From c47e8216d5d70743f41a890ec90d98b576a067ae Mon Sep 17 00:00:00 2001
From: Toast <toast003@tutamail.com>
Date: Fri, 6 Oct 2023 10:26:03 +0200
Subject: [PATCH] Mysql: allow user to start/stop service

---
 roles/school/services/mysql.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/roles/school/services/mysql.nix b/roles/school/services/mysql.nix
index ad930fe..49d686d 100644
--- a/roles/school/services/mysql.nix
+++ b/roles/school/services/mysql.nix
@@ -11,5 +11,20 @@
 	# Don't autostart MySQL
 	systemd.services.mysql.wantedBy = lib.mkForce [];
 
+	# Allow regular users to start/stop mysql
+	# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
+	security.polkit.extraConfig = ''
+		polkit.addRule(function(action, subject) {
+			if (
+				action.id == "org.freedesktop.systemd1.manage-units" &&
+				action.lookup("unit") == "mysql.service" &&
+				subject.user == "${config.services.mysql.user}"
+			)
+			{
+				return polkit.Result.YES;
+			}
+		})
+	'';
+
 	environment.systemPackages = [ pkgs.mysql-workbench ];
 }