From fae10039a5c875e48ca2ae8087bab702b69ac0b0 Mon Sep 17 00:00:00 2001
From: Leo Prikler <leo.prikler@student.tugraz.at>
Date: Sat, 23 Nov 2019 19:51:15 +0100
Subject: [PATCH 1/2] services: Add polkit-wheel-service.

* gnu/services/desktop.scm: (polkit-wheel): New variable.
(polkit-wheel-service): New service.
* doc/guix.texi: Document polkit-wheel-service.
---
 doc/guix.texi            |  7 +++++++
 gnu/services/desktop.scm | 21 +++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index a64b0fb84c..3bf5eb2587 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15585,6 +15585,13 @@ capabilities to ordinary users.  For example, an ordinary user can be granted
 the capability to suspend the system if the user is logged in locally.
 @end deffn
 
+@defvr {Scheme Variable} polkit-wheel-service
+Service that adds the @code{wheel} group as admins to the Polkit
+service.  This makes it so that users in the @code{wheel} group are queried
+for their own passwords when performing administrative actions instead of
+@code{root}'s, similar to the behaviour used by @code{sudo}.
+@end defvr
+
 @defvr {Scheme Variable} upower-service-type
 Service that runs @uref{https://upower.freedesktop.org/, @command{upowerd}}, a
 system-wide monitor for power consumption and battery levels, with the given
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 0152e86e8a..9eee2fa485 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -135,6 +135,8 @@
             inputattach-configuration?
             inputattach-service-type
 
+            polkit-wheel-service
+
             %desktop-services))
 
 ;;; Commentary:
@@ -1064,6 +1066,25 @@ as expected.")))
    (description "Return a service that runs inputattach on a device and
 dispatches events from it.")))
 
+
+;;;
+;;; polkit-wheel-service -- Allow wheel group to perform admin actions
+;;;
+
+(define polkit-wheel
+  (file-union
+   "polkit-wheel"
+   `(("share/polkit-1/rules.d/wheel.rules"
+      ,(plain-file
+        "wheel.rules"
+        "polkit.addAdminRule(function(action, subject) {
+    return [\"unix-group:wheel\"];
+});
+")))))
+
+(define polkit-wheel-service
+  (simple-service 'polkit-wheel polkit-service-type (list polkit-wheel)))
+
 
 ;;;
 ;;; The default set of desktop services.
-- 
2.24.0