From 0d49162aa0c4799cc508c06620bd7816a30f8a60 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Sat, 2 May 2020 00:16:52 +0530 Subject: [PATCH] nixos/yggdrasil: add group option Allow users to access the Yggdrasil control socket by group. --- nixos/modules/services/networking/yggdrasil.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix index 9e675ecd6f4b..ecd1406b4832 100644 --- a/nixos/modules/services/networking/yggdrasil.nix +++ b/nixos/modules/services/networking/yggdrasil.nix @@ -83,6 +83,14 @@ in { ''; }; + group = mkOption { + type = types.str; + default = "root"; + example = "wheel"; + description = + "Group to grant acces to the Yggdrasil control socket."; + }; + openMulticastPort = mkOption { type = bool; default = false; @@ -144,8 +152,9 @@ in { ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Restart = "always"; + Group = cfg.group; RuntimeDirectory = "yggdrasil"; - RuntimeDirectoryMode = "0700"; + RuntimeDirectoryMode = "0750"; BindReadOnlyPaths = mkIf configFileProvided [ "${cfg.configFile}" ];