Unverified Commit dd7b3992 authored by Krzysztof Nazarewski's avatar Krzysztof Nazarewski
Browse files

nixos/netbird: allow reading journald messages 

2025-09-19T10:50:03+02:00 ERRO client/internal/debug/debug.go:338: failed to add systemd logs: get systemd logs for netbird-priv: execute journalctl: exit status 1 (stderr: Hint: You are currently not seeing messages from other users and the system.
      Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
      Pass -q to turn off this notice.
No journal files were opened due to insufficient permissions.
)
parent eee5067f

nixos/modules/services/networking/netbird.nix

+12 −0
Original line number Diff line number Diff line
@@ -585,6 +585,18 @@ in 
            ];

        }

      );

      users.users = toHardenedClientAttrs (

        client:

        nameValuePair client.user.name {

          extraGroups = [

            /*

              allows debug bundles to gather systemd logs for `netbird*.service`

              this is not ideal for hardening as it grants access to the whole journal, not just own logs

            */

            "systemd-journal"

          ];

        }

      );

    }

    # Hardening section

    (mkIf (hardenedClients != { }) {