summaryrefslogtreecommitdiff
path: root/trivionomicon/modules/athena-bccr/sys.nix
diff options
context:
space:
mode:
authorAlejandro Soto <alejandro@34project.org>2026-02-18 18:56:39 -0600
committerAlejandro Soto <alejandro@34project.org>2026-02-18 18:56:39 -0600
commitbe0e26b54ce5f03e4174df9f24f6dee45495987b (patch)
treee63fda45e145b90cb7416d243c91eaa13a6962e8 /trivionomicon/modules/athena-bccr/sys.nix
parent3a3d68a295f1fbc69ca4014f4a15ce8350138415 (diff)
trivionomicon: athena-bccr: fix Polkit authentication failures
Diffstat (limited to 'trivionomicon/modules/athena-bccr/sys.nix')
-rw-r--r--trivionomicon/modules/athena-bccr/sys.nix18
1 files changed, 16 insertions, 2 deletions
diff --git a/trivionomicon/modules/athena-bccr/sys.nix b/trivionomicon/modules/athena-bccr/sys.nix
index 631185d..9532358 100644
--- a/trivionomicon/modules/athena-bccr/sys.nix
+++ b/trivionomicon/modules/athena-bccr/sys.nix
@@ -19,8 +19,22 @@ in {
systemPackages = [athena.ase-pkcs11];
};
- #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
- security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+ security = {
+ #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
+ pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+
+ polkit = {
+ enable = lib.mkDefault true;
+
+ extraConfig = ''
+ polkit.addRule(function(action, subject) {
+ if (action.id == "org.debian.pcsc-lite.access_pcsc" && subject.isInGroup("users")) {
+ return polkit.Result.YES;
+ }
+ });
+ '';
+ };
+ };
services = {
pcscd.enable = true;
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 08:14:20 +0000