trivionomicon: athena-bccr: fix Polkit authentication failures

modules/athena-bccr/sys.nix

@@ -19,8 +19,22 @@ in {
     systemPackages = [athena.ase-pkcs11];
   };
 
-  #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
+  security = {
-  security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+    #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
+    pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+
+    polkit = {
+      enable = lib.mkDefault true;
+
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+            if (action.id == "org.debian.pcsc-lite.access_pcsc" && subject.isInGroup("users")) {
+                    return polkit.Result.YES;
+            }
+        });
+      '';
+    };
+  };
 
   services = {
     pcscd.enable = true;