nixos: remote building: add user option

author: quentin@aristote.fr <quentin@aristote.fr> 2025-03-16 12:43:03 +0100
committer: quentin@aristote.fr <quentin@aristote.fr> 2025-03-16 12:43:03 +0100
commit: e5bdcd0543a3127f0aab35ae9126b671409228a6 (patch)
tree: 0be99872a6e9c15110b505f3004be1c4ffca9de1 /modules/nixos/personal/nix.nix
parent: bd2082b9747cb7182ebf7e03c9b1aecf10ba9f68 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/modules/nixos/personal/nix.nix b/modules/nixos/personal/nix.nix
index a141057..b85f550 100644
--- a/modules/nixos/personal/nix.nix
+++ b/modules/nixos/personal/nix.nix
@@ -46,6 +46,10 @@ in {
         domain = lib.mkOption {
           type = lib.types.str;
         };
+        user = lib.mkOption {
+          type = lib.types.str;
+          default = "nixremote";
+        };
         protocol = lib.mkOption {
           type = lib.types.str;
           # Nix custom ssh-variant that avoids lots of "trusted-users" settings pain
@@ -222,10 +226,10 @@ in {
           Host hephaistos.${domain}
             # Prevent using ssh-agent or another keyfile, useful for testing
             IdentitiesOnly yes
-            IdentityFile /etc/ssh/nixremote
+            IdentityFile /etc/ssh/${user}
             # The weakly privileged user on the remote builder
             # If not set, 'root' is used – which will hopefully fail
-            User nixremote
+            User ${user}
         '';
         knownHosts."hephaistos.${domain}".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtqi8tziBuviUV8LDK2ddQQUbHdJYB02dgWTK5Olxq";
       };
author	quentin@aristote.fr <quentin@aristote.fr>	2025-03-16 12:43:03 +0100
committer	quentin@aristote.fr <quentin@aristote.fr>	2025-03-16 12:43:03 +0100
commit	e5bdcd0543a3127f0aab35ae9126b671409228a6 (patch)
tree	0be99872a6e9c15110b505f3004be1c4ffca9de1 /modules/nixos/personal/nix.nix
parent	bd2082b9747cb7182ebf7e03c9b1aecf10ba9f68 (diff)