Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

global/nix: setup remote build user

Browse source
This commit is contained in:
Infinidoge 2024-02-03 19:49:09 -05:00
parent 43af63273a
commit 910b179e95
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
1 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/global/nix.nix
View file

@ -6,7 +6,7 @@ with lib;
settings = { settings = {
allowed-users = [ "*" ]; allowed-users = [ "*" ];
trusted-users = [ "root" "@wheel" ]; trusted-users = [ "root" "@wheel" "remotebuild" ];
system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
experimental-features = [ "flakes" "nix-command" "impure-derivations" "no-url-literals" "repl-flake" ]; experimental-features = [ "flakes" "nix-command" "impure-derivations" "no-url-literals" "repl-flake" ];
@ -51,6 +51,11 @@ with lib;
"nixpkgs=${inputs.nixpkgs}" "nixpkgs=${inputs.nixpkgs}"
"home-manager=${inputs.home-manager}" "home-manager=${inputs.home-manager}"
]; ];
distributedBuilds = true;
extraOptions = ''
builders-use-substitutes = true
'';
}; };
nixpkgs.config = { nixpkgs.config = {
@ -95,4 +100,12 @@ with lib;
''; '';
}; };
}; };
users.users.remotebuild = {
description = "Unprivledged user for Nix remote builds";
isNormalUser = true;
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
group = "remotebuild";
};
users.groups.remotebuild = { };
} }