From 534dabca19804f05944222b10b4d32018cd62bbf Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Fri, 5 Sep 2025 22:11:46 +0100
Subject: [PATCH] feat: set ACL's

---
 applications/itd/splunk/module.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/applications/itd/splunk/module.nix b/applications/itd/splunk/module.nix
index 30dcb19..8500a41 100644
--- a/applications/itd/splunk/module.nix
+++ b/applications/itd/splunk/module.nix
@@ -47,6 +47,21 @@ in {
     # might not be required
     networking.firewall.allowedTCPPorts = [8089];
 
+    # need to set access controls
+    systemd.tmpfiles.rules = [
+       "a /var/log                 - - - - u:splunk:rx"
+       "a /var/log/auth.log        - - - - splunk:r"
+       "a /var/log/messages        - - - - u:splunk:r"
+       "a /var/log/secure          - - - - u:splunk:r"
+       "a /var/log/audit           - - - - u:splunk:rx"
+       "a /var/log/audit.log       - - - - u:splunk:r"
+       "a /var/log/audit/audit.log - - - - u:splunk:r"
+       "a /root                    - - - - u:splunk:rx"
+       "a /root/.bash_history      - - - - u:splunk:r"
+       "a /home/*                  - - - - u:splunk:rx"
+       "a /home/*/.bash_history    - - - - u:splunk:r"
+    ];
+
     # set up the core files
     systemd.services."${name}_prestart" = {
       wantedBy = [