colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

sane-private-unlock-remote: fix ssh sandboxing (hopefully)

Browse Source
This commit is contained in:
Colin
2025-06-17 04:28:14 +00:00
parent af8f7c06ad
commit d4e668e6fd
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/common/programs/sane-private-unlock-remote.nix
View File

@@ -8,12 +8,12 @@ in
sandbox.net = "all"; sandbox.net = "all";
sandbox.extraHomePaths = [ sandbox.extraHomePaths = [
".config/sops" ".config/sops"
".ssh/id_ed25519"
".ssh/id_ed25519.pub"
"knowledge/secrets" "knowledge/secrets"
]; ];
sandbox.whitelistSsh = true;
suggestedPrograms = [ suggestedPrograms = [
"sane-scripts.secrets-dump" "sane-scripts.secrets-dump"
"ssh"
]; ];
configOption = with lib; mkOption { configOption = with lib; mkOption {