejandro Soto <alejandro@34project.org> 2026-02-18 18:56:39 -0600
committer: Alejandro Soto <alejandro@34project.org> 2026-02-18 18:56:39 -0600
commit: 80ea8a98998e3ac14dac9759c29a363bd98f52ad (patch)
tree: 41a9449be43e8f1c6f5cf7138749f9baba9b8d0d /modules/athena-bccr
parent: 041b7b66814e0b72e8bbf1e75be5154f3ae72e02 (diff)
1 files changed, 16 insertions, 2 deletions
diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix
index 631185d..9532358 100644
--- a/modules/athena-bccr/sys.nix
+++ b/modules/athena-bccr/sys.nix
@@ -19,8 +19,22 @@ in {
     systemPackages = [athena.ase-pkcs11];
   };
 
-  #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
-  security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+  security = {
+    #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
+    pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+
+    polkit = {
+      enable = lib.mkDefault true;
+
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+            if (action.id == "org.debian.pcsc-lite.access_pcsc" && subject.isInGroup("users")) {
+                    return polkit.Result.YES;
+            }
+        });
+      '';
+    };
+  };
 
   services = {
     pcscd.enable = true;
author	Alejandro Soto <alejandro@34project.org>	2026-02-18 18:56:39 -0600
committer	Alejandro Soto <alejandro@34project.org>	2026-02-18 18:56:39 -0600
commit	80ea8a98998e3ac14dac9759c29a363bd98f52ad (patch)
tree	41a9449be43e8f1c6f5cf7138749f9baba9b8d0d /modules/athena-bccr
parent	041b7b66814e0b72e8bbf1e75be5154f3ae72e02 (diff)