From 28d891f4e2b37b4bec20b812081922c6995cb6aa Mon Sep 17 00:00:00 2001
From: Natsu Kagami <nki@nkagami.me>
Date: Sat, 17 Aug 2024 17:41:28 +0200
Subject: [PATCH] Restrict connection source for keys

---
 modules/services/nix-build-farm/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/services/nix-build-farm/default.nix b/modules/services/nix-build-farm/default.nix
index 2f6b432..e76350d 100644
--- a/modules/services/nix-build-farm/default.nix
+++ b/modules/services/nix-build-farm/default.nix
@@ -47,7 +47,7 @@ in
           description = "Nix build farm user";
           group = build-user;
           isNormalUser = true;
-          openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: host.pubKey) otherHosts;
+          openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${host.host}" ${host.pubKey}'') otherHosts;
         };
         groups.${build-user} = { };
       };