From 910b179e95caac75ff41ad9a7b64fdaac557839d Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Sat, 3 Feb 2024 19:49:09 -0500
Subject: [PATCH] global/nix: setup remote build user

---
 modules/global/nix.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/modules/global/nix.nix b/modules/global/nix.nix
index 1a51a95..621e91d 100644
--- a/modules/global/nix.nix
+++ b/modules/global/nix.nix
@@ -6,7 +6,7 @@ with lib;
 
     settings = {
       allowed-users = [ "*" ];
-      trusted-users = [ "root" "@wheel" ];
+      trusted-users = [ "root" "@wheel" "remotebuild" ];
 
       system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       experimental-features = [ "flakes" "nix-command" "impure-derivations" "no-url-literals" "repl-flake" ];
@@ -51,6 +51,11 @@ with lib;
       "nixpkgs=${inputs.nixpkgs}"
       "home-manager=${inputs.home-manager}"
     ];
+
+    distributedBuilds = true;
+    extraOptions = ''
+      builders-use-substitutes = true
+    '';
   };
 
   nixpkgs.config = {
@@ -95,4 +100,12 @@ with lib;
         '';
       };
   };
+
+  users.users.remotebuild = {
+    description = "Unprivledged user for Nix remote builds";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+    group = "remotebuild";
+  };
+  users.groups.remotebuild = { };
 }