qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

h: only allow nix usage by root

Browse Source
This commit is contained in:
Aaron Bieber 2024-01-23 07:01:33 -07:00
parent 3c2e027352
commit 531c74f4de
No known key found for this signature in database
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/h/default.nix
View File

@ -72,6 +72,13 @@ in
kernelParams = [ "net.ifnames=0" ];
};
nix = {
settings = {
allowed-users = lib.mkForce [ "root" ];
trusted-users = lib.mkForce [ "root" ];
};
};
tailscale.sshOnly = true;
nixpkgs.overlays = [