make darwin key root only

2024-10-10 19:20:20 +02:00 · 2024-10-10 19:20:20 +02:00 · d2b9dd528e
parent a4101d21dc
commit d2b9dd528e
3 changed files with 3 additions and 7 deletions
--- a/profiles/remote-builders.nix
+++ b/profiles/remote-builders.nix
@ -57,12 +57,8 @@ let
      '';

      sops.secrets = lib.mkIf (lib.hasPrefix "/run/secrets/" (thatHost.ssh.userPrivateKey or "")) {
-        "${lib.removePrefix "/run/secrets/" thatHost.ssh.userPrivateKey}" = {
-          mode = "0440";
-          group = "nix-community-builder";
-        };
+        "${lib.removePrefix "/run/secrets/" thatHost.ssh.userPrivateKey}" = { };
      };
-      users.groups.nix-community-builder = {};

    })
    # in
--- a/users/pbsds/default.nix
+++ b/users/pbsds/default.nix
@ -42,7 +42,7 @@
    extraGroups = [
      "pbsds"
      "users" # backward compat
-      "nix-community-builder"
+      #"nix-community-builder"
      "networkmanager"
      "audio"
      "sound"
--- a/users/pbsds/home/profiles/ssh.nix
+++ b/users/pbsds/home/profiles/ssh.nix
@ -41,7 +41,7 @@
    "rocm.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no";

    # nix-community
-    "darwin-build-box.nix-community.org" = {};
+    #"darwin-build-box.nix-community.org" = {};

    # ntnu
    "garmr.idi.ntnu.no".forwardX11 = true;