deployerbot-follower: also allow from localhost

2025-05-24 16:11:34 +00:00
parent 0e882bf94d
commit 741a5ff90b
1 changed files with 11 additions and 1 deletions
--- a/modules/services/deployerbot/default.nix
+++ b/modules/services/deployerbot/default.nix
@@ -142,7 +142,17 @@
          createHome = true;
          uid = cfg.uidgid;
          openssh.authorizedKeys.keys = map (
-            k: ''from="${builtins.concatStringsSep "," cfg.sshAllowSubnets}" '' + k
+            k:
+            ''from="${
+              builtins.concatStringsSep "," (
+                cfg.sshAllowSubnets
+                ++ [
+                  "::1"
+                  "127.0.0.1"
+                ]
+              )
+            }" ''
+            + k
          ) cfg.publicKeys;
        };
        users.groups.deployerbot-follower.gid = cfg.uidgid;