From c99604d7df37ffc643256bf92929c1df6ecd7712 Mon Sep 17 00:00:00 2001
From: Christoph Urlacher <christoph.urlacher@protonmail.com>
Date: Tue, 10 Jun 2025 23:43:47 +0200
Subject: [PATCH] System: Add networkmanager modify system polkit permission

---
 system/modules/network/default.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/system/modules/network/default.nix b/system/modules/network/default.nix
index 46b2383a..fe6b771e 100644
--- a/system/modules/network/default.nix
+++ b/system/modules/network/default.nix
@@ -66,7 +66,7 @@ in {
       mkIf (!cfg.useNetworkManager) {text = names;};
 
     # Allow to enable/disable tunnels without root password
-    modules.polkit.allowed-system-services = let
+    modules.polkit.allowedSystemServices = let
       vpn-services = lib.pipe cfg.wireguard-tunnels [
         attrNames
         (map (v: "${v}.service"))
@@ -74,6 +74,11 @@ in {
     in
       mkIf (!cfg.useNetworkManager) vpn-services;
 
+    modules.polkit.allowedActions = mkIf cfg.useNetworkManager [
+      # NOTE: List permissions by running "nmcli general permissions"
+      "org.freedesktop.NetworkManager.settings.modify.system"
+    ];
+
     # General Networking Settings
     networking = {
       # Gets inherited from flake in nixos mylib and passed through the module option