configuration
flake
hosts
_iso
aluminium
astatine
backup-4
beryllium
carbon
clerie-backup
dn42-il-gw1
dn42-il-gw5
dn42-il-gw6
dn42-ildix-clerie
dn42-ildix-service
gatekeeper
hydra-1
hydra-2
krypton
mail-2
monitoring-3
nonat
osmium
configuration.nix
hardware-configuration.nix
nixfiles-updated-inputs.nix
polkit-test.nix
secrets.json
ssh.pub
palladium
porter
storage-2
tungsten
web-2
zinc
lib
modules
pkgs
profiles
users
.gitignore
README.md
flake.lock
flake.nix
30 lines
772 B
Nix
30 lines
772 B
Nix
{ ... }:
|
|
|
|
{
|
|
|
|
security.polkit.enable = true;
|
|
security.polkit.extraConfig = ''
|
|
polkit.addRule(function(action, subject) {
|
|
if (
|
|
action.id == "org.freedesktop.systemd1.manage-units"
|
|
&& action.lookup("unit") == "update-from-hydra-olimex-esp32-poe.service"
|
|
&& action.lookup("verb") == "start"
|
|
&& subject.user == "clerie"
|
|
) {
|
|
return polkit.Result.YES;
|
|
}
|
|
});
|
|
'';
|
|
|
|
services.update-from-hydra.paths.olimex-esp32-poe = {
|
|
enable = true;
|
|
hydraUrl = "https://hydra.clerie.de";
|
|
hydraProject = "clerie";
|
|
hydraJobset = "olimex-esp32-poe";
|
|
hydraJob = "olimex-esp32-poe";
|
|
nixStoreUri = "https://nix-cache.clerie.de";
|
|
resultPath = "/srv/olimex-esp32-poe";
|
|
};
|
|
|
|
}
|