feat: add nix store signing for remote deploys

2026-03-30 00:21:37 +02:00
parent 29053f4ec2
commit 27b7b2abf2
3 changed files with 37 additions and 0 deletions
--- a/hosts/tower/configuration.nix
+++ b/hosts/tower/configuration.nix
@@ -1,4 +1,5 @@
 {
+  config,
  lib,
  inputs,
  userKeys,
@@ -10,6 +11,10 @@
    inputs.lanzaboote.nixosModules.lanzaboote
  ];

+  # nix store signing
+  sops.secrets.nix-signing-key.sopsFile = ../../secrets/tower.yaml;
+  nix.settings.secret-key-files = [ config.sops.secrets.nix-signing-key.path ];
+
  localisation = {
    timeZone = "Europe/Ljubljana";
    defaultLocale = "en_US.UTF-8";