27 lines
580 B
HCL
27 lines
580 B
HCL
# Allow everyone to manage things under kv/server/<user>
|
|
path "kv/data/server/{{identity.entity.name}}/*" {
|
|
capabilities = ["create", "update", "read", "delete"]
|
|
}
|
|
|
|
path "kv/metadata/server/{{identity.entity.name}}/*" {
|
|
capabilities = ["list"]
|
|
}
|
|
path "kv/metadata/server" {
|
|
capabilities = ["list"]
|
|
}
|
|
|
|
path "kv/metadata/+" {
|
|
capabilities = ["list"]
|
|
}
|
|
|
|
path "acme/certs/*" {
|
|
capabilities = ["create"]
|
|
}
|
|
|
|
# Servers can always get nix-daemon data
|
|
path "kv/data/apps/nix-daemon" {
|
|
capabilities = ["read"]
|
|
}
|
|
path "kv/metadata/apps/nix-daemon" {
|
|
capabilities = ["read"]
|
|
}
|