From 3cc736ff8c207f8a6c047c8a5950d6cdc440c660 Mon Sep 17 00:00:00 2001
From: Cappy Ishihara <cappy@cappuchino.xyz>
Date: Sat, 9 Nov 2024 16:28:58 +0700
Subject: [PATCH] add polkit rules and sysusers

---
 data/polkit-1/rules.d/100-taidan.rules | 6 ++++++
 data/sysusers.d/taidan.conf            | 4 ++++
 2 files changed, 10 insertions(+)
 create mode 100644 data/polkit-1/rules.d/100-taidan.rules
 create mode 100644 data/sysusers.d/taidan.conf

diff --git a/data/polkit-1/rules.d/100-taidan.rules b/data/polkit-1/rules.d/100-taidan.rules
new file mode 100644
index 0000000..d39a4ca
--- /dev/null
+++ b/data/polkit-1/rules.d/100-taidan.rules
@@ -0,0 +1,6 @@
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.freedesktop.policykit.exec" &&
+        subject.isInGroup("taidan")) {
+        return polkit.Result.YES;
+    }
+});
\ No newline at end of file
diff --git a/data/sysusers.d/taidan.conf b/data/sysusers.d/taidan.conf
new file mode 100644
index 0000000..26b52ec
--- /dev/null
+++ b/data/sysusers.d/taidan.conf
@@ -0,0 +1,4 @@
+# Service account for Taidan OOBE/Firstboot setup
+# Should have access to root and be able to run commands as root
+# This account should be locked after setup is complete
+u taidan - "Taidan OOBE" /usr/lib/taidan /usr/sbin/nologin