make darwin key root only

2024-10-10 19:20:20 +02:00
parent a4101d21dc
commit d2b9dd528e
3 changed files with 3 additions and 7 deletions
--- a/profiles/remote-builders.nix
+++ b/profiles/remote-builders.nix
@@ -57,12 +57,8 @@ let
      '';

      sops.secrets = lib.mkIf (lib.hasPrefix "/run/secrets/" (thatHost.ssh.userPrivateKey or "")) {
-        "${lib.removePrefix "/run/secrets/" thatHost.ssh.userPrivateKey}" = {
-          mode = "0440";
-          group = "nix-community-builder";
-        };
+        "${lib.removePrefix "/run/secrets/" thatHost.ssh.userPrivateKey}" = { };
      };
-      users.groups.nix-community-builder = {};

    })
    # in