diff options
author | Alan Pearce | 2024-04-20 23:03:18 +0200 |
---|---|---|
committer | Alan Pearce | 2024-04-20 23:03:18 +0200 |
commit | 2b33de452acd76e472cc0f5b5ee35c1330734ec7 (patch) | |
tree | 74164dcc7dbfc8e9287dacd46bcdd07b95b8bf83 | |
parent | 8af31e11a2b09de45ced64041c1b81a91072bc77 (diff) | |
download | nixfiles-2b33de452acd76e472cc0f5b5ee35c1330734ec7.tar.lz nixfiles-2b33de452acd76e472cc0f5b5ee35c1330734ec7.tar.zst nixfiles-2b33de452acd76e472cc0f5b5ee35c1330734ec7.zip |
nix: trust no-one
-rw-r--r-- | flake.nix | 5 | ||||
-rw-r--r-- | system/linde.nix | 1 | ||||
-rw-r--r-- | system/prefect.nix | 1 | ||||
-rw-r--r-- | system/settings/configuration/nix.nix | 1 | ||||
-rw-r--r-- | system/settings/darwin.nix | 1 | ||||
-rw-r--r-- | system/settings/programs/base.nix | 3 |
6 files changed, 3 insertions, 9 deletions
diff --git a/flake.nix b/flake.nix index dfabb683..341e3514 100644 --- a/flake.nix +++ b/flake.nix @@ -19,11 +19,6 @@ deploy-rs.url = "github:serokell/deploy-rs"; }; - nixConfig = { - extra-substituters = [ "https://deploy-rs.cachix.org" ]; - extra-trusted-public-keys = [ "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" ]; - }; - outputs = inputs@ { self diff --git a/system/linde.nix b/system/linde.nix index 10425754..4e2ff959 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -132,7 +132,6 @@ in settings = { max-jobs = 2; auto-optimise-store = true; - trusted-users = [ "root" "nixremote" ]; experimental-features = [ "nix-command" "flakes" ]; }; gc = { diff --git a/system/prefect.nix b/system/prefect.nix index f4c542a3..3e69122a 100644 --- a/system/prefect.nix +++ b/system/prefect.nix @@ -136,7 +136,6 @@ system.stateVersion = "23.05"; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - nix.settings.trusted-users = [ "root" "nixremote" ]; services.displayManager.hiddenUsers = [ "nixremote" ]; users.users.nixremote = { shell = "/bin/sh"; diff --git a/system/settings/configuration/nix.nix b/system/settings/configuration/nix.nix index 4142fa34..6b6d51b3 100644 --- a/system/settings/configuration/nix.nix +++ b/system/settings/configuration/nix.nix @@ -9,7 +9,6 @@ settings = { cores = 0; auto-optimise-store = true; - trusted-users = [ "@wheel" ]; }; daemonCPUSchedPolicy = "idle"; diff --git a/system/settings/darwin.nix b/system/settings/darwin.nix index 460d47bd..06fd3d86 100644 --- a/system/settings/darwin.nix +++ b/system/settings/darwin.nix @@ -25,7 +25,6 @@ settings.keep-derivations = true; linux-builder.enable = true; - settings.trusted-users = [ "@admin" ]; }; nixpkgs.config = { diff --git a/system/settings/programs/base.nix b/system/settings/programs/base.nix index 5e0fe7e5..efde273d 100644 --- a/system/settings/programs/base.nix +++ b/system/settings/programs/base.nix @@ -13,8 +13,11 @@ "https://nix-community.cachix.org" "https://deploy-rs.cachix.org" "https://binarycache.alanpearce.eu" + "https://deploy-rs.cachix.org" ]; + trusted-public-keys = [ + "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" "binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4=" |