Thunderbolt ACL

In the thunderbolt package there is the tool tbtadm which allows listing connected devices with tbtadm topology which shows me (besides other things):

    └─ ThinkPad Thunderbolt 3 Dock, Lenovo
        └─ Details:
            ├─ Route-string: 0-1
            ├─ Authorized: No
            ├─ In ACL: No

Now this “Authorized: No” and “In ACL: No” part looks like it might be related to why the ethernet connection using that device does not work.

So I wanted to authorize the device with tbtadm approve-all. However, this tries to write a file in lib which naturally fails as non root:

Permission denied: "/var/lib/thunderbolt/acl"

Now what is the NixOS way to authorize thunderbolt devices? Just run the command as sudo or is there a declarative way to achieve the goal?

This reply might be a bit late, but I found this post after a search for this issue as well.

I found a nice solution to authorize all thunderbolt devices:

  services.udev.extraRules = ''
    # Always authorize thunderbolt connections when they are plugged in.
    # This is to make sure the USB hub of Thunderbolt is working.
    ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
  '';