build-worker: Use sshServe

config/profiles/builder.nix

@@ -1,8 +1,8 @@
 { lib, pkgs, ... }: {
   kyouma.deployment.auto-upgrade.cache = "daemon";
-  nix.gc.options = lib.mkForce "--delete-older-than 60d";
+  nix.gc.options = lib.mkForce "--delete-older-than 30d";
   nix.settings = {
-    trusted-users = [ "build" ];
+    trusted-users = [ "nix-ssh" ];
     #system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ lib.optionals pkgs.hostPlatform.isx86_64 [ "gccarch-x86-64-v3" ];
   };
   nix.extraOptions = ''
@@ -11,11 +11,10 @@
     max-substitution-jobs = 20
     max-silent-time = 14400
   '';
-  users.users.build = {
+  nix.sshServe = {
-    isNormalUser = true;
+    enable = true;
-    shell = pkgs.bash;
+    write = true;
-    ignoreShellProgramCheck = true;
+    keys = [
-    openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"

config/services/hydra/nix-config.nix

@@ -10,7 +10,7 @@
     }
     {
       hostName = "integra.kyouma.net";
-      sshUser = "build";
+      sshUser = "nix-ssh";
       maxJobs = 2;
       speedFactor = 4;
       systems = [ "aarch64-linux" ];
@@ -43,9 +43,6 @@
       "https://"
     ];
   };
-  users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
-  ];
   programs.ssh = {
     knownHosts = {
       "build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";