configuration/gpg-ssh: Enable users to restart pcscd themself

2024-05-02 11:31:54 +02:00 · 2024-05-02 11:31:54 +02:00 · 5c42594d5d
parent 2970a7d892
commit 5c42594d5d
3 changed files with 23 additions and 0 deletions
--- a/configuration/desktop/default.nix
+++ b/configuration/desktop/default.nix
@ -7,6 +7,7 @@
    ./gnome.nix
    ./inputs.nix
    ./networking.nix
+    ./polkit.nix
    ./power.nix
    ./printing.nix
    ./ssh.nix
--- a/configuration/desktop/polkit.nix
+++ b/configuration/desktop/polkit.nix
@ -0,0 +1,7 @@
+{ ... }:
+
+{
+
+  security.polkit.enable = true;
+
+}
--- a/configuration/gpg-ssh/default.nix
+++ b/configuration/gpg-ssh/default.nix
@ -19,6 +19,21 @@

  services.pcscd.enable = true;

+  # pcscd sometimes breaks and seem to need a manual restart
+  # so we allow users to restart that service themself
+  security.polkit.extraConfig = ''
+    polkit.addRule(function(action, subject) {
+        if (
+            action.id == "org.freedesktop.systemd1.manage-units"
+            && action.lookup("unit") == "pcscd.service"
+            && action.lookup("verb") == "restart"
+            && subject.isInGroup("users")
+        ) {
+            return polkit.Result.YES;
+        }
+    });
+  '';
+
  services.udev.packages = with pkgs; [
    yubikey-personalization
  ];