profiles/hydra-build-machine: Migrate configuration to profile

profiles/default.nix

@@ -11,6 +11,7 @@
     ./fem-net
     ./firefox
     ./hetzner-cloud
+    ./hydra-build-machine
     ./mercury-vm
     ./netcup
     ./network-fallback-dhcp

profiles/hydra-build-machine/default.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+  options.profiles.clerie.hydra-build-machine = {
+    enable = mkEnableOption "Set defaults for hydra build machines";
+  };
+
+  config = mkIf config.profiles.clerie.hydra-build-machine.enable {
+
+    # Allow Hydra to fetch remote URLs in restricted mode
+    nix.settings.allowed-uris = "http: https: git+https: github:";
+
+    services.openssh.settings= {
+     PermitRootLogin = "yes";
+    };
+
+    users.extraUsers.root.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
+    ];
+
+  };
+
+}