nix: I am builder !

2025-12-06 22:59:15 +00:00 · 2024-07-19 00:13:44 +02:00 · 2024-07-19 00:13:44 +02:00 · 6cae1ef91a
commit 6cae1ef91a
parent 67f510623a
3 changed files with 32 additions and 2 deletions
--- a/nix/nixosModules/i_am_builder/default.nix
+++ b/nix/nixosModules/i_am_builder/default.nix
@ -0,0 +1,25 @@
+{ lib, ... }:
+
+{
+  nix.gc = lib.mkForce {
+    # Garbage-collect often
+    automatic = true;
+    dates = "*:45";
+
+    # Randomize GC to avoid thundering herd effects.
+    randomizedDelaySec = "1800";
+  };
+
+  users.users.nix-remote-builder = {
+    isNormalUser = true;
+    group = "nogroup";
+
+    # credit:
+    # https://github.com/nix-community/srvos/blob/main/nixos/roles/nix-remote-builder.nix
+    openssh.authorizedKeys.keys = map (key: ''restrict,command="nix-daemon --stdio" ${key}'') [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt+MINzxBF8uyFIuz/UvMZe9Ml+qxU0hxxi7UAmUzpc leana@bismuth"
+    ];
+  };
+
+  nix.settings.trusted-users = [ "nix-remote-builder" ];
+}