Restrict connection source for keys

2024-08-17 17:41:28 +02:00 · 2024-08-17 17:41:28 +02:00 · 28d891f4e2
parent 0fe0bb0367
commit 28d891f4e2
1 changed files with 1 additions and 1 deletions
--- a/modules/services/nix-build-farm/default.nix
+++ b/modules/services/nix-build-farm/default.nix
@ -47,7 +47,7 @@ in
          description = "Nix build farm user";
          group = build-user;
          isNormalUser = true;
-          openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: host.pubKey) otherHosts;
+          openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${host.host}" ${host.pubKey}'') otherHosts;
        };
        groups.${build-user} = { };
      };