From 03e6d225e41b7196fd721e3ebd24330f6cf4a794 Mon Sep 17 00:00:00 2001
From: josiah <me@jowj.net>
Date: Sun, 19 Feb 2023 12:43:44 -0600
Subject: [PATCH] Fix signature checking.

You have to add, explicitly, users you want to be trusted! See:
https://github.com/serokell/deploy-rs/issues/25
---
 nixos-configs/common/default.nix            | 3 +++
 nixos-configs/hosts/exgod/configuration.nix | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/nixos-configs/common/default.nix b/nixos-configs/common/default.nix
index 8b45a12..4037371 100644
--- a/nixos-configs/common/default.nix
+++ b/nixos-configs/common/default.nix
@@ -12,6 +12,9 @@
 
   # clean /tmp on boot.
   boot.cleanTmpDir = true;
+  # Allow any admin to build packages, not just root.
+  ## if you don't set this then your sshUser MUST BE ROOT, or you'll get untrusted sig errors.
+  nix.settings.trusted-users = [ "@wheel" ]; 
 
   # Automatically optimize the Nix store to save space
   # by hard-linking identical files together. These savings
diff --git a/nixos-configs/hosts/exgod/configuration.nix b/nixos-configs/hosts/exgod/configuration.nix
index 9e51043..802fafc 100644
--- a/nixos-configs/hosts/exgod/configuration.nix
+++ b/nixos-configs/hosts/exgod/configuration.nix
@@ -37,7 +37,7 @@
   # Enable the X11 windowing system.
   # services.xserver.enable = true;
 
-  nix.settings.require-sigs = false;
+  nix.settings.require-sigs = true;
 
   # Configure keymap in X11
   services.xserver.layout = "us";