From 1f3f31b2a875e8f05ab97af1da2e7bb9c743a3ac Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 26 Jun 2015 18:33:01 +0200 Subject: Add options nix.{trustedUsers,allowedUsers} These are just trusted-users and allowed-users in nix.conf. It's useful to have options for them so that different modules can specify trusted/allowed users. --- nixos/modules/services/misc/nix-daemon.nix | 32 ++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'nixos/modules/services/misc/nix-daemon.nix') diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index a3473cdd91e5..daf1fac08a6f 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -47,6 +47,8 @@ let ${optionalString cfg.requireSignedBinaryCaches '' signed-binary-caches = * ''} + trusted-users = ${toString cfg.trustedUsers} + allowed-users = ${toString cfg.allowedUsers} $extraOptions END ''; @@ -277,6 +279,36 @@ in ''; }; + trustedUsers = mkOption { + type = types.listOf types.str; + default = [ "root" ]; + example = [ "root" "alice" "@wheel" ]; + description = '' + A list of names of users that have additional rights when + connecting to the Nix daemon, such as the ability to specify + additional binary caches, or to import unsigned NARs. You + can also specify groups by prefixing them with + @; for instance, + @wheel means all users in the wheel + group. + ''; + }; + + allowedUsers = mkOption { + type = types.listOf types.str; + default = [ "*" ]; + example = [ "@wheel" "@builders" "alice" "bob" ]; + description = '' + A list of names of users (separated by whitespace) that are + allowed to connect to the Nix daemon. As with + , you can specify groups by + prefixing them with @. Also, you can + allow all users by specifying *. The + default is *. Note that trusted users are + always allowed to connect. + ''; + }; + }; }; -- cgit 1.4.1