nix: trust no-one
Alan Pearce alan@alanpearce.eu
Sat, 20 Apr 2024 23:03:18 +0200
6 files changed, 3 insertions(+), 9 deletions(-)
M flake.nix → flake.nix
@@ -19,11 +19,6 @@ agenix.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; }; - nixConfig = { - extra-substituters = [ "https://deploy-rs.cachix.org" ]; - extra-trusted-public-keys = [ "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" ]; - }; - outputs = inputs@ { self
M system/linde.nix → system/linde.nix
@@ -132,7 +132,6 @@ daemonIOSchedPriority = 6; settings = { max-jobs = 2; auto-optimise-store = true; - trusted-users = [ "root" "nixremote" ]; experimental-features = [ "nix-command" "flakes" ]; }; gc = {
M system/prefect.nix → system/prefect.nix
@@ -136,7 +136,6 @@ system.stateVersion = "23.05"; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - nix.settings.trusted-users = [ "root" "nixremote" ]; services.displayManager.hiddenUsers = [ "nixremote" ]; users.users.nixremote = { shell = "/bin/sh";
M system/settings/configuration/nix.nix → system/settings/configuration/nix.nix
@@ -9,7 +9,6 @@ nix = { settings = { cores = 0; auto-optimise-store = true; - trusted-users = [ "@wheel" ]; }; daemonCPUSchedPolicy = "idle";
M system/settings/darwin.nix → system/settings/darwin.nix
@@ -25,7 +25,6 @@ settings.keep-outputs = true; settings.keep-derivations = true; linux-builder.enable = true; - settings.trusted-users = [ "@admin" ]; }; nixpkgs.config = {
M system/settings/programs/base.nix → system/settings/programs/base.nix
@@ -13,8 +13,11 @@ substituters = [ "https://nix-community.cachix.org" "https://deploy-rs.cachix.org" "https://binarycache.alanpearce.eu" + "https://deploy-rs.cachix.org" ]; + trusted-public-keys = [ + "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" "binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4="