From 2d42894fa73dfcd83e0e3dc1e6c0644ff888a477 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Tue, 4 Feb 2025 17:20:19 +0000
Subject: [PATCH] nix: add @wheel to trusted-users everywhere

---
 common/base-server/default.nix | 1 -
 common/nix.nix                 | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/base-server/default.nix b/common/base-server/default.nix
index 47a82fa..9e6125c 100644
--- a/common/base-server/default.nix
+++ b/common/base-server/default.nix
@@ -13,6 +13,5 @@ in
     # Allow remote deployment with colmena
     deployment.targetUser = null;
     security.sudo.wheelNeedsPassword = false;
-    nix.settings.trusted-users = [ "@wheel" ];
   };
 }
diff --git a/common/nix.nix b/common/nix.nix
index 3eb2193..12ebcf7 100644
--- a/common/nix.nix
+++ b/common/nix.nix
@@ -9,6 +9,7 @@
   };
   nix.nixPath = [ "nixpkgs=flake:nixpkgs" ];
   nixpkgs.config.allowUnfree = true;
+  nix.settings.trusted-users = [ "@wheel" ];
 
   # this is a dependency of feishin (used in qenya's home-manager). it does not actually have a known vulnerability,
   # it's just unsuspported because Electron's support cycle is a ludicrously short 6 months.