configuration/gpg-ssh: Enable users to restart pcscd themself

configuration/desktop/default.nix

@@ -7,6 +7,7 @@
     ./gnome.nix
     ./inputs.nix
     ./networking.nix
+    ./polkit.nix
     ./power.nix
     ./printing.nix
     ./ssh.nix

configuration/desktop/polkit.nix

@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+
+  security.polkit.enable = true;
+
+}

configuration/gpg-ssh/default.nix

@@ -19,6 +19,21 @@
 
   services.pcscd.enable = true;
 
+  # pcscd sometimes breaks and seem to need a manual restart
+  # so we allow users to restart that service themself
+  security.polkit.extraConfig = ''
+    polkit.addRule(function(action, subject) {
+        if (
+            action.id == "org.freedesktop.systemd1.manage-units"
+            && action.lookup("unit") == "pcscd.service"
+            && action.lookup("verb") == "restart"
+            && subject.isInGroup("users")
+        ) {
+            return polkit.Result.YES;
+        }
+    });
+  '';
+
   services.udev.packages = with pkgs; [
     yubikey-personalization
   ];