diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2025-03-16 12:43:03 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2025-03-16 12:43:03 +0100 |
| commit | e5bdcd0543a3127f0aab35ae9126b671409228a6 (patch) | |
| tree | 0be99872a6e9c15110b505f3004be1c4ffca9de1 | |
| parent | bd2082b9747cb7182ebf7e03c9b1aecf10ba9f68 (diff) | |
nixos: remote building: add user option
| -rw-r--r-- | modules/nixos/personal/nix.nix | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/modules/nixos/personal/nix.nix b/modules/nixos/personal/nix.nix index a141057..b85f550 100644 --- a/modules/nixos/personal/nix.nix +++ b/modules/nixos/personal/nix.nix @@ -46,6 +46,10 @@ in { domain = lib.mkOption { type = lib.types.str; }; + user = lib.mkOption { + type = lib.types.str; + default = "nixremote"; + }; protocol = lib.mkOption { type = lib.types.str; # Nix custom ssh-variant that avoids lots of "trusted-users" settings pain @@ -222,10 +226,10 @@ in { Host hephaistos.${domain} # Prevent using ssh-agent or another keyfile, useful for testing IdentitiesOnly yes - IdentityFile /etc/ssh/nixremote + IdentityFile /etc/ssh/${user} # The weakly privileged user on the remote builder # If not set, 'root' is used – which will hopefully fail - User nixremote + User ${user} ''; knownHosts."hephaistos.${domain}".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtqi8tziBuviUV8LDK2ddQQUbHdJYB02dgWTK5Olxq"; }; |