Add cherry root pubkey

secrets.nix

@@ -1,10 +1,10 @@
 let strawberry = [
       (builtins.readFile ./system/strawberry/keys/riley.pub)
-      (builtins.readFile ./system/strawberry/keys/root.pub)
+      (builtins.readFile ./system/strawberry/keys/host.pub)
     ];
     lime = [
       (builtins.readFile ./system/lime/keys/riley.pub)
-      (builtins.readFile ./system/lime/keys/root.pub)
+      (builtins.readFile ./system/lime/keys/host.pub)
     ];
     dev-lt-63 = [
       (builtins.readFile ./system/dev-lt-63/keys/riley.pub)

shared/core/nix.nix

@@ -4,20 +4,47 @@ let cfg = config.custom.nix;
 
 in with lib; {
 
-  options.custom.nix = {};
+  options.custom.nix = {
-
+    distributedBuilds.enable = 
-  # TODO: Add strawberry as a build machine here
+      (mkEnableOption "distributed builds on strawberry") // { default = true; };
-  config = {
-    nixpkgs.config.allowUnfree = true;
-    nix.extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-    nix.registry.nixpkgs.flake = nixpkgs;
-    nix.registry.pwnix.flake = pwnix;
-    nix.settings.trusted-users = [
-      "@wheel"
-      "root"
-    ];
   };
 
+  # TODO: Add strawberry as a build machine here
+  config = mkMerge [
+    {
+      nixpkgs.config.allowUnfree = true;
+    	nix = {
+        extraOptions = ''
+          experimental-features = nix-command flakes
+        '';
+        registry.nixpkgs.flake = nixpkgs;
+        registry.pwnix.flake = pwnix;
+        settings.trusted-users = [
+          "@wheel"
+          "root"
+        ];
+    	};
+    }
+    (mkIf cfg.distributedBuilds.enable {
+      nix.distributedBuilds = true;
+      nix.buildMachines = [{
+        hostName = "strawberry";
+        sshUser  = "nix-build";
+        sshKey   = "/etc/ssh/ssh_host_ed25519_key";
+
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+        ];
+
+        supportedFeatures = [
+          "nixos-test"
+          "benchmark"
+          "big-parallel"
+          "kvm"
+        ];
+      }];
+    })
+  ];
+
 }

system/cherry/keys/host.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIl8jkTO9K2FdYP8tXqVLWrsAVoDVwjF/YgucuShBjav root@cherry

system/cherry/keys/root.pub

@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIl8jkTO9K2FdYP8tXqVLWrsAVoDVwjF/YgucuShBjav root@cherry
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsGiEEbpxulLKsgzyTUHxO4qMetFBVetSuIHdcDMnh1 root@cherry

system/lime/keys/host.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime

system/lime/keys/root.pub

@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPycsXjXLc3yzqSxG0sAHgQsGZ3KqOgprW2dPmAErAQ root@lime

system/strawberry/core.nix

@@ -43,6 +43,16 @@
     initrd.luks.devices.nixos.device = "/dev/disk/by-uuid/6bd51990-1584-422c-94bb-32ea952e5cd2";
   };
 
+  # Make a user called "nix-build" which
+  users.users."nix-build" = {
+    isSystemUser = true;
+    group = "nix-build";
+    openssh.authorizedKeys.keyFiles = 
+      let userKey = sys: ../../system/${sys}/keys/root.pub;
+      in map userKey [ "lime" ];
+  };
+  nix.settings.trusted-users = [ "nix-build" ];
+
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/f3cdd2ab-62ba-4d72-8a28-b3adc0ec3997";
     fsType = "ext4";