os/hosts/chonk/builder.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

34 lines
749 B
Nix
Raw Normal View History

2023-02-25 13:45:21 +00:00
{
config,
pkgs,
2023-10-21 20:43:08 +00:00
lib,
2023-11-11 00:06:36 +00:00
flake,
2023-02-25 13:45:21 +00:00
...
}: let
psCfg = config.pub-solar;
in {
age.secrets.nix-builder-private-key = {
owner = "builder";
group = "builder";
2023-11-11 00:06:36 +00:00
file = "${flake.self}/secrets/chonk_nix_builder_private_key.age";
2023-02-25 13:45:21 +00:00
};
2023-10-21 20:43:08 +00:00
nix = {
gc.automatic = lib.mkForce false;
settings.trusted-users = ["builder"];
};
2023-02-25 13:45:21 +00:00
boot.binfmt.emulatedSystems = ["aarch64-linux"];
users.groups."builder" = {};
users.users."builder" = {
isNormalUser = true;
group = "builder";
shell = pkgs.bashInteractive;
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8hTdDTA+LVlHkOm5IBjT32PvAdCxYfUfFFRx+JGeS6 root@norman"];
};
nix.settings.secret-key-files = "/run/agenix/nix-builder-private-key";
}