make genepi a remote builder

2025-02-03 12:07:51 +01:00
parent 14221b51e3
commit 9e4a42034f
3 changed files with 20 additions and 0 deletions
--- a/hosts/genepi/builder.nix
+++ b/hosts/genepi/builder.nix
@@ -0,0 +1,18 @@
+{ keys, ... }:
+let
+  username = "nixremote";
+in
+{
+  users.users."${username}" = {
+    createHome = true;
+    home = "/home/${username}";
+    isSystemUser = true;
+    group = username;
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = [ keys.hosts.haze ];
+  };
+
+  users.groups."${username}" = { };
+
+  nix.settings.trusted-users = [ username ];
+}
--- a/hosts/genepi/default.nix
+++ b/hosts/genepi/default.nix
@@ -11,6 +11,7 @@
    ./acme.nix
    ./backup.nix
    ./boot.nix
+    ./builder.nix
    ./disk.nix
    ./dns.nix
    ./freshrss.nix
--- a/parts/keys.nix
+++ b/parts/keys.nix
@@ -2,6 +2,7 @@
  rpqt.haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";

  hosts = {
+    haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze";
    genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi";
    storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
    storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";