document access control

This commit is contained in:
sinavir 2023-05-22 17:24:42 +02:00 committed by Tom Hubrecht
parent a7ce39a2f5
commit 5bc379c1d1
4 changed files with 28 additions and 0 deletions

View file

@ -1,3 +1,7 @@
/*
Metadata for the nodes. You can add custom attributes, they are
accessible through the specialArg meta in the config.
*/
let
members = import ./members.nix;
nodes = import ./nodes.nix;

View file

@ -1,3 +1,7 @@
/*
To add a new member add an attribute to `members`
Then add the key to the required groups.
*/
let
members = {
mdebray = {
@ -17,8 +21,10 @@ let
};
groups = {
# members of this group are root on all nodes
root = [ "thubrecht" ];
# members of this group are root on web nodes
web = [ "mdebray" "raito" ];
};
in

View file

@ -1,3 +1,15 @@
/* File specifying all the deployement options for the nodes administrated by the dgnum.
Node metadata template is:
NODE_NAME = {
adminGroups = []; # List of groups that have root access
admins = []; # List of individuals that have root access
deployment = {}; # Colmena deployment options
nixpkgs = "unstable" or "22.11"; # nixpkgs version
}
*/
{
web-01 = {
adminGroups = [ "web" ];

View file

@ -19,6 +19,12 @@ with lib;
default = { };
description = ''
Attribute set describing which member has access to which user on the node.
Members must be declared in `meta/members.nix`.
'';
example = ''
{
user1 = [ "member1" "member2" ];
}
'';
};
};