nixos/yggdrasil: add group option

Allow users to access the Yggdrasil control socket by group.
author: Emery Hemingway <ehmry@posteo.net> 2020-05-02 00:16:52 +0530
committer: Emery Hemingway <ehmry@posteo.net> 2020-05-02 01:21:55 +0530
commit: 0d49162aa0c4799cc508c06620bd7816a30f8a60 (patch)
tree: 7a9553177dc2799e901d9a8aa4d49e19594295cb /nixos/modules
parent: d55c70e411b57a91e4f05d789c85bbacc1f21111 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix
index 9e675ecd6f4b..ecd1406b4832 100644
--- a/nixos/modules/services/networking/yggdrasil.nix
+++ b/nixos/modules/services/networking/yggdrasil.nix
@@ -83,6 +83,14 @@ in {
         '';
       };
 
+      group = mkOption {
+        type = types.str;
+        default = "root";
+        example = "wheel";
+        description =
+          "Group to grant acces to the Yggdrasil control socket.";
+      };
+
       openMulticastPort = mkOption {
         type = bool;
         default = false;
@@ -144,8 +152,9 @@ in {
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
         Restart = "always";
 
+        Group = cfg.group;
         RuntimeDirectory = "yggdrasil";
-        RuntimeDirectoryMode = "0700";
+        RuntimeDirectoryMode = "0750";
         BindReadOnlyPaths = mkIf configFileProvided
           [ "${cfg.configFile}" ];
author	Emery Hemingway <ehmry@posteo.net>	2020-05-02 00:16:52 +0530
committer	Emery Hemingway <ehmry@posteo.net>	2020-05-02 01:21:55 +0530
commit	0d49162aa0c4799cc508c06620bd7816a30f8a60 (patch)
tree	7a9553177dc2799e901d9a8aa4d49e19594295cb /nixos/modules
parent	d55c70e411b57a91e4f05d789c85bbacc1f21111 (diff)