os/hosts/chonk/builder.nix
2023-11-11 01:06:36 +01:00

34 lines
749 B
Nix

{
config,
pkgs,
lib,
flake,
...
}: let
psCfg = config.pub-solar;
in {
age.secrets.nix-builder-private-key = {
owner = "builder";
group = "builder";
file = "${flake.self}/secrets/chonk_nix_builder_private_key.age";
};
nix = {
gc.automatic = lib.mkForce false;
settings.trusted-users = ["builder"];
};
boot.binfmt.emulatedSystems = ["aarch64-linux"];
users.groups."builder" = {};
users.users."builder" = {
isNormalUser = true;
group = "builder";
shell = pkgs.bashInteractive;
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8hTdDTA+LVlHkOm5IBjT32PvAdCxYfUfFFRx+JGeS6 root@norman"];
};
nix.settings.secret-key-files = "/run/agenix/nix-builder-private-key";
}