32 lines
728 B
Nix
32 lines
728 B
Nix
|
{
|
||
|
self,
|
||
|
config,
|
||
|
pkgs,
|
||
|
...
|
||
|
}: let
|
||
|
psCfg = config.pub-solar;
|
||
|
in {
|
||
|
age.secrets.nix-builder-private-key = {
|
||
|
owner = "builder";
|
||
|
group = "builder";
|
||
|
file = "${self}/secrets/chonk_nix_builder_private_key.age";
|
||
|
};
|
||
|
|
||
|
programs.ssh.package = pkgs.openssh_hpn;
|
||
|
|
||
|
nix.settings.trusted-users = ["builder"];
|
||
|
|
||
|
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
||
|
|
||
|
users.groups."builder" = {};
|
||
|
|
||
|
users.users."builder" = {
|
||
|
isNormalUser = true;
|
||
|
group = "builder";
|
||
|
shell = pkgs.bashInteractive;
|
||
|
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8hTdDTA+LVlHkOm5IBjT32PvAdCxYfUfFFRx+JGeS6 root@norman"];
|
||
|
};
|
||
|
|
||
|
nix.settings.secret-key-files = "/run/agenix/nix-builder-private-key";
|
||
|
}
|