lix/src/nix
John Ericson a47e055e09 Move trustedUsers and allowedUsers to separate config struct
These settings are not needed for libstore at all, they are just used by
the nix daemon *command* for authorization on unix domain sockets. My
moving them to a new configuration struct just in that file, we avoid
them leaking anywhere else.

Also, it is good to break up the mammoth `Settings` struct in general.
Issue #5638 tracks this.

The message is not changed because I do not want to regress in
convenience to the user. Just saying "this connection is not trusted"
doesn't tell them out to fix the issue. The ideal thing to do would be
to somehow parameterize `processCommand` on how the error should be
displayed, so different sorts of connections can display different
information to the user based on how authentication is performed for the
connection in question. This, however, is a good bit more work, so it is
left for the future.

This came up with me thinking about the tcp:// store (#5265). The larger
project is not TCP *per se*, but the idea that it should be possible for
something else to manage access control to services like the Nix Daemon,
and those services simply trust or trust the incoming connection as they
are told. This is a more capability-oriented way of thinking about trust
than "every server implements its own auth separately" as we are used to today.

Its very great that libstore itself already implements just this model,
and so via this refactor I basically want to "enshrine" that so it
continues to be the case.
2023-02-02 14:17:24 -05:00
..
realisation fix spelling mistakes reported by Debian's lintian tool 2022-01-30 10:51:39 +02:00
add-file.md Split 'nix store add-to-store' into 'add-path' and 'add-file' 2020-12-04 00:59:24 +01:00
add-path.md Split 'nix store add-to-store' into 'add-path' and 'add-file' 2020-12-04 00:59:24 +01:00
add-to-store.cc Get rid of std::shared_ptr<std::string> and ref<std::string> 2022-01-18 11:12:30 +01:00
app.cc Split OutputsSpec and ExtendedOutputsSpec, use the former more 2023-01-11 18:57:18 -05:00
build.cc Merge toDerivations() into toDerivedPaths() 2022-12-20 14:24:14 +01:00
build.md nix build: add --print-out-paths flag 2022-04-20 19:35:46 +03:00
bundle.cc Revert "Revert "Merge pull request #6204 from layus/coerce-string"" 2023-01-19 13:23:04 +01:00
bundle.md docfix: bundlers 2022-08-10 18:49:29 -05:00
cat.cc Get rid of std::shared_ptr<std::string> and ref<std::string> 2022-01-18 11:12:30 +01:00
copy.cc Add command 'nix store copy-log' 2022-01-18 14:08:49 +01:00
copy.md Add 'nix copy' manpage 2020-12-21 13:32:27 +01:00
daemon.cc Move trustedUsers and allowedUsers to separate config struct 2023-02-02 14:17:24 -05:00
daemon.md manual: build action -> build task 2022-11-06 13:28:18 +01:00
describe-stores.cc Remove static variable name clashes 2020-10-06 13:49:20 +02:00
develop.cc Remove default constructor from OutputsSpec 2023-01-11 19:08:19 -05:00
develop.md Docs: Add nix develop --command entry 2022-09-06 08:18:29 -07:00
diff-closures.cc Move installables-related operations 2022-03-02 19:19:51 +01:00
diff-closures.md Add 'nix store diff-closures' manpage 2020-12-21 13:32:29 +01:00
doctor.cc doctor: Always show the output 2022-04-05 14:04:01 +02:00
dump-path.cc Add 'nix store' NAR-related manpages 2020-12-21 13:32:28 +01:00
edit.cc replace most Pos objects/ptrs with indexes into a position table 2022-04-21 21:46:06 +02:00
edit.md nix edit: support kakoune 2022-03-22 23:18:02 +09:00
eval.cc Revert "Revert "Merge pull request #6204 from layus/coerce-string"" 2023-01-19 13:23:04 +01:00
eval.md Add 'nix eval' manpage 2020-12-21 13:32:28 +01:00
flake-archive.md Add 'nix flake' manpages 2020-12-23 18:26:40 +01:00
flake-check.md nix flake check: Fix markdown 2021-11-24 13:53:09 +01:00
flake-clone.md Add 'nix flake' manpages 2020-12-23 18:26:40 +01:00
flake-init.md Update docs 2022-02-22 14:32:56 +01:00
flake-lock.md nix flake update: Recreate the lock file 2021-02-26 14:55:54 +01:00
flake-metadata.md Merge 'nix flake {info,list-inputs}' into 'nix flake metadata' 2021-03-16 17:19:04 +01:00
flake-new.md Add 'nix flake' manpages 2020-12-23 18:26:40 +01:00
flake-prefetch.md nix store prefetch-tarball -> nix flake prefetch 2021-01-11 12:36:39 +01:00
flake-show.md Update docs 2022-02-22 14:32:56 +01:00
flake-update.md Trivial changes from the lazy-trees branch 2022-12-07 14:06:34 +01:00
flake.cc nix flake show: Ignore empty attrsets 2023-01-31 18:20:26 +01:00
flake.md documentation: use sections instead of list items 2022-12-13 11:47:44 +01:00
fmt.cc Shut up clang warning 2022-04-28 14:24:17 +02:00
fmt.md nix-fmt: add command 2022-03-11 10:00:19 -05:00
get-env.sh nix develop: Ignore some more bash special variables 2022-08-23 14:57:08 +02:00
hash.cc Remove std::string alias (for real this time) 2022-02-25 16:13:02 +01:00
help.md Add 'nix help' manpage 2020-12-21 13:32:29 +01:00
key-convert-secret-to-public.md Add commands for generating secret/public keys 2021-01-06 17:49:31 +01:00
key-generate-secret.md Fix missing ` in key manual 2022-06-08 11:46:50 +02:00
local.mk build: use pkg-config for lowdown 2022-11-12 23:04:58 +01:00
log.cc Merge toDerivations() into toDerivedPaths() 2022-12-20 14:24:14 +01:00
log.md Tweak 2020-12-21 13:32:28 +01:00
ls.cc Replace src/libutil/json.cc with nlohmann json generation 2022-11-16 16:50:50 +01:00
main.cc Revert "Revert "Merge pull request #6204 from layus/coerce-string"" 2023-01-19 13:23:04 +01:00
make-content-addressed.cc Really fix 'nix store make-content-addressed --json' 2022-12-01 16:29:09 +01:00
make-content-addressed.md Dodge "trusted" vs "trustworthy" by being explicit 2022-09-22 14:37:52 -04:00
nar-cat.md Add 'nix nar' manpages 2020-12-21 13:32:28 +01:00
nar-dump-path.md Add 'nix nar' manpages 2020-12-21 13:32:28 +01:00
nar-ls.md Add 'nix nar' manpages 2020-12-21 13:32:28 +01:00
nar.cc Make '--help' do the same as 'help' (i.e. show a manpage) 2021-01-25 14:38:15 +01:00
nar.md Add 'nix nar' manpages 2020-12-21 13:32:28 +01:00
nix.md remove redundant re-definition of store derivations 2023-01-02 13:37:59 +01:00
optimise-store.cc Add 'nix store optimise' manpage 2020-12-21 13:32:28 +01:00
optimise-store.md Add 'nix store optimise' manpage 2020-12-21 13:32:28 +01:00
path-from-hash-part.cc Add command 'nix store path-from-hash-part' 2022-10-18 16:51:12 +02:00
path-from-hash-part.md Add command 'nix store path-from-hash-part' 2022-10-18 16:51:12 +02:00
path-info.cc Replace src/libutil/json.cc with nlohmann json generation 2022-11-16 16:50:50 +01:00
path-info.md link "store derivation" to glossary definition 2022-12-21 11:42:50 +01:00
ping-store.cc nix store ping: try to print json if connect() fails aswell 2023-01-31 15:10:39 +01:00
ping-store.md Tweak 2021-01-17 19:49:28 +01:00
prefetch.cc Revert "Revert "Merge pull request #6204 from layus/coerce-string"" 2023-01-19 13:23:04 +01:00
print-dev-env.md nix print-dev-env: Add --json flag 2021-07-09 12:10:48 +02:00
profile-diff-closures.md Add 'nix profile' manpage 2020-12-21 13:32:29 +01:00
profile-history.md nix profile history: Show profile date 2021-09-14 20:47:33 +02:00
profile-install.md nix profile: Support overriding outputs 2022-05-03 15:00:34 +02:00
profile-list.md Trivial changes from the lazy-trees branch 2022-12-07 14:06:34 +01:00
profile-remove.md man: fix formatting of nix3-profile-remove 2021-06-28 16:27:03 +02:00
profile-rollback.md Generations -> profile versions 2021-09-14 19:57:45 +02:00
profile-upgrade.md Trivial changes from the lazy-trees branch 2022-12-07 14:06:34 +01:00
profile-wipe-history.md Add 'nix profile wipe-history' command 2021-09-14 20:35:41 +02:00
profile.cc Rename OutputPath -> ExtendedOutputPath 2023-01-11 18:55:29 -05:00
profile.md Trivial changes from the lazy-trees branch 2022-12-07 14:06:34 +01:00
realisation.cc Make experimental-features a proper type 2021-10-26 07:02:31 +02:00
registry-add.md nix registry: add --registry flag 2021-06-30 22:13:32 +03:00
registry-list.md Add 'nix registry' manpages 2020-12-21 13:32:27 +01:00
registry-pin.md Style tweaks 2021-07-07 10:02:55 +02:00
registry-remove.md nix registry: add --registry flag 2021-06-30 22:13:32 +03:00
registry.cc Trivial changes from the lazy-trees branch 2022-12-07 14:06:34 +01:00
registry.md doc: Fix typo 2022-06-28 22:43:37 -04:00
repl.md Fix typo -- dashes not underscores 2022-10-17 14:15:32 -06:00
run.cc nix develop: Set personality 2022-12-23 16:33:55 +01:00
run.hh nix develop: Set personality 2022-12-23 16:33:55 +01:00
run.md Update docs 2022-02-22 14:32:56 +01:00
search.cc Fix extra "." in CmdSearch::getDefaultFlakeAttrPaths 2023-01-31 00:04:05 +08:00
search.md Add --exclude flag to nix search 2022-06-07 18:25:48 +02:00
shell.md nix shell: example shouldn't use an absolute path for the shell 2022-07-21 14:25:07 +02:00
show-config.cc nix/show-config: allow getting the value of a specific setting 2023-01-12 13:56:35 -08:00
show-derivation.cc Replace src/libutil/json.cc with nlohmann json generation 2022-11-16 16:50:50 +01:00
show-derivation.md link "store derivation" to glossary definition 2022-12-21 11:42:50 +01:00
sigs.cc nix key: Fix error message and don't require flakes 2021-11-11 21:31:26 -05:00
store-cat.md Add 'nix store' NAR-related manpages 2020-12-21 13:32:28 +01:00
store-copy-log.cc Merge toDerivations() into toDerivedPaths() 2022-12-20 14:24:14 +01:00
store-copy-log.md link "store derivation" to glossary definition 2022-12-21 11:42:50 +01:00
store-delete.cc Deduplicate the Store downcasting with a template 2022-03-11 13:32:33 +00:00
store-delete.md Add 'nix store delete' command 2021-01-11 19:46:59 +01:00
store-dump-path.md Add 'nix store' NAR-related manpages 2020-12-21 13:32:28 +01:00
store-gc.cc Deduplicate the Store downcasting with a template 2022-03-11 13:32:33 +00:00
store-gc.md Add 'nix store gc' command 2021-01-10 23:29:14 +01:00
store-ls.md Add 'nix store' NAR-related manpages 2020-12-21 13:32:28 +01:00
store-prefetch-file.md Fix some typos 2021-03-26 16:14:38 +01:00
store-repair.cc run(): Move 2021-09-27 11:12:06 +02:00
store-repair.md Add 'nix store repair' command 2021-01-13 23:27:39 +01:00
store.cc Make '--help' do the same as 'help' (i.e. show a manpage) 2021-01-25 14:38:15 +01:00
upgrade-nix.cc Revert "Revert "Merge pull request #6204 from layus/coerce-string"" 2023-01-19 13:23:04 +01:00
upgrade-nix.md Explain exactly what nix-upgrade nix does 2022-06-02 15:05:27 +02:00
verify.cc Avoid some StorePath <-> Path round trips 2023-01-30 09:37:57 -05:00
verify.md Add 'nix store verify' manpage 2020-12-21 13:32:28 +01:00
why-depends.cc Fix why-depends for CA derivations (again) 2023-01-02 17:42:22 +01:00
why-depends.md Add 'nix why-depends' manpage 2020-12-21 13:32:28 +01:00