From c3eb805bdf1ce43775669b27cfbf0a0ae5304fbf Mon Sep 17 00:00:00 2001
From: Riley Apeldoorn <me@riley.lgbt>
Date: Mon, 19 Jun 2023 19:16:27 +0200
Subject: [PATCH] Rename root keys to host keys, add lime's host key

---
 secret/backblaze.age                          | Bin 820 -> 864 bytes
 secrets.nix                                   |   4 +-
 shared/core/nix.nix                           |  41 ++++++++++--------
 system/cherry/keys/{root.pub => host.pub}     |   0
 system/lime/keys/host.pub                     |   1 +
 system/lime/keys/root.pub                     |   2 +-
 system/strawberry/keys/{root.pub => host.pub} |   0
 7 files changed, 27 insertions(+), 21 deletions(-)
 rename system/cherry/keys/{root.pub => host.pub} (100%)
 create mode 100644 system/lime/keys/host.pub
 rename system/strawberry/keys/{root.pub => host.pub} (100%)

diff --git a/secret/backblaze.age b/secret/backblaze.age
index 81cb2b0757788e2e3fbb82a7006d77d2321b2f5e..7bd01d12147024a16af7ae1eb092cc82d9ec9b68 100644
GIT binary patch
delta 773
zcmWmA&8yP}003|vo1zh6IG=A14_0&t_LZjjYI0C$(l#GWo1{sbq&$%%{YdlGCQUyN
z_8pY5;Tyg^HrU_|hKKF2U8V;W5!8ct5Ydy00}oGd&ut7HJB%H~-=FZiy8FfMODl7m
zKwQ$CVyNbV8K%pH9_MH24o|jqc-)9-2}KwQYDi881jw;&s`;ec$}$zys5q=wvATjV
zgrhDv4JEW~H1dJl7c^@Oq)sOW13T4fLMWOc5}~J+l}=)Udr^JXaWf3uvN_Mz3r>_F
zix3MdW~0fEVUjP0Ba`b73q2rq(t=Qy*q{XE-E?j+N#=c8u~ke>(pf#D(do!ZN~I)4
zZT!7l*WnPX>N*{?l02#wG(#xFGA);VrA(AeB}X;sl7PhJ83=fd9+^*~TxsCqHtT3r
z94f+)R`t2c%z|2^25VNPjp5Cfw0U-6NfoddVr#>)%M?u-MJR5<X%2#MQz5F<%-obS
z9Hnm1Vhv;gFF@HiEo8f*Wx8aouV*B(BoulaVWquhhaUOkAh1GhlFn^DSXi2~k%SD8
zq(;oJaY1SOEJfBmCSpUmhzothva11-3#7W(u>g#xaJ`;yI%UllSt*}|wSFMsCZ&}4
zaKIQLU71kk5E&xK`+rOhK#^T(r#ex~7_<OY$pyV`JSOCvi21QUg^JvKG%CTAoYfen
zPpS+dq?<^a^7+VC<!Ral6@D0YD%FYY)XX|Cl7Lhym5B23C{VMEf#L<$CZdQyd!kwl
zt!{r%=`kuJhdHB<cOj?;*!!ffX8%5cZ?FFF{B^MQTk*#)nfsTo9G`AI`r^p{C(a%H
z-XD4EKaHY`i{q8my_eUQgH`I6tpg`NznQ?lTLbqV{OhH0c<cFv?x`EE7Ef%>KRmN@
z=)Z$+yg!e9bN7Sw3)_$XnSUmJ{d@b;ty?>jZ#RnjHtxF1+kY&@jfeNHH9kFg?3s9d
ejqmOGb@8L8$lE&~pFgv3@e_Q1@bKqd?CE!kkP!F)

delta 729
zcmWmA%WKnc007_(VPZu@500VI%G_YY+BE5}Ns$fHHtCY4>6$iudC)dZleXz2X`3`*
zvf;rYf=u?n!`wmCfwv8r|A0)Ci7-XP?I41nhrxF6Fi-0JJAK~<UJlG(nc-7`o|i8L
z%y=^4VdEM@aEKl88U;Q~BqMnq@1ms;U<(Nqc9gsMrjZ6ZjMBj(S~c+mS&SHga91@-
zT1X<AA}4Bb&GI*BhkL@+ZYyr7gaF_TxHL5zOUbUDSSyq*suk<ly*ixZOJrO#nOHW2
z64_`Y1zAkcQ^>+(CzCK8fScq3z$-&ql`Gc+c`b)fjVZDV8AukL)NN2R^07M4DaD5e
zLutrvv_vW=qBTGzp@QH6bk@vkfMTe0xGS>dT2v~9VI$>p)CIOvFJdhQj!~%G#uGYC
z%Nk`!w1Nrk3TylHUNwm}qv71b&Hlj*610*6!34>Q4{2gbl5FzPCa}GkmY*n+by~|8
z*aj+8TbY={Q}$4-#1LXg)h(=J3kGWAoI0snxSi&CN>z1Uw=*eUsJ8IFe{jZ+VUuA)
zP2*;PgjvImSuI4$&=9XEH5RfFLD9@cgq1K^bjT6CoC+~TT&%~XAf@7^E*y!QJ}WI(
zLP607!-T-I!0?gq|NpTfOigw2Q*K$83T?@CmG!wy`kL%#T$eewLz6rH&WuI>vu?Mm
z7XT?mAXyE^EQ_E$o;KW47&6F36$BEsut&<KL6HGsDCao({Si(cp4%8b|88||&G}}m
zZ|wC4;pC6K^`%Vq*iv_8G4SN^a;q^rv2|(p#_Ij!-9x8z@$k>}FV-IRBD(B8+HoS_
z>;yf%$&YTVKRfd?dbHg)@@oG9FMU6KAlHV6^u@Uo<HkyPI}@3`HP1i4z4P@EH2pR_
lQgLdZ?o2J8y0E-ePjBjXaS$mDd+FVK+?p`1?tgyz>n|-31El}}

diff --git a/secrets.nix b/secrets.nix
index 60f0b9f..5d87a80 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -1,10 +1,10 @@
 let strawberry = [
       (builtins.readFile ./system/strawberry/keys/riley.pub)
-      (builtins.readFile ./system/strawberry/keys/root.pub)
+      (builtins.readFile ./system/strawberry/keys/host.pub)
     ];
     lime = [
       (builtins.readFile ./system/lime/keys/riley.pub)
-      (builtins.readFile ./system/lime/keys/root.pub)
+      (builtins.readFile ./system/lime/keys/host.pub)
     ];
     dev-lt-63 = [
       (builtins.readFile ./system/dev-lt-63/keys/riley.pub)
diff --git a/shared/core/nix.nix b/shared/core/nix.nix
index d275658..2f314ae 100644
--- a/shared/core/nix.nix
+++ b/shared/core/nix.nix
@@ -5,15 +5,29 @@ let cfg = config.custom.nix;
 in with lib; {
 
   options.custom.nix = {
-    distributedBuilds.enable = mkEnableOption "distributed builds on strawberry";
+    distributedBuilds.enable = 
+      (mkEnableOption "distributed builds on strawberry") // { default = true; };
   };
 
   # TODO: Add strawberry as a build machine here
-  config = {
-    nixpkgs.config.allowUnfree = true;
-  	nix = {
-  		distributedBuilds = true;
-  		buildMachines = [{
+  config = mkMerge [
+    {
+      nixpkgs.config.allowUnfree = true;
+    	nix = {
+        extraOptions = ''
+          experimental-features = nix-command flakes
+        '';
+        registry.nixpkgs.flake = nixpkgs;
+        registry.pwnix.flake = pwnix;
+        settings.trusted-users = [
+          "@wheel"
+          "root"
+        ];
+    	};
+    }
+    (mkIf cfg.distributedBuilds.enable {
+      nix.distributedBuilds = true;
+      nix.buildMachines = [{
         hostName = "strawberry";
         sshUser  = "nix-build";
         sshKey   = "/etc/ssh/ssh_host_ed25519_key";
@@ -29,17 +43,8 @@ in with lib; {
           "big-parallel"
           "kvm"
         ];
-  		}];
-      extraOptions = ''
-        experimental-features = nix-command flakes
-      '';
-      registry.nixpkgs.flake = nixpkgs;
-      registry.pwnix.flake = pwnix;
-      settings.trusted-users = [
-        "@wheel"
-        "root"
-      ];
-  	};
-  };
+      }];
+    })
+  ];
 
 }
diff --git a/system/cherry/keys/root.pub b/system/cherry/keys/host.pub
similarity index 100%
rename from system/cherry/keys/root.pub
rename to system/cherry/keys/host.pub
diff --git a/system/lime/keys/host.pub b/system/lime/keys/host.pub
new file mode 100644
index 0000000..5b420f3
--- /dev/null
+++ b/system/lime/keys/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime
diff --git a/system/lime/keys/root.pub b/system/lime/keys/root.pub
index 5b420f3..7e31d8f 100644
--- a/system/lime/keys/root.pub
+++ b/system/lime/keys/root.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPycsXjXLc3yzqSxG0sAHgQsGZ3KqOgprW2dPmAErAQ root@lime
diff --git a/system/strawberry/keys/root.pub b/system/strawberry/keys/host.pub
similarity index 100%
rename from system/strawberry/keys/root.pub
rename to system/strawberry/keys/host.pub