From 3debab9a7abca2f255d0ff5e499b86d3f761189f Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 25 Jan 2025 12:33:59 +0000
Subject: [PATCH] servo: shelvacu: allow to start/stop/restart units

---
 hosts/by-name/servo/users/shelvacu.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/hosts/by-name/servo/users/shelvacu.nix b/hosts/by-name/servo/users/shelvacu.nix
index 7181c2b15..03e546ef2 100644
--- a/hosts/by-name/servo/users/shelvacu.nix
+++ b/hosts/by-name/servo/users/shelvacu.nix
@@ -37,6 +37,28 @@
     }
   ];
 
+  security.polkit.extraConfig = ''
+    // allow:
+    // - systemctl restart|start|stop SERVICE
+    polkit.addRule(function(action, subject) {
+      if (subject.user == "shelvacu" && action.id == "org.freedesktop.systemd1.manage-units") {
+        switch (action.lookup("verb")) {
+          // case "cancel":
+          // case "reenable":
+          case "restart":
+          // case "reload":
+          // case "reload-or-restart":
+          case "start":
+          case "stop":
+          // case "try-reload-or-restart":
+          // case "try-restart":
+            return polkit.Result.YES;
+          default:
+        }
+      }
+    })
+  '';
+
   sane.persist.sys.byStore.private = [
     { path = "/home/shelvacu/persist"; user = "shelvacu"; group = "users"; mode = "0700"; }
   ];