diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-06-26 18:33:01 +0200 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-06-26 18:45:27 +0200 |
| commit | 1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac (patch) | |
| tree | e1718932c34f41d8ee73b98f0a80238b5a8fc99a /nixos/modules/services/misc/nix-daemon.nix | |
| parent | fb203a34c01d1df38bae24804f879b7ac013e88e (diff) | |
| download | nixpkgs-1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac.tar nixpkgs-1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac.tar.gz nixpkgs-1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac.tar.bz2 nixpkgs-1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac.tar.lz nixpkgs-1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac.tar.xz nixpkgs-1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac.tar.zst nixpkgs-1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac.zip | |
Add options nix.{trustedUsers,allowedUsers}
These are just trusted-users and allowed-users in nix.conf. It's useful to have options for them so that different modules can specify trusted/allowed users.
Diffstat (limited to 'nixos/modules/services/misc/nix-daemon.nix')
| -rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index a3473cdd91e..daf1fac08a6 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -47,6 +47,8 @@ let ${optionalString cfg.requireSignedBinaryCaches '' signed-binary-caches = * ''} + trusted-users = ${toString cfg.trustedUsers} + allowed-users = ${toString cfg.allowedUsers} $extraOptions END ''; @@ -277,6 +279,36 @@ in ''; }; + trustedUsers = mkOption { + type = types.listOf types.str; + default = [ "root" ]; + example = [ "root" "alice" "@wheel" ]; + description = '' + A list of names of users that have additional rights when + connecting to the Nix daemon, such as the ability to specify + additional binary caches, or to import unsigned NARs. You + can also specify groups by prefixing them with + <literal>@</literal>; for instance, + <literal>@wheel</literal> means all users in the wheel + group. + ''; + }; + + allowedUsers = mkOption { + type = types.listOf types.str; + default = [ "*" ]; + example = [ "@wheel" "@builders" "alice" "bob" ]; + description = '' + A list of names of users (separated by whitespace) that are + allowed to connect to the Nix daemon. As with + <option>nix.trustedUsers</option>, you can specify groups by + prefixing them with <literal>@</literal>. Also, you can + allow all users by specifying <literal>*</literal>. The + default is <literal>*</literal>. Note that trusted users are + always allowed to connect. + ''; + }; + }; }; |