Thunderbolt ACL


In the thunderbolt package there is the tool tbtadm which allows listing connected devices with tbtadm topology which shows me (besides other things):

    └─ ThinkPad Thunderbolt 3 Dock, Lenovo
        └─ Details:
            ├─ Route-string: 0-1
            ├─ Authorized: No
            ├─ In ACL: No

Now this “Authorized: No” and “In ACL: No” part looks like it might be related to why the ethernet connection using that device does not work.

So I wanted to authorize the device with tbtadm approve-all. However, this tries to write a file in lib which naturally fails as non root:

Permission denied: "/var/lib/thunderbolt/acl"

Now what is the NixOS way to authorize thunderbolt devices? Just run the command as sudo or is there a declarative way to achieve the goal?