build-worker: Use sshServe

2024-09-05 14:46:07 +02:00 · 2024-09-05 14:46:07 +02:00 · af8ff6a6a1
parent 909e1d81e1
commit af8ff6a6a1
2 changed files with 6 additions and 10 deletions
--- a/config/profiles/builder.nix
+++ b/config/profiles/builder.nix
@ -2,7 +2,7 @@
  kyouma.deployment.auto-upgrade.cache = "daemon";
  nix.gc.options = lib.mkForce "--delete-older-than 60d";
  nix.settings = {
-    trusted-users = [ "build" ];
+    trusted-users = [ "nix-ssh" ];
    #system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++ lib.optionals pkgs.hostPlatform.isx86_64 [ "gccarch-x86-64-v3" ];
  };
  nix.extraOptions = ''
@ -11,11 +11,10 @@
    max-substitution-jobs = 20
    max-silent-time = 14400
  '';
-  users.users.build = {
-    isNormalUser = true;
-    shell = pkgs.bash;
-    ignoreShellProgramCheck = true;
-    openssh.authorizedKeys.keys = [
+  nix.sshServe = {
+    enable = true;
+    write = true;
+    keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko"
--- a/config/services/hydra/nix-config.nix
+++ b/config/services/hydra/nix-config.nix
@ -10,7 +10,7 @@
    }
    {
      hostName = "integra.kyouma.net";
-      sshUser = "build";
+      sshUser = "nix-ssh";
      maxJobs = 2;
      speedFactor = 4;
      systems = [ "aarch64-linux" ];
@ -43,9 +43,6 @@
      "https://"
    ];
  };
-  users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
-  ];
  programs.ssh = {
    knownHosts = {
      "build-worker-03.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGqTY74c5g15DSNPNM2Wdr5jAwS7BFgX1XRnhtGOnJc";