| 30 Jun 2025 |
 hexa (clat on linux when) | maybe, but it is [x] Available to all users, whatever that implies | 07:33:47 |
 emily | usable by, not modifiable by, I think | 07:34:18 |
| emily | like you can log in as another user and still have WiFi | 07:34:25 |
| hexa (clat on linux when) | ok, but storing should work if I can elevate with polkit, right? | 07:35:07 |
| emily | maybe | 07:35:35 |
| emily | it could all just be broken in some other way :) | 07:35:44 |
| hexa (clat on linux when) | yes, sure | 07:36:04 |
| hexa (clat on linux when) | and with polkit-gnome running it prompts me for my password when editing a connection | 07:37:49 |
| hexa (clat on linux when) | 
Download image.png | 07:38:03 |
| hexa (clat on linux when) | but that doesn't work when outside the group over ssh | 07:39:03 |
 @brisingr05:matrix.org | FYI polkit_gnome has been unmaintained for about a decade and the repo is archived. | 07:40:57 |
| hexa (clat on linux when) | super exciting | 07:43:04 |
| hexa (clat on linux when) | probably all builtin these days | 07:43:08 |
| emily | maybe we should remove some of those things | 07:43:41 |
| hexa (clat on linux when) | given that the only rule i have for polkit is nm related … i should probably just ignore polkit | 07:44:55 |
| emily | most polkit stuff is not in NixOS rules | 07:45:23 |
| emily | it's in policies shipped with the daemons | 07:45:26 |
| @brisingr05:matrix.org | I brought it up a while ago here: https://matrix.to/#/#security-discuss:nixos.org/$nohR8r25cNgzLbufqDYy-WXd9hkIdpL_s-kvmAZ_HPI
It seems some packages depend on it. | 07:46:05 |
| hexa (clat on linux when) | there are no policies shipped with the daemon | 07:46:11 |
| emily | udisk mounting is a common thing | 07:46:11 |
| emily | https://github.com/NetworkManager/NetworkManager/blob/5ab04c8f567ca7e1d7b494c1ee13a5b9c907f76c/data/org.freedesktop.NetworkManager.policy.in.in | 07:46:59 |
| hexa (clat on linux when) | oh, with the nm daemon | 07:47:10 |
| hexa (clat on linux when) | I thought you meant polkit itself | 07:47:33 |
| hexa (clat on linux when) | anyway, only rules are properly inspectable from the filesystem sadly | 07:48:10 |
| emily | pipewire also uses polkit I think, really basically everything in the fd.o stack as well as systemd does | 07:48:28 |
| emily | but it may not be essential for your use case | 07:48:34 |
| hexa (clat on linux when) | given that most of my config is not done interactively and if in doubt i can elevate, yeah | 07:49:39 |
 clerie | I found out that with scripted networking some interfaces aren't set up when systemd-resolved is enabled. I would appreciate feedback to my proposal of fixing this. Especially considering additional side effects that could arise: https://github.com/NixOS/nixpkgs/pull/421010 | 14:46:00 |
| emily | we might not want to do stuff to scripted networking that might be backwards-incompatible (though I don't know if these service ordering changes would be, but they can be subtle) since we were just working on finally starting to deprecate it | 14:47:49 |
| clerie | To my understanding the change should not break anything, but I'm not sure if there is anything outside this file that might be influenced by this.
(The irony is that I encountered this issue while being in the process of migrating my stuff the networkd)
| 14:55:04 |
