1 files changed, 19 insertions, 0 deletions
diff --git a/ymir.nix b/ymir.nix
index e8837dcd..83fa823f 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -611,11 +611,30 @@ in rec {
  users.extraGroups."mladmin" = {
    members = [ "gkleen" ];
  };
+  
+  users.extraGroups."infinoted" = {
+    members = [ "infinoted gitolite" ];
+  };
  security.sudo.extraConfig = ''
    %mladmin ALL=(mlmmj) NOPASSWD: ALL
+    %infinoted ALL=(infinoted) NOPASSWD: ALL
  '';
+  security.polkit = {
+      enable = true;
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+          if (    action.id == "org.freedesktop.systemd1.manage-units"
+               && action.lookup("unit") == "infinoted.service"
+               && subject.isInGroup("infinoted")
+             ) {
+              return polkit.Result.YES;
+          }
+        });
+      '';
+    };
  security.setuidPrograms = [ "newgrp" ];
  security.acme = {

diff --git a/ymir.nix b/ymir.nix index e8837dcd..83fa823f 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -611,11 +611,30 @@ in rec {
611	users.extraGroups."mladmin" = {	611	users.extraGroups."mladmin" = {
612	members = [ "gkleen" ];	612	members = [ "gkleen" ];
613	};	613	};
		614
		615	users.extraGroups."infinoted" = {
		616	members = [ "infinoted gitolite" ];
		617	};
614		618
615	security.sudo.extraConfig = ''	619	security.sudo.extraConfig = ''
616	%mladmin ALL=(mlmmj) NOPASSWD: ALL	620	%mladmin ALL=(mlmmj) NOPASSWD: ALL
		621	%infinoted ALL=(infinoted) NOPASSWD: ALL
617	'';	622	'';
618		623
		624	security.polkit = {
		625	enable = true;
		626	extraConfig = ''
		627	polkit.addRule(function(action, subject) {
		628	if ( action.id == "org.freedesktop.systemd1.manage-units"
		629	&& action.lookup("unit") == "infinoted.service"
		630	&& subject.isInGroup("infinoted")
		631	) {
		632	return polkit.Result.YES;
		633	}
		634	});
		635	'';
		636	};
		637
619	security.setuidPrograms = [ "newgrp" ];	638	security.setuidPrograms = [ "newgrp" ];
620		639
621	security.acme = {	640	security.acme = {