From 00cf83b04ef8d61b8aa25844994fe1dd4bcc6c00 Mon Sep 17 00:00:00 2001
From: Julian Vollmer <julianvollmer@gmail.com>
Date: Wed, 27 May 2026 17:15:49 +0200
Subject: [PATCH] Fix WiFi connect: add polkit rule for NetworkManager +
 hostname in /etc/hosts

The Flask service runs as user 'pi' in a non-interactive session.
nmcli device wifi connect requires polkit authorization which was missing,
causing 'Not authorized to control networking' errors.

- config/50-babycam-network.rules: grants pi full NetworkManager access via polkit
- setup.sh: installs polkit rule, restarts polkit, fixes /etc/hosts hostname entry
  (missing 127.0.1.1 entry caused harmless but annoying sudo warnings)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 config/50-babycam-network.rules |  6 ++++++
 setup.sh                        | 18 +++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 config/50-babycam-network.rules

diff --git a/config/50-babycam-network.rules b/config/50-babycam-network.rules
new file mode 100644
index 0000000..5f7ba8a
--- /dev/null
+++ b/config/50-babycam-network.rules
@@ -0,0 +1,6 @@
+polkit.addRule(function(action, subject) {
+    if (action.id.indexOf("org.freedesktop.NetworkManager") === 0 &&
+        subject.user === "pi") {
+        return polkit.Result.YES;
+    }
+});
diff --git a/setup.sh b/setup.sh
index 5a1a5ad..cd1f970 100644
--- a/setup.sh
+++ b/setup.sh
@@ -93,7 +93,23 @@ if [ -f /etc/systemd/resolved.conf ]; then
 fi
 
 # ------------------------------------------------------------------------------
-# 6. NetworkManager: wlan1 als unmanaged markieren
+# 6. polkit: pi darf NetworkManager steuern (für WLAN-Verbindungen im Webinterface)
+# ------------------------------------------------------------------------------
+info "polkit-Regel für NetworkManager installieren..."
+mkdir -p /etc/polkit-1/rules.d
+cp "$REPO_DIR/config/50-babycam-network.rules" /etc/polkit-1/rules.d/
+chmod 644 /etc/polkit-1/rules.d/50-babycam-network.rules
+systemctl restart polkit
+
+# Hostname in /etc/hosts eintragen (verhindert sudo-Warnings)
+HOSTNAME=$(hostname)
+if ! grep -q "127.0.1.1.*$HOSTNAME" /etc/hosts; then
+  sed -i "s/127.0.1.1\s*raspberrypi/127.0.1.1\t\t$HOSTNAME/" /etc/hosts || \
+  echo "127.0.1.1		$HOSTNAME" >> /etc/hosts
+fi
+
+# ------------------------------------------------------------------------------
+# 7. NetworkManager: wlan1 als unmanaged markieren
 # ------------------------------------------------------------------------------
 info "wlan1 aus NetworkManager-Verwaltung nehmen..."
 mkdir -p /etc/NetworkManager/conf.d