From a2c1afe2a253589bc38380a75c7b156216b40667 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 4 Apr 2018 14:39:44 +0200
Subject: [PATCH] ma x.r: allow automatic mounting by pcmanfm

---
 makefu/1systems/x/config.nix | 38 ++++++++++++++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index f72f2a15b..483fc81e5 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -141,14 +141,47 @@ with import <stockholm/lib>;
         # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
         hardware.bluetooth.enable = true;
       }
-      { # auto-mounting
+      { # auto-mounting via polkit
         services.udisks2.enable = true;
-        services.devmon.enable = true;
+        ## automount all disks:
+        # services.devmon.enable = true;
         # services.gnome3.gvfs.enable = true;
+        users.groups.storage = {
+          gid = genid "storage";
+          members = [ "makefu" ];
+        };
         users.users.makefu.packages = with pkgs;[
           gvfs pcmanfm lxmenu-data
         ];
         environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+
+        ## allow users in group "storage" to mount disk
+        # https://github.com/coldfix/udiskie/wiki/Permissions
+        security.polkit.extraConfig =
+        ''
+        polkit.addRule(function(action, subject) {
+            var YES = polkit.Result.YES;
+            var permission = {
+            "org.freedesktop.udisks.filesystem-mount": YES,
+            "org.freedesktop.udisks.luks-unlock": YES,
+            "org.freedesktop.udisks.drive-eject": YES,
+            "org.freedesktop.udisks.drive-detach": YES,
+            "org.freedesktop.udisks2.filesystem-mount": YES,
+            "org.freedesktop.udisks2.encrypted-unlock": YES,
+            "org.freedesktop.udisks2.eject-media": YES,
+            "org.freedesktop.udisks2.power-off-drive": YES,
+            "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
+            "org.freedesktop.udisks2.filesystem-unmount-others": YES,
+            "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
+            "org.freedesktop.udisks2.eject-media-other-seat": YES,
+            "org.freedesktop.udisks2.power-off-drive-other-seat": YES
+            };
+            if (subject.isInGroup("storage")) {
+              return permission[action.id];
+            }
+        });
+        '';
+
       }
 
     ];
@@ -170,6 +203,7 @@ with import <stockholm/lib>;
 
   networking.extraHosts = ''
     192.168.1.11  omo.local
+    80.92.65.53 www.wifionice.de wifionice.de
   '';
   # hard dependency because otherwise the device will not be unlocked
   boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];