diff options
| author | seth <[email protected]> | 2023-05-24 06:53:12 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-05-24 06:53:12 -0400 |
| commit | 632052e752becd11408ae909b8e70956cd259d64 (patch) | |
| tree | b6d94b19b8a9bfa1d2504dd1db0356d500ce54d6 /hosts/atlas/default.nix | |
| parent | 7be1973f71ba26c667ebd09b9d007815bb2fd1f3 (diff) | |
atlas/p-body: enable github auth for wheel users
Diffstat (limited to 'hosts/atlas/default.nix')
| -rw-r--r-- | hosts/atlas/default.nix | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix index 11db15e..0146b72 100644 --- a/hosts/atlas/default.nix +++ b/hosts/atlas/default.nix @@ -1,6 +1,7 @@ { config, pkgs, + self, ... }: { imports = [ @@ -19,6 +20,13 @@ hermetic = false; }; + age.secrets.authGH = { + file = "${self}/secrets/hosts/${config.networking.hostName}/authGH.age"; + mode = "440"; + owner = config.users.users.root.name; + group = config.users.groups.wheel.name; + }; + boot = { binfmt.emulatedSystems = ["x86_64-linux" "i686-linux"]; cleanTmpDir = true; @@ -35,7 +43,13 @@ hostName = "atlas"; }; - nix.settings.trusted-users = ["bob"]; + nix = { + extraOptions = '' + !include ${config.age.secrets.authGH.path} + ''; + + settings.trusted-users = ["bob"]; + }; system.stateVersion = "22.11"; |