···
${optionalString cfg.requireSignedBinaryCaches ''
50
+
trusted-users = ${toString cfg.trustedUsers}
51
+
allowed-users = ${toString cfg.allowedUsers}
···
if it is signed by <emphasis>any</emphasis> of the keys
listed here. By default, only the key for
<uri>cache.nixos.org</uri> is included.
282
+
trustedUsers = mkOption {
283
+
type = types.listOf types.str;
284
+
default = [ "root" ];
285
+
example = [ "root" "alice" "@wheel" ];
287
+
A list of names of users that have additional rights when
288
+
connecting to the Nix daemon, such as the ability to specify
289
+
additional binary caches, or to import unsigned NARs. You
290
+
can also specify groups by prefixing them with
291
+
<literal>@</literal>; for instance,
292
+
<literal>@wheel</literal> means all users in the wheel
297
+
allowedUsers = mkOption {
298
+
type = types.listOf types.str;
300
+
example = [ "@wheel" "@builders" "alice" "bob" ];
302
+
A list of names of users (separated by whitespace) that are
303
+
allowed to connect to the Nix daemon. As with
304
+
<option>nix.trustedUsers</option>, you can specify groups by
305
+
prefixing them with <literal>@</literal>. Also, you can
306
+
allow all users by specifying <literal>*</literal>. The
307
+
default is <literal>*</literal>. Note that trusted users are
308
+
always allowed to connect.
pyrox.dev