diff --git a/nixos/common/nix.nix b/nixos/common/nix.nix index 06931c9a..90b7a6fc 100644 --- a/nixos/common/nix.nix +++ b/nixos/common/nix.nix @@ -6,9 +6,16 @@ in { systemd-boot.configurationLimit = 8; }; - nix.gc = { - automatic = mkDefault false; - dates = mkDefault "weekly"; - options = mkDefault "--delete-older-than 7d"; + nix = { + settings = { + trusted-users = [ + "deploy" + ]; + }; + gc = { + automatic = mkDefault false; + dates = mkDefault "weekly"; + options = mkDefault "--delete-older-than 7d"; + }; }; } diff --git a/systems/sumireko.nix b/systems/sumireko.nix index df768929..edc486f4 100644 --- a/systems/sumireko.nix +++ b/systems/sumireko.nix @@ -1,26 +1,38 @@ _: let - hostConfig = {tree, ...}: { + hostConfig = {tree, pkgs, ...}: { imports = with tree; [ kat.work ]; security.pam.enableSudoTouchIdAuth = true; - home-manager.users.root.programs.ssh = { - enable = true; - matchBlocks = { - "daiyousei-build" = { - hostname = "daiyousei.kittywit.ch"; - port = 62954; - user = "root"; - }; - "renko-build" = { - hostname = "192.168.64.3"; - port = 62954; - user = "root"; + home-manager.users = let + commonUser = { + programs.ssh = { + enable = true; + matchBlocks = { + "koishi.inskip.me" = { + hostname = "koishi.inskip.me"; + port = 22; + user = "root"; + }; + "daiyousei.inskip.me" = { + hostname = "daiyousei.inskip.me"; + port = 62954; + user = "root"; + }; + "renko-build" = { + hostname = "192.168.64.3"; + port = 62954; + user = "root"; + }; }; }; }; + in { + kat = commonUser; + root = commonUser; + }; nix = { envVars = { @@ -28,8 +40,8 @@ _: let }; buildMachines = [ { - hostName = "renko-build"; - sshUser = "root"; + hostName = "koishi.inskip.me"; + sshUser = "deploy"; system = "x86_64-linux"; maxJobs = 100; speedFactor = 1;