bagel-container: provision a user with Nix store perms for remote builds #3
|
@ -30,4 +30,17 @@
|
||||||
networkConfig.Address = [ "172.16.100.1/24" ];
|
networkConfig.Address = [ "172.16.100.1/24" ];
|
||||||
networkConfig.IPMasquerade = true;
|
networkConfig.IPMasquerade = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Configure a local Nix builder account, since getting sandboxing and KVM
|
||||||
|
# working inside the container will be tricky.
|
||||||
|
users.users.bagel-builder = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "nogroup";
|
||||||
|
home = "/var/empty";
|
||||||
|
shell = "/bin/sh";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvUT9YBig9LQPHgypIBHQuC32XqDKxlFZ2CfgDi0ZKx"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
nix.settings.trusted-users = [ "bagel-builder" ];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue