commit 0527ccaca79691e9f8782ec049597e5a7004ae49 · pyrox.dev/nixpkgs

+37
nixos/modules/services/misc/moonraker.nix
···

       79
       79
        
                 for supported values.

     

       80
       80
        
               '';

     

       81
       81
        
             };

     

       82
       82
       +
       

     

       83
       83
       +
             allowSystemControl = mkOption {

     

       84
       84
       +
               type = types.bool;

     

       85
       85
       +
               default = false;

     

       86
       86
       +
               description = ''

     

       87
       87
       +
                 Whether to allow Moonraker to perform system-level operations.

     

       88
       88
       +
       

     

       89
       89
       +
                 Moonraker exposes APIs to perform system-level operations, such as

     

       90
       90
       +
                 reboot, shutdown, and management of systemd units. See the

     

       91
       91
       +
                 <link xlink:href="https://moonraker.readthedocs.io/en/latest/web_api/#machine-commands">documentation</link>

     

       92
       92
       +
                 for details on what clients are able to do.

     

       93
       93
       +
               '';

     

       94
       94
       +
             };

     

       82
       95
        
           };

     

       83
       96
        
         };

     

       84
       97
        
       

     

       85
       98
        
         config = mkIf cfg.enable {

     

       86
       99
        
           warnings = optional (cfg.settings ? update_manager)

     

       87
       100
        
             ''Enabling update_manager is not supported on NixOS and will lead to non-removable warnings in some clients.'';

     

       101
       101
       +
       

     

       102
       102
       +
           assertions = [

     

       103
       103
       +
             {

     

       104
       104
       +
               assertion = cfg.allowSystemControl -> config.security.polkit.enable;

     

       105
       105
       +
               message = "services.moonraker.allowSystemControl requires polkit to be enabled (security.polkit.enable).";

     

       106
       106
       +
             }

     

       107
       107
       +
           ];

     

       88
       108
        
       

     

       89
       109
        
           users.users = optionalAttrs (cfg.user == "moonraker") {

     

       90
       110
        
             moonraker = {

     
···

       137
       157
        
               User = cfg.user;

     

       138
       158
        
             };

     

       139
       159
        
           };

     

       160
       160
       +
       

     

       161
       161
       +
           security.polkit.extraConfig = lib.optionalString cfg.allowSystemControl ''

     

       162
       162
       +
             // nixos/moonraker: Allow Moonraker to perform system-level operations

     

       163
       163
       +
             //

     

       164
       164
       +
             // This was enabled via services.moonraker.allowSystemControl.

     

       165
       165
       +
             polkit.addRule(function(action, subject) {

     

       166
       166
       +
               if ((action.id == "org.freedesktop.systemd1.manage-units" ||

     

       167
       167
       +
                    action.id == "org.freedesktop.login1.power-off" ||

     

       168
       168
       +
                    action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||

     

       169
       169
       +
                    action.id == "org.freedesktop.login1.reboot" ||

     

       170
       170
       +
                    action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||

     

       171
       171
       +
                    action.id.startsWith("org.freedesktop.packagekit.")) &&

     

       172
       172
       +
                    subject.user == "${cfg.user}") {

     

       173
       173
       +
                 return polkit.Result.YES;

     

       174
       174
       +
               }

     

       175
       175
       +
             });

     

       176
       176
       +
           '';

     

       140
       177
        
         };

     

       141
       178
        
       }