Make the builder dynamic user a trusted user

jmbaur · Aug 13, 2023 · cce2f4c · cce2f4c
1 parent 28fc2bd
commit cce2f4c
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/nixos-modules/builder.nix b/nixos-modules/builder.nix
@@ -36,6 +36,7 @@ let
         };
         serviceConfig = {
           DynamicUser = true;
+          User = "builder";
           CacheDirectory = "builder";
           StateDirectory = "builder";
         };
@@ -61,6 +62,8 @@ in
   };
 
   config = lib.mkIf (cfg.build != { }) {
+    users.groups.builder = { };
+    nix.settings.trusted-users = [ "builder" ];
     systemd.timers = lib.mapAttrs (_: { timer, ... }: timer) systemdConfigs;
     systemd.services = lib.mapAttrs (_: { service, ... }: service) systemdConfigs;
   };