diff --git a/modules/profiles/personal.nix b/modules/profiles/personal.nix index bfea3e2..dbb2944 100644 --- a/modules/profiles/personal.nix +++ b/modules/profiles/personal.nix @@ -69,5 +69,24 @@ in }; }; }; + nix.buildMachines = [{ + hostName = "builder"; + systems = [ "aarch64-linux" "x86_64-linux" ]; + protocol = "ssh-ng"; + maxJobs = 1; + speedFactor = 1; + supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + mandatoryFeatures = [ ]; + }]; + nix.distributedBuilds = true; + # optional, useful when the builder has a faster internet connection than yours + nix.extraOptions = '' + builders-use-substitutes = true + ''; + age.secrets."ssh-builder" = { + file = ../../secrets/ssh-builder.age; + owner = "0"; + path = "/root/.ssh/config"; + }; }; } diff --git a/secrets/nordvpn.age b/secrets/nordvpn.age deleted file mode 100644 index 4f0074e..0000000 Binary files a/secrets/nordvpn.age and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 09e13f4..7c7267c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,16 +12,16 @@ let hosts-work = [ nixos-work scadspc25 ]; hosts = hosts-personal ++ hosts-work; + personal = [ moritz ] ++ hosts-personal; all = users ++ hosts; in { "github.age".publicKeys = all; - "nordvpn.age".publicKeys = all; - "spotifyd.age".publicKeys = all; - "ssh-home.age".publicKeys = all; - "uni-vpn.age".publicKeys = all; - "wireguard-preshared-key.age".publicKeys = all; - "wireguard-private-key.age".publicKeys = all; + "ssh-home.age".publicKeys = personal; + "ssh-builder.age".publicKeys = personal; + "uni-vpn.age".publicKeys = personal; + "wireguard-preshared-key.age".publicKeys = personal; + "wireguard-private-key.age".publicKeys = personal; "webis.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ]; "webis-ssh.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ]; } diff --git a/secrets/spotifyd.age b/secrets/spotifyd.age deleted file mode 100644 index f564d39..0000000 --- a/secrets/spotifyd.age +++ /dev/null @@ -1,17 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 CjuqfA /YCi+4iCBCJc2+n5DfEi6yFqYiC6WKyKqMQTC3dxYTM -TXnSGexVJPzsxV3GBoxujBPy4sYFK7tTzpgZd+tL7PY --> ssh-ed25519 QRYDmg 7ol/1aYbVuD1peL4kMHFifxtfj1LJPQ7ByMgmoIiLG0 -LJyz1aoBxOnxcy/x9yXCcMDG1CM8XSGTIvklShHsLr8 --> ssh-ed25519 wG6LYg LvuMCPIaXP8gDriTDVIXak2dLUTDgyA+ADnsFDEtpX4 -PSsM5NsSVhsV1xtZPs3VZbJopfkDQg7Gxjkrnf+I5VI --> ssh-ed25519 ZYd7Zg jt4zPtq1gv/SQ8Zqy2kFQZTUHo57d3BcBOusafU5TwE -FCifF8kUwHqlvokMMhJ/A2zCutshBg9K22gZPeYyK5s --> ssh-ed25519 as9VYQ 2w+TXKZGnMQ5nRqVPfDiXAjGPLjMQcDzuZ42tXD81zE -GHVNnPD1QrRfjlxymtkIvW/fSH8280ye4ojag/RrL6Y --> ssh-ed25519 dWIbQQ vFV8rbuDIUhVuWlp1zLKbSZkxWwBpjLGAHZ7TZmlpxA -2qq8R8eGQHMAtTAKJxv7ouXwbw9h9LnoipQ+dtq0bOk --> eLqn-grease -s21qb67X34dXu+DeHZV4IA9mvegTyQSulJuWZXUyGmlxQT4N7pDAjAgrlrsT8zI ---- ogDMsipm47a5cDUlzX1zPmeakFaqXecpvYfPILf5PGA -;(+\"`qnC:6V싄t0\2o<*?J\TϢV_ \ No newline at end of file diff --git a/secrets/ssh-builder.age b/secrets/ssh-builder.age new file mode 100644 index 0000000..ba15122 --- /dev/null +++ b/secrets/ssh-builder.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 wG6LYg 5umyOPP+KaUaQckEZYnh+nyX2RIMDp/KtJraFuATQBM +qsS9JiY0qxR7IMwpH2x1VWF5A5/wrAkbeOzuMcf1fS0 +-> ssh-ed25519 ZYd7Zg L9EJulnOPk7fEcmrWU8mVRbEN80dHCji1n4bnwGJigk +KTnk+Ku96gJ7Tj2egXyqX6UIuytHTuMFM1ygDXoIDxg +-> XQ.ai[-grease a ) r]>2~U +7CDc3c+1EZaEB15RE8JMzmdbr2WmQeP2ivIh4qgYTnKImHxJaJEhgScd0EzyEXVP +NZxuP+0 +--- CE/X6hjRUWT1ya1ySIjFBnLdmPkVbL4ugDwYv9XGYoo +߉38e:ImF?U~83NCzAM]0fkuFLl