hydra: set allowed URIs in restricted mode for flake inputs

This commit is contained in:
Pierre Bourdon 2024-07-10 18:52:22 +02:00
parent f35cfbd567
commit d2336262fb
Signed by untrusted user: delroth
GPG key ID: 6FB80DCD84DA0F1C

View file

@ -64,6 +64,15 @@ in {
# Can be removed once this is added to some common config template. # Can be removed once this is added to some common config template.
nix.settings.trusted-users = [ "root" "hydra" "hydra-www" "@wheel" ]; nix.settings.trusted-users = [ "root" "hydra" "hydra-www" "@wheel" ];
# Because Hydra can't fetch flake inputs otherwise... also yes, this
# prefix-based matching is absurdly bad.
nix.settings.allowed-uris = [
"github:"
"https://github.com/"
"https://git.lix.systems/"
"https://git@git.lix.systems/"
];
services.hydra-dev = { services.hydra-dev = {
enable = true; enable = true;