From 5f983678dcd2b8677ed9ccf2a696637e90a801c4 Mon Sep 17 00:00:00 2001
From: Toast <toast003@tutamail.com>
Date: Sat, 2 Sep 2023 23:12:37 +0200
Subject: [PATCH] Syncthing: allow the syncthing user to stop syncthing service

---
 roles/desktop/services/syncthing.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/roles/desktop/services/syncthing.nix b/roles/desktop/services/syncthing.nix
index 728dd0e..c650ba9 100644
--- a/roles/desktop/services/syncthing.nix
+++ b/roles/desktop/services/syncthing.nix
@@ -8,4 +8,18 @@
 		dataDir = config.users.users.toast.home;
 		folders."passwords".path = "~/Documents/Passwords";
 	};
+	# Allow regular users to stop syncthing
+	# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
+	security.polkit.extraConfig = ''
+		polkit.addRule(function(action, subject) {
+			if (
+				action.id == "org.freedesktop.systemd1.manage-units" &&
+				action.lookup("unit") == "syncthing.service" &&
+				subject.user == "${config.services.syncthing.user}"
+			)
+			{
+				return polkit.Result.YES;
+			}
+		})
+	'';
 }