summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <pngwjpgh@users.noreply.github.com>2016-12-03 01:00:36 +0100
committerGregor Kleen <pngwjpgh@users.noreply.github.com>2016-12-03 01:00:36 +0100
commit5e1a5c38e7ac0e38302435cec47145f804554748 (patch)
tree381cdf93c4e09d844d0326e02a9ad6c410454ad2
parent0946461193d7264c897af3332e15cb73eb4f1c8f (diff)
downloadnixos-5e1a5c38e7ac0e38302435cec47145f804554748.tar
nixos-5e1a5c38e7ac0e38302435cec47145f804554748.tar.gz
nixos-5e1a5c38e7ac0e38302435cec47145f804554748.tar.bz2
nixos-5e1a5c38e7ac0e38302435cec47145f804554748.tar.xz
nixos-5e1a5c38e7ac0e38302435cec47145f804554748.zip
Allow gitolite to control infinoted
Diffstat
-rw-r--r--ymir.nix19
1 files changed, 19 insertions, 0 deletions
diff --git a/ymir.nix b/ymir.nix
index e8837dcd..83fa823f 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -611,11 +611,30 @@ in rec {
611 users.extraGroups."mladmin" = { 611 users.extraGroups."mladmin" = {
612 members = [ "gkleen" ]; 612 members = [ "gkleen" ];
613 }; 613 };
614
615 users.extraGroups."infinoted" = {
616 members = [ "infinoted gitolite" ];
617 };
614 618
615 security.sudo.extraConfig = '' 619 security.sudo.extraConfig = ''
616 %mladmin ALL=(mlmmj) NOPASSWD: ALL 620 %mladmin ALL=(mlmmj) NOPASSWD: ALL
621 %infinoted ALL=(infinoted) NOPASSWD: ALL
617 ''; 622 '';
618 623
624 security.polkit = {
625 enable = true;
626 extraConfig = ''
627 polkit.addRule(function(action, subject) {
628 if ( action.id == "org.freedesktop.systemd1.manage-units"
629 && action.lookup("unit") == "infinoted.service"
630 && subject.isInGroup("infinoted")
631 ) {
632 return polkit.Result.YES;
633 }
634 });
635 '';
636 };
637
619 security.setuidPrograms = [ "newgrp" ]; 638 security.setuidPrograms = [ "newgrp" ];
620 639
621 security.acme = { 640 security.acme = {
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-28 04:23:28 +0000