2023-02-25 13:45:21 +00:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
pkgs,
|
2023-10-21 20:43:08 +00:00
|
|
|
lib,
|
2023-11-11 00:06:36 +00:00
|
|
|
flake,
|
2023-02-25 13:45:21 +00:00
|
|
|
...
|
|
|
|
}: let
|
|
|
|
psCfg = config.pub-solar;
|
|
|
|
in {
|
|
|
|
age.secrets.nix-builder-private-key = {
|
|
|
|
owner = "builder";
|
|
|
|
group = "builder";
|
2023-11-11 00:06:36 +00:00
|
|
|
file = "${flake.self}/secrets/chonk_nix_builder_private_key.age";
|
2023-02-25 13:45:21 +00:00
|
|
|
};
|
|
|
|
|
2023-10-21 20:43:08 +00:00
|
|
|
nix = {
|
|
|
|
gc.automatic = lib.mkForce false;
|
|
|
|
settings.trusted-users = ["builder"];
|
|
|
|
};
|
2023-02-25 13:45:21 +00:00
|
|
|
|
|
|
|
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
|
|
|
|
|
|
|
users.groups."builder" = {};
|
|
|
|
|
|
|
|
users.users."builder" = {
|
|
|
|
isNormalUser = true;
|
|
|
|
group = "builder";
|
|
|
|
shell = pkgs.bashInteractive;
|
|
|
|
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8hTdDTA+LVlHkOm5IBjT32PvAdCxYfUfFFRx+JGeS6 root@norman"];
|
|
|
|
};
|
|
|
|
|
|
|
|
nix.settings.secret-key-files = "/run/agenix/nix-builder-private-key";
|
|
|
|
}
|