From 777ad73ed7862d297188e09527ffd47af22b2300 Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 8 Jan 2025 12:15:11 +0000 Subject: [PATCH] distributed builds fix public ssh keys --- .../common/optional/distributed_builds/local-machine.nix | 2 +- .../distributed_builds/remote-builder-machine.nix | 9 +++------ hosts/common/optional/distributed_builds/remotebuild.pub | 1 + 3 files changed, 5 insertions(+), 7 deletions(-) create mode 100644 hosts/common/optional/distributed_builds/remotebuild.pub diff --git a/hosts/common/optional/distributed_builds/local-machine.nix b/hosts/common/optional/distributed_builds/local-machine.nix index f24f49a..6849490 100644 --- a/hosts/common/optional/distributed_builds/local-machine.nix +++ b/hosts/common/optional/distributed_builds/local-machine.nix @@ -1,5 +1,5 @@ { - secrets = { + sops.secrets = { "ssh_keys/root/remotebuild" = { path = "/root/.ssh/remotebuild"; }; diff --git a/hosts/common/optional/distributed_builds/remote-builder-machine.nix b/hosts/common/optional/distributed_builds/remote-builder-machine.nix index e472374..74a33cf 100644 --- a/hosts/common/optional/distributed_builds/remote-builder-machine.nix +++ b/hosts/common/optional/distributed_builds/remote-builder-machine.nix @@ -1,15 +1,12 @@ { - secrets = { - "ssh_keys/root/remotebuild.pub" = { - path = "/root/.ssh/remotebuild.pub"; - }; - }; users.users.remotebuild = { isNormalUser = true; createHome = false; group = "remotebuild"; - openssh.authorizedKeys.keyFiles = [/root/.ssh/remotebuild.pub]; + openssh.authorizedKeys.keyFiles = [ + ./remotebuild.pub + ]; }; users.groups.remotebuild = {}; diff --git a/hosts/common/optional/distributed_builds/remotebuild.pub b/hosts/common/optional/distributed_builds/remotebuild.pub new file mode 100644 index 0000000..c903dff --- /dev/null +++ b/hosts/common/optional/distributed_builds/remotebuild.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUPnjP4eql1QT4b9ewbyy7Dyk26PrlQlilO7/RBKCHz remote