bagel-container: provision a user with Nix store perms for remote builds #3

Merged
delroth merged 1 commit from delroth/raito-shared-public-infra:bagel-user into main 2024-07-04 19:46:18 +00:00

View file

@ -30,4 +30,17 @@
networkConfig.Address = [ "172.16.100.1/24" ]; networkConfig.Address = [ "172.16.100.1/24" ];
networkConfig.IPMasquerade = true; networkConfig.IPMasquerade = true;
}; };
# Configure a local Nix builder account, since getting sandboxing and KVM
# working inside the container will be tricky.
users.users.bagel-builder = {
isSystemUser = true;
group = "nogroup";
home = "/var/empty";
shell = "/bin/sh";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvUT9YBig9LQPHgypIBHQuC32XqDKxlFZ2CfgDi0ZKx"
];
};
nix.settings.trusted-users = [ "bagel-builder" ];
} }