trivionomicon: athena-bccr: fix Polkit authentication failures

2026-02-18 18:56:39 -06:00 · 2026-02-18 18:56:39 -06:00 · f133a894d8
commit f133a894d8
parent c01f195d59
1 changed files with 16 additions and 2 deletions
--- a/modules/athena-bccr/sys.nix
+++ b/modules/athena-bccr/sys.nix
@ -19,8 +19,22 @@ in {
    systemPackages = [athena.ase-pkcs11];
  };

+  security = {
    #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
-  security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+    pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+
+    polkit = {
+      enable = lib.mkDefault true;
+
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+            if (action.id == "org.debian.pcsc-lite.access_pcsc" && subject.isInGroup("users")) {
+                    return polkit.Result.YES;
+            }
+        });
+      '';
+    };
+  };

  services = {
    pcscd.enable = true;