nixos/yggdrasil: add group option

Allow users to access the Yggdrasil control socket by group.
This commit is contained in:
Emery Hemingway 2020-05-02 00:16:52 +05:30
parent d55c70e411
commit 0d49162aa0

View File

@ -83,6 +83,14 @@ in {
''; '';
}; };
group = mkOption {
type = types.str;
default = "root";
example = "wheel";
description =
"Group to grant acces to the Yggdrasil control socket.";
};
openMulticastPort = mkOption { openMulticastPort = mkOption {
type = bool; type = bool;
default = false; default = false;
@ -144,8 +152,9 @@ in {
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "always"; Restart = "always";
Group = cfg.group;
RuntimeDirectory = "yggdrasil"; RuntimeDirectory = "yggdrasil";
RuntimeDirectoryMode = "0700"; RuntimeDirectoryMode = "0750";
BindReadOnlyPaths = mkIf configFileProvided BindReadOnlyPaths = mkIf configFileProvided
[ "${cfg.configFile}" ]; [ "${cfg.configFile}" ];