nixos-configuration/nix-os/polkit/network.nix

{
  config = {
    security.polkit.extraConfig = ''
      polkit.addRule(function(action, subject) {
        // Allow to start and stop wireguard client services
        if (
          action.id == "org.freedesktop.systemd1.manage-units" &&
          subject.isInGroup("users") &&
          action.lookup("unit") &&
          action.lookup("unit").match(/^wg-quick-.*\.service$/)
        ) {
          return polkit.Result.YES;
        };
      });
    '';
  };
}