Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

abstract

Browse Source
This commit is contained in:
Nathan
2025-08-23 11:24:03 -05:00
parent f94627e858
commit 3ce100218d
2 changed files with 18 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
system-config/configuration/homebox/default.nix
View File

@@ -25,25 +25,6 @@
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ]; binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
}; };
nix.settings.trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true;
createHome = false;
};
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.partition
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
).right
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
hardware = { hardware = {
graphics.enable = true; graphics.enable = true;

18
system-config/default.nix
View File

@@ -69,6 +69,7 @@
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true; builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
}; };
distributedBuilds = config.sysconfig.remoteBuildClient; distributedBuilds = config.sysconfig.remoteBuildClient;
@@ -88,6 +89,23 @@
]; ];
}; };
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true;
createHome = false;
};
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.partition
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
).right
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
time.timeZone = lib.mkDefault "America/Chicago"; time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault { i18n = lib.mkDefault {