diff options
| author | Emery Hemingway <ehmry@posteo.net> | 2020-05-02 00:16:52 +0530 |
|---|---|---|
| committer | Emery Hemingway <ehmry@posteo.net> | 2020-05-02 01:21:55 +0530 |
| commit | 0d49162aa0c4799cc508c06620bd7816a30f8a60 (patch) | |
| tree | 7a9553177dc2799e901d9a8aa4d49e19594295cb /nixos/modules/services/networking/yggdrasil.nix | |
| parent | d55c70e411b57a91e4f05d789c85bbacc1f21111 (diff) | |
| download | nixpkgs-0d49162aa0c4799cc508c06620bd7816a30f8a60.tar nixpkgs-0d49162aa0c4799cc508c06620bd7816a30f8a60.tar.gz nixpkgs-0d49162aa0c4799cc508c06620bd7816a30f8a60.tar.bz2 nixpkgs-0d49162aa0c4799cc508c06620bd7816a30f8a60.tar.lz nixpkgs-0d49162aa0c4799cc508c06620bd7816a30f8a60.tar.xz nixpkgs-0d49162aa0c4799cc508c06620bd7816a30f8a60.tar.zst nixpkgs-0d49162aa0c4799cc508c06620bd7816a30f8a60.zip | |
nixos/yggdrasil: add group option
Allow users to access the Yggdrasil control socket by group.
Diffstat (limited to 'nixos/modules/services/networking/yggdrasil.nix')
| -rw-r--r-- | nixos/modules/services/networking/yggdrasil.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix index 9e675ecd6f4..ecd1406b483 100644 --- a/nixos/modules/services/networking/yggdrasil.nix +++ b/nixos/modules/services/networking/yggdrasil.nix @@ -83,6 +83,14 @@ in { ''; }; + group = mkOption { + type = types.str; + default = "root"; + example = "wheel"; + description = + "Group to grant acces to the Yggdrasil control socket."; + }; + openMulticastPort = mkOption { type = bool; default = false; @@ -144,8 +152,9 @@ in { ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Restart = "always"; + Group = cfg.group; RuntimeDirectory = "yggdrasil"; - RuntimeDirectoryMode = "0700"; + RuntimeDirectoryMode = "0750"; BindReadOnlyPaths = mkIf configFileProvided [ "${cfg.configFile}" ]; |