From 2b33de452acd76e472cc0f5b5ee35c1330734ec7 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Sat, 20 Apr 2024 23:03:18 +0200
Subject: nix: trust no-one

---
 flake.nix                             | 5 -----
 system/linde.nix                      | 1 -
 system/prefect.nix                    | 1 -
 system/settings/configuration/nix.nix | 1 -
 system/settings/darwin.nix            | 1 -
 system/settings/programs/base.nix     | 3 +++
 6 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/flake.nix b/flake.nix
index dfabb683..341e3514 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,11 +19,6 @@
     deploy-rs.url = "github:serokell/deploy-rs";
   };
 
-  nixConfig = {
-    extra-substituters = [ "https://deploy-rs.cachix.org" ];
-    extra-trusted-public-keys = [ "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" ];
-  };
-
   outputs =
     inputs@
     { self
diff --git a/system/linde.nix b/system/linde.nix
index 10425754..4e2ff959 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -132,7 +132,6 @@ in
     settings = {
       max-jobs = 2;
       auto-optimise-store = true;
-      trusted-users = [ "root" "nixremote" ];
       experimental-features = [ "nix-command" "flakes" ];
     };
     gc = {
diff --git a/system/prefect.nix b/system/prefect.nix
index f4c542a3..3e69122a 100644
--- a/system/prefect.nix
+++ b/system/prefect.nix
@@ -136,7 +136,6 @@
   system.stateVersion = "23.05";
 
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-  nix.settings.trusted-users = [ "root" "nixremote" ];
   services.displayManager.hiddenUsers = [ "nixremote" ];
   users.users.nixremote = {
     shell = "/bin/sh";
diff --git a/system/settings/configuration/nix.nix b/system/settings/configuration/nix.nix
index 4142fa34..6b6d51b3 100644
--- a/system/settings/configuration/nix.nix
+++ b/system/settings/configuration/nix.nix
@@ -9,7 +9,6 @@
     settings = {
       cores = 0;
       auto-optimise-store = true;
-      trusted-users = [ "@wheel" ];
     };
 
     daemonCPUSchedPolicy = "idle";
diff --git a/system/settings/darwin.nix b/system/settings/darwin.nix
index 460d47bd..06fd3d86 100644
--- a/system/settings/darwin.nix
+++ b/system/settings/darwin.nix
@@ -25,7 +25,6 @@
     settings.keep-derivations = true;
 
     linux-builder.enable = true;
-    settings.trusted-users = [ "@admin" ];
   };
 
   nixpkgs.config = {
diff --git a/system/settings/programs/base.nix b/system/settings/programs/base.nix
index 5e0fe7e5..efde273d 100644
--- a/system/settings/programs/base.nix
+++ b/system/settings/programs/base.nix
@@ -13,8 +13,11 @@
       "https://nix-community.cachix.org"
       "https://deploy-rs.cachix.org"
       "https://binarycache.alanpearce.eu"
+      "https://deploy-rs.cachix.org"
     ];
+
     trusted-public-keys = [
+      "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI="
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI="
       "binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4="
-- 
cgit 1.4.1