From 534dabca19804f05944222b10b4d32018cd62bbf Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Fri, 5 Sep 2025 22:11:46 +0100 Subject: [PATCH] feat: set ACL's --- applications/itd/splunk/module.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/applications/itd/splunk/module.nix b/applications/itd/splunk/module.nix index 30dcb19..8500a41 100644 --- a/applications/itd/splunk/module.nix +++ b/applications/itd/splunk/module.nix @@ -47,6 +47,21 @@ in { # might not be required networking.firewall.allowedTCPPorts = [8089]; + # need to set access controls + systemd.tmpfiles.rules = [ + "a /var/log - - - - u:splunk:rx" + "a /var/log/auth.log - - - - splunk:r" + "a /var/log/messages - - - - u:splunk:r" + "a /var/log/secure - - - - u:splunk:r" + "a /var/log/audit - - - - u:splunk:rx" + "a /var/log/audit.log - - - - u:splunk:r" + "a /var/log/audit/audit.log - - - - u:splunk:r" + "a /root - - - - u:splunk:rx" + "a /root/.bash_history - - - - u:splunk:r" + "a /home/* - - - - u:splunk:rx" + "a /home/*/.bash_history - - - - u:splunk:r" + ]; + # set up the core files systemd.services."${name}_prestart" = { wantedBy = [