summary refs log tree commit diff
path: root/nixos/modules/services/networking/yggdrasil.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/networking/yggdrasil.nix')
-rw-r--r--nixos/modules/services/networking/yggdrasil.nix11
1 files changed, 10 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix
index 9e675ecd6f4..ecd1406b483 100644
--- a/nixos/modules/services/networking/yggdrasil.nix
+++ b/nixos/modules/services/networking/yggdrasil.nix
@@ -83,6 +83,14 @@ in {
         '';
       };
 
+      group = mkOption {
+        type = types.str;
+        default = "root";
+        example = "wheel";
+        description =
+          "Group to grant acces to the Yggdrasil control socket.";
+      };
+
       openMulticastPort = mkOption {
         type = bool;
         default = false;
@@ -144,8 +152,9 @@ in {
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
         Restart = "always";
 
+        Group = cfg.group;
         RuntimeDirectory = "yggdrasil";
-        RuntimeDirectoryMode = "0700";
+        RuntimeDirectoryMode = "0750";
         BindReadOnlyPaths = mkIf configFileProvided
           [ "${cfg.configFile}" ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-14 10:23:19 +0000