From 9e4a42034f4ff1ab3a042fa42c5e06dc16619176 Mon Sep 17 00:00:00 2001
From: Romain Paquet <rpqt@rpqt.fr>
Date: Mon, 3 Feb 2025 12:07:51 +0100
Subject: [PATCH] make genepi a remote builder

---
 hosts/genepi/builder.nix | 18 ++++++++++++++++++
 hosts/genepi/default.nix |  1 +
 parts/keys.nix           |  1 +
 3 files changed, 20 insertions(+)
 create mode 100644 hosts/genepi/builder.nix

diff --git a/hosts/genepi/builder.nix b/hosts/genepi/builder.nix
new file mode 100644
index 0000000..2691486
--- /dev/null
+++ b/hosts/genepi/builder.nix
@@ -0,0 +1,18 @@
+{ keys, ... }:
+let
+  username = "nixremote";
+in
+{
+  users.users."${username}" = {
+    createHome = true;
+    home = "/home/${username}";
+    isSystemUser = true;
+    group = username;
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = [ keys.hosts.haze ];
+  };
+
+  users.groups."${username}" = { };
+
+  nix.settings.trusted-users = [ username ];
+}
diff --git a/hosts/genepi/default.nix b/hosts/genepi/default.nix
index 5a0c3ef..97d642c 100644
--- a/hosts/genepi/default.nix
+++ b/hosts/genepi/default.nix
@@ -11,6 +11,7 @@
     ./acme.nix
     ./backup.nix
     ./boot.nix
+    ./builder.nix
     ./disk.nix
     ./dns.nix
     ./freshrss.nix
diff --git a/parts/keys.nix b/parts/keys.nix
index c44491a..fcf6079 100644
--- a/parts/keys.nix
+++ b/parts/keys.nix
@@ -2,6 +2,7 @@
   rpqt.haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
 
   hosts = {
+    haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKga5V0H602RsBESBXf5kwRCnI1yfBPOHmjGsM4Rxf5r root@haze";
     genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi";
     storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
     storagebox-rsa = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";