depot/ops/vault/cfg/policies/server-user.hcl

11 lines
424 B
HCL
Raw Normal View History

# This policy is granted to user accounts on servers - that is, "root", and anything in the users group.
# It allows for scoping things which shouldn't be in the Nix configuration, but are generally available to users on these machines.
# "Unauthenticated" users on servers can get nix-daemon kv.
path "kv/data/apps/nix-daemon" {
capabilities = ["read"]
}
path "kv/metadata/apps/nix-daemon" {
capabilities = ["read"]
}