nixos/modules/services/remote-build/default.nix

# manages remote builds
{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.my.services.remote-build;
in
{
  options.my.services.remote-build = {
    enable = lib.mkEnableOption "remote-build user";
  };

  config = lib.mkIf cfg.enable {
    # Create user for distributed nix builds
    users.groups.nixremote = { };
    users.users.nixremote = {
      isSystemUser = true;
      group = "nixremote";
      shell = pkgs.bashInteractive;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@thinkman"
      ];
    };
    nix.settings.trusted-users = [ "nixremote" ];
  };
}
service/remote-build: init 2024-03-17 12:11:50 +01:00			`# manages remote builds`
treewide: fmt 2024-07-28 21:08:02 +02:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
service/remote-build: init 2024-03-17 12:11:50 +01:00			`let`
			`cfg = config.my.services.remote-build;`
			`in`
			`{`
			`options.my.services.remote-build = {`
			`enable = lib.mkEnableOption "remote-build user";`
			`};`

			`config = lib.mkIf cfg.enable {`
			`# Create user for distributed nix builds`
			`users.groups.nixremote = { };`
			`users.users.nixremote = {`
			`isSystemUser = true;`
			`group = "nixremote";`
			`shell = pkgs.bashInteractive;`
treewide: fmt 2024-07-28 21:08:02 +02:00			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@thinkman"`
			`];`
service/remote-build: init 2024-03-17 12:11:50 +01:00			`};`
			`nix.settings.trusted-users = [ "nixremote" ];`
			`};`
			`}`