document access control
This commit is contained in:
parent
a7ce39a2f5
commit
5bc379c1d1
4 changed files with 28 additions and 0 deletions
|
@ -1,3 +1,7 @@
|
||||||
|
/*
|
||||||
|
Metadata for the nodes. You can add custom attributes, they are
|
||||||
|
accessible through the specialArg meta in the config.
|
||||||
|
*/
|
||||||
let
|
let
|
||||||
members = import ./members.nix;
|
members = import ./members.nix;
|
||||||
nodes = import ./nodes.nix;
|
nodes = import ./nodes.nix;
|
||||||
|
|
|
@ -1,3 +1,7 @@
|
||||||
|
/*
|
||||||
|
To add a new member add an attribute to `members`
|
||||||
|
Then add the key to the required groups.
|
||||||
|
*/
|
||||||
let
|
let
|
||||||
members = {
|
members = {
|
||||||
mdebray = {
|
mdebray = {
|
||||||
|
@ -17,8 +21,10 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
groups = {
|
groups = {
|
||||||
|
# members of this group are root on all nodes
|
||||||
root = [ "thubrecht" ];
|
root = [ "thubrecht" ];
|
||||||
|
|
||||||
|
# members of this group are root on web nodes
|
||||||
web = [ "mdebray" "raito" ];
|
web = [ "mdebray" "raito" ];
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
|
|
@ -1,3 +1,15 @@
|
||||||
|
/* File specifying all the deployement options for the nodes administrated by the dgnum.
|
||||||
|
|
||||||
|
Node metadata template is:
|
||||||
|
|
||||||
|
NODE_NAME = {
|
||||||
|
adminGroups = []; # List of groups that have root access
|
||||||
|
admins = []; # List of individuals that have root access
|
||||||
|
deployment = {}; # Colmena deployment options
|
||||||
|
nixpkgs = "unstable" or "22.11"; # nixpkgs version
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
{
|
{
|
||||||
web-01 = {
|
web-01 = {
|
||||||
adminGroups = [ "web" ];
|
adminGroups = [ "web" ];
|
||||||
|
|
|
@ -19,6 +19,12 @@ with lib;
|
||||||
default = { };
|
default = { };
|
||||||
description = ''
|
description = ''
|
||||||
Attribute set describing which member has access to which user on the node.
|
Attribute set describing which member has access to which user on the node.
|
||||||
|
Members must be declared in `meta/members.nix`.
|
||||||
|
'';
|
||||||
|
example = ''
|
||||||
|
{
|
||||||
|
user1 = [ "member1" "member2" ];
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue