From 7ea51e7e28d0cfeb7462ad8d5079f9b0dcc57acd Mon Sep 17 00:00:00 2001
From: emily <ek@kyouma.net>
Date: Thu, 5 Sep 2024 14:46:07 +0200
Subject: [PATCH] build-worker: Use sshServe

---
 config/profiles/builder.nix          | 13 ++++++-------
 config/services/hydra/nix-config.nix |  5 +----
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/config/profiles/builder.nix b/config/profiles/builder.nix
index b4da590..5e21669 100644
--- a/config/profiles/builder.nix
+++ b/config/profiles/builder.nix
@@ -1,8 +1,8 @@
 { lib, pkgs, ... }: {
   kyouma.deployment.auto-upgrade.cache = "daemon";
-  nix.gc.options = lib.mkForce "--delete-older-than 60d";
+  nix.gc.options = lib.mkForce "--delete-older-than 30d";
   nix.settings = {
-    trusted-users = [ "build" ];
+    trusted-users = [ "nix-ssh" ];
     #system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ lib.optionals pkgs.hostPlatform.isx86_64 [ "gccarch-x86-64-v3" ];
   };
   nix.extraOptions = ''
@@ -11,11 +11,10 @@
     max-substitution-jobs = 20
     max-silent-time = 14400
   '';
-  users.users.build = {
-    isNormalUser = true;
-    shell = pkgs.bash;
-    ignoreShellProgramCheck = true;
-    openssh.authorizedKeys.keys = [
+  nix.sshServe = {
+    enable = true;
+    write = true;
+    keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"
diff --git a/config/services/hydra/nix-config.nix b/config/services/hydra/nix-config.nix
index 32a8333..73e47de 100644
--- a/config/services/hydra/nix-config.nix
+++ b/config/services/hydra/nix-config.nix
@@ -10,7 +10,7 @@
     }
     {
       hostName = "integra.kyouma.net";
-      sshUser = "build";
+      sshUser = "nix-ssh";
       maxJobs = 2;
       speedFactor = 4;
       systems = [ "aarch64-linux" ];
@@ -43,9 +43,6 @@
       "https://"
     ];
   };
-  users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
-  ];
   programs.ssh = {
     knownHosts = {
       "build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";