Use polkit module for vpn services

system/modules/polkit/default.nix

@@ -18,11 +18,7 @@ in {
     # TODO: Don't hardcode subject.user == "christoph"
     security.polkit.extraConfig = let
       # Stuff that is non-negotiable
-      always-predicates = [
-        # TODO: Those should be set by the VPN/networkd module
-        "wg0-de-115.service"
-        "wg0-lu-16.service"
-      ];
+      always-predicates = [];
 
       mkServicePredicate = service: "action.lookup(\"unit\") == \"${service}\"";
       predicates = lib.pipe (cfg.allowed-system-services ++ always-predicates) [

system/modules/systemd-networkd/default.nix

@@ -34,6 +34,14 @@ in {
     in
       names;
 
+    modules.polkit.allowed-system-services = let
+      vpn-services = lib.pipe cfg.wireguard-tunnels [
+        attrNames
+        (map (v: "${v}.service"))
+      ];
+    in
+      vpn-services;
+
     # General Networking Settings
     networking = {
       # Gets inherited from flake in nixos mylib and passed through the module option