Establishing trust in flakes?

Hi all,

I would like to use NixOS’s system.autoUpgrade feature to regularily pull updates from my personal flake via Git.

However, there is one obstacle to it: How can I trust that nixos-rebuild is in fact applying my Flake and not some backdoored / untrusted configuration?

I’ve done a similar thing in the past without NixOS by signing my system configuration (Ansible playbooks) using Gits --sign-gpg option.

Now I am wondering, how I could achieve the same in Nix?

I also think that its a more general question not only concerning system.autoUpgrade.flake or nixos-rebuild.

I thought about maybe extending the Git flake URI to include a set of PGP keys against which the commits must be signed in order for the flake URI to be valid?

Example: git+ 285A9675EAC34897E6E2

I am curious how you trust into your or other peoples flakes.

1 Like

The current assumption for Flakes is that the git server holding the flake can be trusted.

A quick(?) solution:
Use a local repo (=trusted) and a separate process (systemd timer etc) to pull in new commits and checking the signatures

Yes, I also had the same idea. I will go for it until we maybe have a better solution :slight_smile: Thanks