nix: use @wheel for trusted-users

author Julien Moutinho <julm+julm-nix@sourcephile.fr>

Sun, 12 Nov 2023 22:34:17 +0000 (23:34 +0100)

committer Julien Moutinho <julm+julm-nix@sourcephile.fr>

Sun, 12 Nov 2023 22:34:17 +0000 (23:34 +0100)
author Julien Moutinho <julm+julm-nix@sourcephile.fr>
Sun, 12 Nov 2023 22:34:17 +0000 (23:34 +0100)
committer Julien Moutinho <julm+julm-nix@sourcephile.fr>
Sun, 12 Nov 2023 22:34:17 +0000 (23:34 +0100)
diff --git a/hosts/aubergine.nix b/hosts/aubergine.nix

index 34e5637e9a74511c2e95abe28be5920af465de0b..18373e6c47bb3c79e660084871eeba4dd3b6d88d 100644 (file)
--- a/hosts/aubergine.nix
+++ b/hosts/aubergine.nix
@@ -56,7 +56,6 @@
        #secret-key-files = /run/credentials/nix-daemon.service/secret-key-files.pem
      '';
      settings = {
-      trusted-users = [ config.users.users."julm".name ];
        substituters = [
          #"http://nix-localcache.losurdo.wg"
          #"ssh://nix-ssh@losurdo.wg?priority=30"
diff --git a/hosts/oignon.nix b/hosts/oignon.nix

index 245eb637312e144541c47f21b40923a413f06a6c..b0951cc7c88d965a877225fbbfe6b1b802528615 100644 (file)
--- a/hosts/oignon.nix
+++ b/hosts/oignon.nix
@@ -65,7 +65,6 @@
        secret-key-files = /run/credentials/nix-daemon.service/${hostName}.key
      '';
      settings = {
-      trusted-users = [ config.users.users."julm".name ];
        substituters = [
          #"http://nix-localcache.losurdo.wg"
          "ssh://nix-ssh@losurdo.wg?priority=30"
diff --git a/hosts/patate.nix b/hosts/patate.nix

index 62d1fab6d9d696557c1297ae9d7ca3da64a66c37..91ef3aa8e5d66665453c5c0715f96ae6c666e7fa 100644 (file)
--- a/hosts/patate.nix
+++ b/hosts/patate.nix
@@ -42,7 +42,6 @@
  
    nix = {
      settings = {
-      trusted-users = [ config.users.users."sevy".name ];
        substituters = [
          #"ssh://nix-ssh@losurdo.wg?priority=30"
          #"ssh://nix-ssh@oignon.wg?priority=10"
diff --git a/nixos/profiles/security.nix b/nixos/profiles/security.nix

index a9cab5b38348334f7595ab9a2ee0bccf5433284c..7f7acc5e03a7f4fdb7b798603fb9dd053dd92a0e 100644 (file)
--- a/nixos/profiles/security.nix
+++ b/nixos/profiles/security.nix
@@ -13,6 +13,10 @@ with lib;
    nix.settings.trusted-public-keys = [
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    ];
+  nix.settings.trusted-users = [
+    "root"
+    "@wheel"
+  ];
    networking.firewall.pingLimit = "--limit 60/minute --limit-burst 5";
    security.allowSimultaneousMultithreading = false;
    security.apparmor.enable = mkDefault true;
author	Julien Moutinho <julm+julm-nix@sourcephile.fr>
	Sun, 12 Nov 2023 22:34:17 +0000 (23:34 +0100)
committer	Julien Moutinho <julm+julm-nix@sourcephile.fr>
	Sun, 12 Nov 2023 22:34:17 +0000 (23:34 +0100)
hosts/aubergine.nix		patch \| blob \| history
hosts/oignon.nix		patch \| blob \| history
hosts/patate.nix		patch \| blob \| history
nixos/profiles/security.nix		patch \| blob \| history