I have two NixOS machines: machine1 is my workstation, machine2 is my remote buildhost.
machine1 has machine2 configured as a build machine.
These are the relevant settings on machine1, my user is a member of wheel:
% id -nG | grep -o wheel
wheel
% grep trusted-users /etc/nix/nix.conf
trusted-users = root root @wheel
% cat /etc/nix/machines
ssh-ng://remotebuild@192.168.1.123 x86_64-linux - 16 2 nixos-test,benchmark,big-parallel,kvm,gccarch-skylake - -
%
And on machine2:
% grep trusted-users /etc/nix/nix.conf
trusted-users = root remotebuild
%
Despite this, I regularly get random files which are untrusted.
Does my setup make sense?
From what I understand, one should not get these issues as long as the user building the path is a trusted user on the machine building the path. Is this correct?
Is there any way I can see which key was used to sign specific paths?