From 31c85295040df9334f6914c2aad5eef9901d86d1 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien.malka@me.com>
Date: Sat, 25 Dec 2021 22:16:24 +0100
Subject: [PATCH] Refactored nix allowed users

---
 modules/bincache/default.nix | 13 +++++++------
 modules/nix/default.nix      |  1 -
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/modules/bincache/default.nix b/modules/bincache/default.nix
index bc290a7..b47a8ae 100644
--- a/modules/bincache/default.nix
+++ b/modules/bincache/default.nix
@@ -14,12 +14,13 @@ with lib;
   };
 
   config = mkIf cfg.enable
-  {
-    users.users.nix-serve = {
-      isSystemUser = true;
-    };
+    {
+      users.users.nix-serve = {
+        isSystemUser = true;
+      };
+      nix.allowedUsers = [ "nix-serve" ];
       users.users.nix-serve.group = "nix-serve";
-      users.groups.nix-serve = {};
+      users.groups.nix-serve = { };
 
       sops.secrets.bin-cache-priv-key = {
         owner = "nix-serve";
@@ -30,7 +31,7 @@ with lib;
         secretKeyFile = "/run/secrets/bin-cache-priv-key";
         port = port;
       };
-      
+
       luj.nginx.enable = true;
       services.nginx.virtualHosts."${cfg.subdomain}.julienmalka.me" = {
         enableACME = true;
diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index bb34886..3f9c2a3 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -13,7 +13,6 @@ with lib;
       nixpkgs.config.allowUnfree = true;
       nix = {
         autoOptimiseStore = true;
-        allowedUsers = [ "julien" "hydra" "nix-serve" ];
         gc = {
           automatic = true;
           dates = "daily";