From c251de3510d8bf3d37e307b5c5cd989b476cbb74 Mon Sep 17 00:00:00 2001
From: ChUrl <christoph.urlacher@protonmail.com>
Date: Sat, 27 May 2023 15:08:44 +0200
Subject: [PATCH] Use polkit module for vpn services

---
 system/modules/polkit/default.nix           | 6 +-----
 system/modules/systemd-networkd/default.nix | 8 ++++++++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/system/modules/polkit/default.nix b/system/modules/polkit/default.nix
index b06e3619..0b514bf0 100644
--- a/system/modules/polkit/default.nix
+++ b/system/modules/polkit/default.nix
@@ -18,11 +18,7 @@ in {
     # TODO: Don't hardcode subject.user == "christoph"
     security.polkit.extraConfig = let
       # Stuff that is non-negotiable
-      always-predicates = [
-        # TODO: Those should be set by the VPN/networkd module
-        "wg0-de-115.service"
-        "wg0-lu-16.service"
-      ];
+      always-predicates = [];
 
       mkServicePredicate = service: "action.lookup(\"unit\") == \"${service}\"";
       predicates = lib.pipe (cfg.allowed-system-services ++ always-predicates) [
diff --git a/system/modules/systemd-networkd/default.nix b/system/modules/systemd-networkd/default.nix
index 81c5370a..5318ffa1 100644
--- a/system/modules/systemd-networkd/default.nix
+++ b/system/modules/systemd-networkd/default.nix
@@ -34,6 +34,14 @@ in {
     in
       names;
 
+    modules.polkit.allowed-system-services = let
+      vpn-services = lib.pipe cfg.wireguard-tunnels [
+        attrNames
+        (map (v: "${v}.service"))
+      ];
+    in
+      vpn-services;
+
     # General Networking Settings
     networking = {
       # Gets inherited from flake in nixos mylib and passed through the module option