# This policy is granted to user accounts on servers - that is, "root", and anything in the users group.
# It allows for scoping things which shouldn't be in the Nix configuration, but are generally available to users on these machines.

# "Unauthenticated" users on servers can get nix-daemon kv.
path "kv/data/apps/nix-daemon" {
  capabilities = ["read"]
}
path "kv/metadata/apps/nix-daemon" {
  capabilities = ["read"]
}