From c883311327f1c842faffc437f344b46a82030b59 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Fri, 5 Jan 2018 02:33:11 +0100
Subject: nixos/dnscrypt-wrapper: fix rotate script failing to restart the
 service

---
 nixos/modules/services/networking/dnscrypt-wrapper.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'nixos/modules/services/networking/dnscrypt-wrapper.nix')

diff --git a/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixos/modules/services/networking/dnscrypt-wrapper.nix
index 23cc92946e4..bf13d5c6f5f 100644
--- a/nixos/modules/services/networking/dnscrypt-wrapper.nix
+++ b/nixos/modules/services/networking/dnscrypt-wrapper.nix
@@ -145,6 +145,16 @@ in {
     };
     users.groups.dnscrypt-wrapper = { };
 
+    security.polkit.extraConfig = ''
+      // Allow dnscrypt-wrapper user to restart dnscrypt-wrapper.service
+      polkit.addRule(function(action, subject) {
+          if (action.id == "org.freedesktop.systemd1.manage-units" &&
+              action.lookup("unit") == "dnscrypt-wrapper.service" &&
+              subject.user == "dnscrypt-wrapper") {
+              return polkit.Result.YES;
+          }
+        });
+    '';
 
     systemd.services.dnscrypt-wrapper = {
       description = "dnscrypt-wrapper daemon";
-- 
cgit 1.4.1