Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

global/nix: allow adding extra users to remotebuild

Browse source
This commit is contained in:
Infinidoge 2025-06-23 17:40:50 -04:00
parent d481d06e6e
commit 725419bf74
Signed by: Infinidoge
SSH key fingerprint: SHA256:EMoPe5e2dO0gEvtBb2xkZTz5dkyL0rBmuiGTKG5s96E
1 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/global/nix.nix
View file

@ -12,6 +12,9 @@ let
filterAttrs filterAttrs
mapAttrs' mapAttrs'
; ;
authorizedKeysFiles =
users: lib.concatStringsSep " " (map (u: "/etc/ssh/authorized_keys.d/${u}") users);
in in
{ {
nix = { nix = {
@ -152,11 +155,21 @@ in
description = "Unprivledged user for Nix remote builds"; description = "Unprivledged user for Nix remote builds";
isSystemUser = true; isSystemUser = true;
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
group = "remotebuild"; group = "remotebuild";
}; };
users.groups.remotebuild = { }; users.groups.remotebuild = { };
services.openssh.extraConfig = ''
Match user remotebuild
AuthorizedKeysFile ${
authorizedKeysFiles [
"infinidoge"
"root"
"%u"
]
}
'';
nix.buildMachines = [ nix.buildMachines = [
{ {
hostName = "infini-dl360"; hostName = "infini-dl360";