From 5c42594d5d266e238716e6405b99f5103ca4c19b Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Thu, 2 May 2024 11:31:54 +0200
Subject: [PATCH] configuration/gpg-ssh: Enable users to restart pcscd themself

---
 configuration/desktop/default.nix |  1 +
 configuration/desktop/polkit.nix  |  7 +++++++
 configuration/gpg-ssh/default.nix | 15 +++++++++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 configuration/desktop/polkit.nix

diff --git a/configuration/desktop/default.nix b/configuration/desktop/default.nix
index 77fa67a..9f446d7 100644
--- a/configuration/desktop/default.nix
+++ b/configuration/desktop/default.nix
@@ -7,6 +7,7 @@
     ./gnome.nix
     ./inputs.nix
     ./networking.nix
+    ./polkit.nix
     ./power.nix
     ./printing.nix
     ./ssh.nix
diff --git a/configuration/desktop/polkit.nix b/configuration/desktop/polkit.nix
new file mode 100644
index 0000000..c1fabf1
--- /dev/null
+++ b/configuration/desktop/polkit.nix
@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+
+  security.polkit.enable = true;
+
+}
diff --git a/configuration/gpg-ssh/default.nix b/configuration/gpg-ssh/default.nix
index 1c29905..124e86a 100644
--- a/configuration/gpg-ssh/default.nix
+++ b/configuration/gpg-ssh/default.nix
@@ -19,6 +19,21 @@
 
   services.pcscd.enable = true;
 
+  # pcscd sometimes breaks and seem to need a manual restart
+  # so we allow users to restart that service themself
+  security.polkit.extraConfig = ''
+    polkit.addRule(function(action, subject) {
+        if (
+            action.id == "org.freedesktop.systemd1.manage-units"
+            && action.lookup("unit") == "pcscd.service"
+            && action.lookup("verb") == "restart"
+            && subject.isInGroup("users")
+        ) {
+            return polkit.Result.YES;
+        }
+    });
+  '';
+
   services.udev.packages = with pkgs; [
     yubikey-personalization
   ];