security: start setting permissions on secrets properly

2025-12-01 23:53:27 +01:00 · 2025-12-01 23:53:27 +01:00 · 2adc358dec
commit 2adc358dec
parent 01fb6d8ec9
6 changed files with 43 additions and 34 deletions
--- a/modules/base/system/nixdaemon.nix
+++ b/modules/base/system/nixdaemon.nix
@ -40,8 +40,7 @@
              "root"
              username
            ]
-            ++ lib.optional (builtins.hasAttr "native" config.services.gitea-actions-runner.instances) "gitea-runner"
-            ++ lib.optional config.services.hydra.enable "hydra hydra-www hydra-evaluator hydra-queue-runner";
+            ++ lib.optional (builtins.hasAttr "native" config.services.gitea-actions-runner.instances) "gitea-runner";
          in
          {
            nix-path = "nixpkgs=flake:nixpkgs";