cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add cache priv key to nix.conf

Browse source
This commit is contained in:
cy 2025-03-27 23:41:24 -04:00
parent 073e118366
commit 36d1097c26
Signed by: cy
SSH key fingerprint: SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
1 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
hosts/common.nix
View file

@ -1,4 +1,4 @@
{ inputs, ... }: { inputs, config, ... }:
{ {
nix = { nix = {
settings = { settings = {
@ -9,7 +9,7 @@
"root" "root"
"@wheel" "@wheel"
]; ];
trusted-public-keys = [ extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8="
]; ];
@ -17,6 +17,9 @@
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixcache.cy7.sh" "https://nixcache.cy7.sh"
]; ];
secret-key-files = [
config.sops.secrets.cache-priv-key.path
];
}; };
channel.enable = false; channel.enable = false;
optimise = { optimise = {
@ -74,4 +77,11 @@
services.thermald.enable = true; services.thermald.enable = true;
environment.enableAllTerminfo = true; environment.enableAllTerminfo = true;
sops.secrets.cache-priv-key = {
format = "binary";
sopsFile = ../secrets/cache-priv-key.pem;
mode = "0440";
group = "users";
};
} }