hydra: add restricted remote builder

2023-04-23 01:17:16 +02:00 · 2023-04-23 01:17:16 +02:00 · 3b57b4821e
parent 473d54d7fc
commit 3b57b4821e
1 changed files with 7 additions and 1 deletions
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@ -1,4 +1,4 @@
-{ config, lib, libS, pkgs, ... }:
+{ config, lib, libS, pkgs, ssh-public-keys, ... }:

 let
  cachePort = 5000;
@ -39,6 +39,12 @@ in
    daemonCPUSchedPolicy = "idle";
    daemonIOSchedClass = "idle";
    daemonIOSchedPriority = 7;
+    remoteBuilder = {
+      enable = true;
+      sshPublicKeys = config.users.users.root.openssh.authorizedKeys.keys ++ [
+        /* "..." */
+      ];
+    };
    settings = {
      allowed-uris = "http:// https:// ssh://";
      auto-optimise-store = true;