Hermes
84c6a7af6a
Add reusable remote-builder NixOS module and builder system user. Server (lazyworkhorse): dispatches aarch64-linux builds to uConsole uConsole: dispatches x86_64-linux builds to server The builder user uses the same SSH keypair on both hosts for symmetric remote building. Generate the key with: ssh-keygen -t ed25519 -f /etc/ssh/builder_key -N "" Add the public key to lib/keys.nix (replace PLACEHOLDER).
14 lines
300 B
Nix
14 lines
300 B
Nix
{ config, lib, pkgs, keys, ... }: {
|
|
users.users.builder = {
|
|
isSystemUser = true;
|
|
group = "builder";
|
|
home = "/var/empty";
|
|
createHome = false;
|
|
shell = pkgs.nologin;
|
|
openssh.authorizedKeys.keys = with keys; [
|
|
users.builder.main
|
|
];
|
|
};
|
|
users.groups.builder = {};
|
|
}
|