From 42a83db85e5c19915f139a1ea12ec251d8f83e84 Mon Sep 17 00:00:00 2001
From: Alejandro Angulo <iam@alejandr0angul0.dev>
Date: Sat, 2 Mar 2024 08:47:05 -0800
Subject: [PATCH] Address security issue in nixpkgs

See https://github.com/NixOS/nixpkgs/issues/31611
---
 systems/x86_64-linux/node/default.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix
index b0875d2..6ce3113 100644
--- a/systems/x86_64-linux/node/default.nix
+++ b/systems/x86_64-linux/node/default.nix
@@ -85,7 +85,12 @@
     apps.yubikey.enable = true;
   };
 
-  security.pam.sshAgentAuth.enable = true;
+  security.pam.sshAgentAuth = {
+    enable = true;
+    # Addresses issue 31611
+    # See: https://github.com/NixOS/nixpkgs/issues/31611
+    authorizedKeysFiles = lib.mkForce ["/etc/ssh/authorized_keys.d/%u"];
+  };
   security.pam.services.${config.aa.user.name}.sshAgentAuth = true;
 
   boot.loader.systemd-boot.enable = true;