Added remote build user
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 9s
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 9s
This commit is contained in:
parent
0d8ea5a568
commit
0830ab5d48
GPG key ID:
75579581C74554B6
|
|
@ -25,9 +25,12 @@ in
|
|||
};
|
||||
|
||||
useSelfhostedCache = mkEnableOption "use self-hosted nix cache (currently hosted on gospel)";
|
||||
remoteBuilder.enable = mkEnableOption "set up as a remote builder";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = mkIf cfg.enable (
|
||||
lib.mkMerge [
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
nix-prefetch
|
||||
nixfmt-rfc-style
|
||||
|
|
@ -71,5 +74,28 @@ in
|
|||
options = lib.mkDefault "--delete-older-than 30d";
|
||||
};
|
||||
};
|
||||
}
|
||||
(lib.mkIf cfg.remoteBuilder.enable {
|
||||
users.users.remotebuild = {
|
||||
isNormalUser = true;
|
||||
createHome = false;
|
||||
group = "remotebuild";
|
||||
|
||||
# All the keys from ./remote_client_keys should be trusted
|
||||
openssh.authorizedKeys.keyFiles = (
|
||||
let
|
||||
publicKeys = builtins.readDir ./remote_client_keys;
|
||||
fileNames = builtins.attrNames publicKeys;
|
||||
filePaths = builtins.map (fileName: ./remote_client_keys + "/${fileName}") fileNames;
|
||||
in
|
||||
filePaths
|
||||
);
|
||||
};
|
||||
|
||||
users.groups.remotebuild = { };
|
||||
|
||||
nix.settings.trusted-users = [ "remotebuild" ];
|
||||
})
|
||||
]
|
||||
);
|
||||
}
|
||||
|
|
|
|||
1
modules/nixos/nix/remote_client_keys/carbon.pub
Normal file
1
modules/nixos/nix/remote_client_keys/carbon.pub
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKy1MP/CjBPhcXac3XgTEnhATN6xpXRO6YDkHNhLQrkx root@carbon
|
||||
|
|
@ -14,6 +14,7 @@
|
|||
|
||||
aa = {
|
||||
nix.enable = true;
|
||||
nix.remoteBuilder.enable = true;
|
||||
|
||||
archetypes = {
|
||||
workstation.enable = true;
|
||||
|
|
|
|||
Loading…
Reference in a new issue