From 741a5ff90bee26e4f9e973f440d8842c56393d93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sat, 24 May 2025 16:11:34 +0000
Subject: [PATCH] deployerbot-follower: also allow from localhost

---
 modules/services/deployerbot/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/services/deployerbot/default.nix b/modules/services/deployerbot/default.nix
index 847038a..90ab25e 100644
--- a/modules/services/deployerbot/default.nix
+++ b/modules/services/deployerbot/default.nix
@@ -142,7 +142,17 @@
           createHome = true;
           uid = cfg.uidgid;
           openssh.authorizedKeys.keys = map (
-            k: ''from="${builtins.concatStringsSep "," cfg.sshAllowSubnets}" '' + k
+            k:
+            ''from="${
+              builtins.concatStringsSep "," (
+                cfg.sshAllowSubnets
+                ++ [
+                  "::1"
+                  "127.0.0.1"
+                ]
+              )
+            }" ''
+            + k
           ) cfg.publicKeys;
         };
         users.groups.deployerbot-follower.gid = cfg.uidgid;