hosts: *: sign remote builds and serve cache

2023-10-02 16:56:03 +02:00
parent 9d3d9d9a16
commit 501f70f730
19 changed files with 90 additions and 44 deletions
--- a/modules/hardware/remoteBuilder.nix
+++ b/modules/hardware/remoteBuilder.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:

 {
  users.users.nixremote = {                   # System User
@@ -11,7 +11,15 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
    ];
  };
+
  nix.settings.trusted-users = [
    "nixremote"
  ];
+
+  services.nix-serve.secretKeyFile = config.age.secrets."keys/nixservepriv".path;
+
+  age.secrets."keys/nixservepriv" = {
+    file = ../../secrets/keys/nixservepriv.age;
+    owner = "nixremote";
+  };
 }