mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-20 12:42:24 +00:00
Code Issues Wiki Activity

nixos/yggdrasil: add group option

Browse source 
Allow users to access the Yggdrasil control socket by group.
This commit is contained in:
Emery Hemingway 2020-05-02 00:16:52 +05:30
parent d55c70e411
commit 0d49162aa0
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nixos/modules/services/networking/yggdrasil.nix
View file

@ -83,6 +83,14 @@ in {
''; '';
}; };
group = mkOption {
type = types.str;
default = "root";
example = "wheel";
description =
"Group to grant acces to the Yggdrasil control socket.";
};
openMulticastPort = mkOption { openMulticastPort = mkOption {
type = bool; type = bool;
default = false; default = false;
@ -144,8 +152,9 @@ in {
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "always"; Restart = "always";
Group = cfg.group;
RuntimeDirectory = "yggdrasil"; RuntimeDirectory = "yggdrasil";
RuntimeDirectoryMode = "0700"; RuntimeDirectoryMode = "0750";
BindReadOnlyPaths = mkIf configFileProvided BindReadOnlyPaths = mkIf configFileProvided
[ "${cfg.configFile}" ]; [ "${cfg.configFile}" ];