Updated permissions

system/server/derek-bot.nix

@@ -76,7 +76,37 @@ in {
     users.groups.${userGroup} = {};
     users.users.${userGroup} = {
       group = userGroup;
-      isSystemUser = true;
+      isNormalUser = true;
+      home = "/home/${userGroup}";
     };
+    security.polkit.extraConfig = ''
+	polkit.addRule(function(action, subject) {
+	    polkit.log("Rule triggered. Action: " + action.id + " Unit: " + action.lookup("unit") + " User: " + subject.user);
+
+	    // For journalctl access
+	    if ((action.id == "org.freedesktop.systemd1.manage-units" || 
+		 action.id == "org.freedesktop.systemd1.unit-journal") &&
+		action.lookup("unit") == "${userGroup}.service" &&
+		subject.user == "${userGroup}") {
+		polkit.log("ALLOWING access for " + subject.user);
+		return polkit.Result.YES;
+	    }
+	});
+      polkit.addRule(function(action, subject) {
+	  if (
+	      subject.user == "${userGroup}" &&
+	      (
+		action.id == "org.freedesktop.login1.power-off" ||
+		action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
+		action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
+		action.id == "org.freedesktop.login1.reboot" ||
+		action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
+		action.id == "org.freedesktop.login1.reboot-multiple-sessions"
+	      )
+	  ) {
+	      return polkit.Result.NO;
+	  }
+      });
+    '';
   };
 }