27 lines
610 B
Nix
27 lines
610 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
|
|
options.profiles.clerie.hydra-build-machine = {
|
|
enable = mkEnableOption "Set defaults for hydra build machines";
|
|
};
|
|
|
|
config = mkIf config.profiles.clerie.hydra-build-machine.enable {
|
|
|
|
# Allow Hydra to fetch remote URLs in restricted mode
|
|
nix.settings.allowed-uris = "http: https: git+https: github:";
|
|
|
|
services.openssh.settings= {
|
|
PermitRootLogin = "yes";
|
|
};
|
|
|
|
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
|
|
];
|
|
|
|
};
|
|
|
|
}
|