document access control

meta/default.nix

@@ -1,3 +1,7 @@
+/*
+Metadata for the nodes. You can add custom attributes, they are
+accessible through the specialArg meta in the config.
+*/
 let
   members = import ./members.nix;
   nodes = import ./nodes.nix;

meta/members.nix

@@ -1,3 +1,7 @@
+/*
+To add a new member add an attribute to `members`
+Then add the key to the required groups.
+*/
 let
   members = {
     mdebray = {
@@ -17,8 +21,10 @@ let
   };
 
   groups = {
+    # members of this group are root on all nodes
     root = [ "thubrecht" ];
 
+    # members of this group are root on web nodes
     web = [ "mdebray" "raito" ];
   };
 in

meta/nodes.nix

@@ -1,3 +1,15 @@
+/* File specifying all the deployement options for the nodes administrated by the dgnum.
+
+Node metadata template is:
+
+NODE_NAME = {
+  adminGroups = []; # List of groups that have root access
+  admins = []; # List of individuals that have root access
+  deployment = {}; # Colmena deployment options
+  nixpkgs = "unstable" or "22.11"; # nixpkgs version
+}
+*/
+
 {
   web-01 = {
     adminGroups = [ "web" ];

modules/dgn-access-control.nix

@@ -19,6 +19,12 @@ with lib;
       default = { };
       description = ''
         Attribute set describing which member has access to which user on the node.
+        Members must be declared in `meta/members.nix`.
+      '';
+      example = ''
+        {
+          user1 = [ "member1" "member2" ];
+        }
       '';
     };
   };