nushell, helium + pwas, niri session management

2026-03-03 00:26:21 +11:00 · 2026-03-03 00:26:21 +11:00 · 3b3bfb6b39
commit 3b3bfb6b39
parent cb72b47661
21 changed files with 816 additions and 464 deletions
--- a/common/security.nix
+++ b/common/security.nix
@ -0,0 +1,51 @@
+{
+  lib,
+  inputs,
+  getFlakePkg,
+  ...
+}:
+{
+  imports = [
+    inputs.run0-shim.nixosModules.default
+    inputs.yoke.nixosModules.default
+  ];
+  environment.shellAliases = {
+    #make run0 use aliases
+    run0 = "run0 --background='' ";
+    s = "run0";
+  };
+  services.dbus.implementation = "broker";
+  security = {
+    sudo.enable = false;
+    polkit = {
+      enable = true;
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+          if (action.id == "org.freedesktop.policykit.exec" ||
+              action.id.indexOf("org.freedesktop.systemd1.") == 0) {
+            return polkit.Result.AUTH_ADMIN_KEEP;
+          }
+        });
+      '';
+    };
+  };
+  environment.systemPackages = [ (getFlakePkg inputs.run0-shim) ];
+  security.soteria.enable = true;
+  systemd.user.services.polkit-soteria = {
+    after = [ "dbus.socket" ];
+    requires = [ "dbus.socket" ];
+    serviceConfig = {
+      Environment = [
+        "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%U/bus"
+      ];
+      # RestartSec = 3;
+    };
+    unitConfig = {
+      StartLimitIntervalSec = 30;
+      StartLimitBurst = 5;
+    };
+  };
+  # niri-flake is death
+  systemd.user.services.niri-flake-polkit = lib.mkForce { };
+  services.gnome.gnome-keyring.enable = lib.mkForce false;
+}