From b9d9045d5745fec640fb8261f9bdf2512eb372bd Mon Sep 17 00:00:00 2001
From: worldofpeace <worldofpeace@protonmail.ch>
Date: Fri, 6 Sep 2019 13:51:38 -0400
Subject: nixos/cupsd: passwordless admin for wheel with polkit

---
 nixos/modules/services/printing/cupsd.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'nixos/modules/services/printing/cupsd.nix')

diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix
index 42c1b9482cb..f0179c1fb02 100644
--- a/nixos/modules/services/printing/cupsd.nix
+++ b/nixos/modules/services/printing/cupsd.nix
@@ -291,6 +291,16 @@ in
 
     services.dbus.packages = [ cups.out ] ++ optional polkitEnabled cups-pk-helper;
 
+    # Allow asswordless printer admin for members of wheel group
+    security.polkit.extraConfig = mkIf polkitEnabled ''
+      polkit.addRule(function(action, subject) {
+          if (action.id == "org.opensuse.cupspkhelper.mechanism.all-edit" &&
+              subject.isInGroup("wheel")){
+              return polkit.Result.YES;
+          }
+      });
+    '';
+
     # Cups uses libusb to talk to printers, and does not use the
     # linux kernel driver. If the driver is not in a black list, it
     # gets loaded, and then cups cannot access the printers.
-- 
cgit 1.4.1