Compare commits
3 commits
mistress
...
strawberry
Author | SHA1 | Date | |
---|---|---|---|
264755acab | |||
c3eb805bdf | |||
67bfe4b47a |
9 changed files with 57 additions and 18 deletions
Binary file not shown.
|
@ -1,10 +1,10 @@
|
|||
let strawberry = [
|
||||
(builtins.readFile ./system/strawberry/keys/riley.pub)
|
||||
(builtins.readFile ./system/strawberry/keys/root.pub)
|
||||
(builtins.readFile ./system/strawberry/keys/host.pub)
|
||||
];
|
||||
lime = [
|
||||
(builtins.readFile ./system/lime/keys/riley.pub)
|
||||
(builtins.readFile ./system/lime/keys/root.pub)
|
||||
(builtins.readFile ./system/lime/keys/host.pub)
|
||||
];
|
||||
dev-lt-63 = [
|
||||
(builtins.readFile ./system/dev-lt-63/keys/riley.pub)
|
||||
|
|
|
@ -4,20 +4,47 @@ let cfg = config.custom.nix;
|
|||
|
||||
in with lib; {
|
||||
|
||||
options.custom.nix = {};
|
||||
|
||||
# TODO: Add strawberry as a build machine here
|
||||
config = {
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nix.extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
nix.registry.nixpkgs.flake = nixpkgs;
|
||||
nix.registry.pwnix.flake = pwnix;
|
||||
nix.settings.trusted-users = [
|
||||
"@wheel"
|
||||
"root"
|
||||
];
|
||||
options.custom.nix = {
|
||||
distributedBuilds.enable =
|
||||
(mkEnableOption "distributed builds on strawberry") // { default = true; };
|
||||
};
|
||||
|
||||
# TODO: Add strawberry as a build machine here
|
||||
config = mkMerge [
|
||||
{
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nix = {
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
registry.nixpkgs.flake = nixpkgs;
|
||||
registry.pwnix.flake = pwnix;
|
||||
settings.trusted-users = [
|
||||
"@wheel"
|
||||
"root"
|
||||
];
|
||||
};
|
||||
}
|
||||
(mkIf cfg.distributedBuilds.enable {
|
||||
nix.distributedBuilds = true;
|
||||
nix.buildMachines = [{
|
||||
hostName = "strawberry";
|
||||
sshUser = "nix-build";
|
||||
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
||||
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
|
||||
supportedFeatures = [
|
||||
"nixos-test"
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
"kvm"
|
||||
];
|
||||
}];
|
||||
})
|
||||
];
|
||||
|
||||
}
|
||||
|
|
1
system/cherry/keys/host.pub
Normal file
1
system/cherry/keys/host.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIl8jkTO9K2FdYP8tXqVLWrsAVoDVwjF/YgucuShBjav root@cherry
|
|
@ -1 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIl8jkTO9K2FdYP8tXqVLWrsAVoDVwjF/YgucuShBjav root@cherry
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsGiEEbpxulLKsgzyTUHxO4qMetFBVetSuIHdcDMnh1 root@cherry
|
||||
|
|
1
system/lime/keys/host.pub
Normal file
1
system/lime/keys/host.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime
|
|
@ -1 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPycsXjXLc3yzqSxG0sAHgQsGZ3KqOgprW2dPmAErAQ root@lime
|
||||
|
|
|
@ -43,6 +43,16 @@
|
|||
initrd.luks.devices.nixos.device = "/dev/disk/by-uuid/6bd51990-1584-422c-94bb-32ea952e5cd2";
|
||||
};
|
||||
|
||||
# Make a user called "nix-build" which
|
||||
users.users."nix-build" = {
|
||||
isSystemUser = true;
|
||||
group = "nix-build";
|
||||
openssh.authorizedKeys.keyFiles =
|
||||
let userKey = sys: ../../system/${sys}/keys/root.pub;
|
||||
in map userKey [ "lime" ];
|
||||
};
|
||||
nix.settings.trusted-users = [ "nix-build" ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/f3cdd2ab-62ba-4d72-8a28-b3adc0ec3997";
|
||||
fsType = "ext4";
|
||||
|
|
Loading…
Reference in a new issue