builders: add builder user
currently hardcoded to hydra's coordinator public key Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
parent
a30c1f7d78
commit
645ad7d062
|
@ -14,10 +14,23 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" ];
|
||||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
|
|
||||||
|
users.users.builder = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "nogroup";
|
||||||
|
home = "/var/empty";
|
||||||
|
shell = "/bin/sh";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
# Do not hardcode Hydra's public key, selectively
|
||||||
|
# add the keys of the coordinators that require us.
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvUT9YBig9LQPHgypIBHQuC32XqDKxlFZ2CfgDi0ZKx"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
nix.settings.trusted-users = [ "builder" ];
|
||||||
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = "x86_64-linux";
|
nixpkgs.hostPlatform = "x86_64-linux";
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue