61 lines
1.4 KiB
Nix
61 lines
1.4 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
sops.secrets = {
|
|
"remote-build/publicKey" = {
|
|
sopsFile = ./../secrets/common.yaml;
|
|
path = "/root/.ssh/remote-build.pub";
|
|
mode = "0644";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
"remote-build/privateKey" = {
|
|
sopsFile = ./../secrets/common.yaml;
|
|
path = "/root/.ssh/remote-build";
|
|
mode = "0600";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
};
|
|
|
|
services.openssh.settings.AllowUsers = [ "remotebuild" ];
|
|
users = {
|
|
users.remotebuild = {
|
|
isSystemUser = true;
|
|
group = "remotebuild";
|
|
shell = pkgs.bashInteractive;
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDGsHMycO4DL/HlkyWbzSQ6fzeWwRje/pb44NNwrwB11 remotebuild@ruject"
|
|
];
|
|
};
|
|
groups.remotebuild = { };
|
|
};
|
|
|
|
nix = {
|
|
distributedBuilds = true;
|
|
settings = {
|
|
builders-use-substitutes = true;
|
|
trusted-users = [ "remotebuild" ];
|
|
};
|
|
|
|
buildMachines = [
|
|
{
|
|
hostName = "ruject.fun";
|
|
sshUser = "remotebuild";
|
|
sshKey = "/root/.ssh/remote-build";
|
|
protocol = "ssh";
|
|
system = "x86_64-linux";
|
|
systems = [
|
|
"x86_64-linux"
|
|
];
|
|
maxJobs = 4;
|
|
speedFactor = 2;
|
|
supportedFeatures = [
|
|
"nixos-test"
|
|
"benchmark"
|
|
"big-parallel"
|
|
"kvm"
|
|
];
|
|
}
|
|
];
|
|
};
|
|
}
|