diff options
| author | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2016-12-03 01:00:36 +0100 |
|---|---|---|
| committer | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2016-12-03 01:00:36 +0100 |
| commit | 5e1a5c38e7ac0e38302435cec47145f804554748 (patch) | |
| tree | 381cdf93c4e09d844d0326e02a9ad6c410454ad2 | |
| parent | 0946461193d7264c897af3332e15cb73eb4f1c8f (diff) | |
| download | nixos-5e1a5c38e7ac0e38302435cec47145f804554748.tar nixos-5e1a5c38e7ac0e38302435cec47145f804554748.tar.gz nixos-5e1a5c38e7ac0e38302435cec47145f804554748.tar.bz2 nixos-5e1a5c38e7ac0e38302435cec47145f804554748.tar.xz nixos-5e1a5c38e7ac0e38302435cec47145f804554748.zip | |
Allow gitolite to control infinoted
| -rw-r--r-- | ymir.nix | 19 |
1 files changed, 19 insertions, 0 deletions
| @@ -611,11 +611,30 @@ in rec { | |||
| 611 | users.extraGroups."mladmin" = { | 611 | users.extraGroups."mladmin" = { |
| 612 | members = [ "gkleen" ]; | 612 | members = [ "gkleen" ]; |
| 613 | }; | 613 | }; |
| 614 | |||
| 615 | users.extraGroups."infinoted" = { | ||
| 616 | members = [ "infinoted gitolite" ]; | ||
| 617 | }; | ||
| 614 | 618 | ||
| 615 | security.sudo.extraConfig = '' | 619 | security.sudo.extraConfig = '' |
| 616 | %mladmin ALL=(mlmmj) NOPASSWD: ALL | 620 | %mladmin ALL=(mlmmj) NOPASSWD: ALL |
| 621 | %infinoted ALL=(infinoted) NOPASSWD: ALL | ||
| 617 | ''; | 622 | ''; |
| 618 | 623 | ||
| 624 | security.polkit = { | ||
| 625 | enable = true; | ||
| 626 | extraConfig = '' | ||
| 627 | polkit.addRule(function(action, subject) { | ||
| 628 | if ( action.id == "org.freedesktop.systemd1.manage-units" | ||
| 629 | && action.lookup("unit") == "infinoted.service" | ||
| 630 | && subject.isInGroup("infinoted") | ||
| 631 | ) { | ||
| 632 | return polkit.Result.YES; | ||
| 633 | } | ||
| 634 | }); | ||
| 635 | ''; | ||
| 636 | }; | ||
| 637 | |||
| 619 | security.setuidPrograms = [ "newgrp" ]; | 638 | security.setuidPrograms = [ "newgrp" ]; |
| 620 | 639 | ||
| 621 | security.acme = { | 640 | security.acme = { |