From 0e2a8ed3edd6c2bdf1a447223cd5b5f1525773f2 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 27 May 2026 14:13:36 +0900
Subject: [PATCH] base/polkit: let `wheel` users use `AUTH_KEEP_SELF` for
 systemd actions

---
 base/services/polkit.nix | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/base/services/polkit.nix b/base/services/polkit.nix
index cd95516..ee1d0d7 100644
--- a/base/services/polkit.nix
+++ b/base/services/polkit.nix
@@ -6,10 +6,13 @@ in
   security.polkit.enable = true;
 
   environment.etc."polkit-1/rules.d/9-nixos-overrides.rules".text = lib.mkIf cfg.enable ''
-    polkit.addAdminRule(function(action, subject) {
-        if(subject.isInGroup("wheel")) {
-            return ["unix-user:"+subject.user];
-        }
-    });
+    polkit.addRule(function(action, subject) {
+       if (
+           action.id.startsWith("org.freedesktop.systemd1.") &&
+           subject.isInGroup("wheel")
+       ) {
+           return polkit.Result.AUTH_SELF_KEEP;
+         }
+     });
   '';
 }