From cce35f8934139225a6cc42f7e6306a6dd0288d7d Mon Sep 17 00:00:00 2001
From: Wroclaw <wroclaw223@outlook.com>
Date: Mon, 30 Sep 2024 12:25:35 +0200
Subject: [PATCH] nixos/polkit/network: disallow managing wg-quick services to
 system accoutns

---
 nix-os/polkit/network.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nix-os/polkit/network.nix b/nix-os/polkit/network.nix
index 76d559f..632cacf 100644
--- a/nix-os/polkit/network.nix
+++ b/nix-os/polkit/network.nix
@@ -5,6 +5,7 @@
         // Allow to start and stop wireguard client services
         if (
           action.id == "org.freedesktop.systemd1.manage-units" &&
+          subject.isInGroup("users") &&
           action.lookup("unit") &&
           action.lookup("unit").match(/^wg-quick-.*\.service$/)
         ) {