From 45f3c5d844b4079a0b8f05033f241bab23017729 Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <mcsinyx@disroot.org>
Date: Mon, 16 May 2022 01:00:54 +0900
Subject: Let xarvos use IPFS CLI

---
 configuration.nix |  1 -
 ipfs.nix          | 30 ++++++++++++++++++++----------
 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 8af1061..9d17525 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -37,7 +37,6 @@
 
   security.sudo = {
     enable = true;
-    execWheelOnly = true;
     wheelNeedsPassword = false;
   };
 
diff --git a/ipfs.nix b/ipfs.nix
index 97db78d..58ea7c2 100644
--- a/ipfs.nix
+++ b/ipfs.nix
@@ -24,17 +24,27 @@ in {
     allowedUDPPorts = [ 4001 ];
   };
 
-  security.acme.certs.${domain} = {
-    credentialsFile = pkgs.writeText "namesilo.env" ''
-      NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key
-      NAMESILO_PROPAGATION_TIMEOUT=1800
-    '';
-    dnsProvider = "namesilo";
-    extraDomainNames = [
-      "*.ipfs.${domain}"
-      "*.ipns.${domain}"
+  security = {
+    acme.certs.${domain} = {
+      credentialsFile = pkgs.writeText "namesilo.env" ''
+        NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key
+        NAMESILO_PROPAGATION_TIMEOUT=1800
+      '';
+      dnsProvider = "namesilo";
+      extraDomainNames = [
+        "*.ipfs.${domain}"
+        "*.ipns.${domain}"
+      ];
+      webroot = null;
+    };
+
+    sudo.extraRules = [
+      {
+        users = [ "xarvos" ];
+        commands = [ "ALL" ];
+        runAs = "ipfs";
+      }
     ];
-    webroot = null;
   };
 
   services = {
-- 
cgit 1.4.1