build

2025-03-24 02:59:38 +01:00 · 2025-03-24 02:59:38 +01:00 · cd3ca864ab
commit cd3ca864ab
parent 0deecc0aea
3 changed files with 2504 additions and 4 deletions
--- a/system/core/nix.nix
+++ b/system/core/nix.nix
@ -15,6 +15,7 @@
      ];
      trusted-users = [
        "root"
+        "nixremote"
        "@wheel"
      ];

@ -28,6 +29,11 @@
        system = "x86_64-linux";
        protocol = "ssh-ng";
      }
+      {
+        hostName = "lilith-pc";
+        system = "x86_64-linux";
+        protocol = "ssh-ng";
+      }
    ];
  };
 }
--- a/system/core/users.nix
+++ b/system/core/users.nix
@ -1,14 +1,28 @@
-{ config, ...}: let 
-    host = config.networking.hostName;
-  in {
+{ config, ... }:
+let
+  host = config.networking.hostName;
+in
+{
  users.mutableUsers = false;
  users.users = {
    lilith = {
      isNormalUser = true;
      uid = 1000;
-      extraGroups = [ "wheel" "networkmanager" ];
+      extraGroups = [
+        "wheel"
+        "networkmanager"
+      ];
      hashedPasswordFile = config.sops.secrets."user/password".path;
    };
+
+    remotebuilder = {
+      isNormalUser = false;
+      group = "users";
+      extraGroups = [ ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7RJ1q5TczmSDge2U2lXrZVtRzOM/D+Bodwrc6h3EjA"
+      ];
+    };
  };

  sops.secrets = {
@ -26,5 +40,10 @@
      path = "/home/lilith/.ssh/id_ed25519.pub";
      owner = "lilith";
    };
+    "ssh/nixremote/private" = {
+      sopsFile = ../../secrets/default.yaml;
+      path = "/root/.ssh/nixremote";
+      owner = "root";
+    };
  };
 }