diff options
-rw-r--r-- | configuration.nix | 1 | ||||
-rw-r--r-- | ipfs.nix | 30 |
2 files changed, 20 insertions, 11 deletions
diff --git a/configuration.nix b/configuration.nix index 8af1061..9d17525 100644 --- a/configuration.nix +++ b/configuration.nix @@ -37,7 +37,6 @@ security.sudo = { enable = true; - execWheelOnly = true; wheelNeedsPassword = false; }; diff --git a/ipfs.nix b/ipfs.nix index 97db78d..58ea7c2 100644 --- a/ipfs.nix +++ b/ipfs.nix @@ -24,17 +24,27 @@ in { allowedUDPPorts = [ 4001 ]; }; - security.acme.certs.${domain} = { - credentialsFile = pkgs.writeText "namesilo.env" '' - NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key - NAMESILO_PROPAGATION_TIMEOUT=1800 - ''; - dnsProvider = "namesilo"; - extraDomainNames = [ - "*.ipfs.${domain}" - "*.ipns.${domain}" + security = { + acme.certs.${domain} = { + credentialsFile = pkgs.writeText "namesilo.env" '' + NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key + NAMESILO_PROPAGATION_TIMEOUT=1800 + ''; + dnsProvider = "namesilo"; + extraDomainNames = [ + "*.ipfs.${domain}" + "*.ipns.${domain}" + ]; + webroot = null; + }; + + sudo.extraRules = [ + { + users = [ "xarvos" ]; + commands = [ "ALL" ]; + runAs = "ipfs"; + } ]; - webroot = null; }; services = { |