diff --git a/modules/devos/cachix/ssh.nix b/modules/devos/cachix/ssh.nix index b29d79e..50022d5 100644 --- a/modules/devos/cachix/ssh.nix +++ b/modules/devos/cachix/ssh.nix @@ -1,7 +1,12 @@ { config, lib, ... }: { - nix.settings.substituters = lib.mkIf (config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home) - ((if config.info.loc.home then (lib.mkOrder 300) else lib.mkAfter) [ - "ssh://infini-desktop" - ]); + nix.settings = { + substituters = lib.mkIf (config.networking.hostName != "Infini-DESKTOP" && config.info.loc.home) + ((if config.info.loc.home then (lib.mkOrder 300) else lib.mkAfter) [ + "ssh://infini-desktop" + ]); + trusted-public-keys = [ + "infinidoge-1:uw2A6JHHdGJ9GPk0NEDnrdfVkPp0CUY3zIvwVgNlrSk=" + ]; + }; } diff --git a/modules/devos/nix.nix b/modules/devos/nix.nix index 972a511..f6682d3 100644 --- a/modules/devos/nix.nix +++ b/modules/devos/nix.nix @@ -29,7 +29,9 @@ with lib; keep-outputs = true keep-derivations = true fallback = true - ''; + '' + (if config.modules.secrets.enable then '' + secret-key-files = ${config.secrets.binary-cache-private-key} + '' else ""); # nixPath = [ # "nixpkgs=${channel.input}" diff --git a/secrets/binary-cache-private-key.age b/secrets/binary-cache-private-key.age new file mode 100644 index 0000000..f7e61d2 Binary files /dev/null and b/secrets/binary-cache-private-key.age differ diff --git a/secrets/binary-cache-public-key b/secrets/binary-cache-public-key new file mode 100644 index 0000000..e223bde --- /dev/null +++ b/secrets/binary-cache-public-key @@ -0,0 +1 @@ +infinidoge-1:uw2A6JHHdGJ9GPk0NEDnrdfVkPp0CUY3zIvwVgNlrSk= \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1c98e42..bdb8ad2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,4 +20,5 @@ in "wireless.age".publicKeys = allKeys; "infinidoge-password.age".publicKeys = allKeys; "root-password.age".publicKeys = allKeys; + "binary-cache-private-key.age".publicKeys = allKeys; }