Fix signature checking.

You have to add, explicitly, users you want to be trusted! See: https://github.com/serokell/deploy-rs/issues/25
1 year ago · 03e6d225e4
parent 2d60d9e6a2
commit 03e6d225e4
2 changed files with 4 additions and 1 deletions
--- a/nixos-configs/common/default.nix
+++ b/nixos-configs/common/default.nix
@ -12,6 +12,9 @@

  # clean /tmp on boot.
  boot.cleanTmpDir = true;
+  # Allow any admin to build packages, not just root.
+  ## if you don't set this then your sshUser MUST BE ROOT, or you'll get untrusted sig errors.
+  nix.settings.trusted-users = [ "@wheel" ]; 

  # Automatically optimize the Nix store to save space
  # by hard-linking identical files together. These savings
--- a/nixos-configs/hosts/exgod/configuration.nix
+++ b/nixos-configs/hosts/exgod/configuration.nix
@ -37,7 +37,7 @@
  # Enable the X11 windowing system.
  # services.xserver.enable = true;

-  nix.settings.require-sigs = false;
+  nix.settings.require-sigs = true;

  # Configure keymap in X11
  services.xserver.layout = "us";