From 2fd25ace93bb7057ff5e0044907b0f3b431883a8 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Tue, 12 Aug 2025 10:18:59 -0700 Subject: add profiles for darwin and remote builder --- .../aarch64-darwin/HQ-KWNY2VH41P/default.nix | 1 + machines/darwin/aarch64-darwin/mba-m2/default.nix | 3 +- profiles/darwin.nix | 3 -- profiles/darwin/security.nix | 5 ++++ profiles/nix/remote-builder.nix | 32 ++++++++++++++++++++++ profiles/remote-builder.nix | 32 ---------------------- 6 files changed, 40 insertions(+), 36 deletions(-) create mode 100644 profiles/darwin/security.nix create mode 100644 profiles/nix/remote-builder.nix delete mode 100644 profiles/remote-builder.nix diff --git a/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix b/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix index 3b8cab7..5581210 100644 --- a/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix +++ b/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P/default.nix @@ -9,6 +9,7 @@ imports = [ "${self}/profiles/home-manager.nix" "${self}/profiles/darwin.nix" + "${self}/profiles/darwin/security.nix" ]; system.primaryUser = adminUser.name; diff --git a/machines/darwin/aarch64-darwin/mba-m2/default.nix b/machines/darwin/aarch64-darwin/mba-m2/default.nix index 737c4a4..2ec7882 100644 --- a/machines/darwin/aarch64-darwin/mba-m2/default.nix +++ b/machines/darwin/aarch64-darwin/mba-m2/default.nix @@ -17,7 +17,8 @@ imports = [ "${self}/profiles/home-manager.nix" "${self}/profiles/darwin.nix" - "${self}/profiles/remote-builder.nix" + "${self}/profiles/nix/remote-builder.nix" + "${self}/profiles/darwin/security.nix" ]; system.primaryUser = adminUser.name; diff --git a/profiles/darwin.nix b/profiles/darwin.nix index 0ff8cc0..36010c7 100644 --- a/profiles/darwin.nix +++ b/profiles/darwin.nix @@ -46,9 +46,6 @@ # mkdir -p ~/Documents/screenshots # ''; - # Touch ID for sudo auth - security.pam.services.sudo_local.touchIdAuth = true; - nix = { extraOptions = '' tarball-ttl = 900 diff --git a/profiles/darwin/security.nix b/profiles/darwin/security.nix new file mode 100644 index 0000000..178fca1 --- /dev/null +++ b/profiles/darwin/security.nix @@ -0,0 +1,5 @@ +{ ... }: +{ + # Touch ID for sudo auth + security.pam.services.sudo_local.touchIdAuth = true; +} diff --git a/profiles/nix/remote-builder.nix b/profiles/nix/remote-builder.nix new file mode 100644 index 0000000..50d3e84 --- /dev/null +++ b/profiles/nix/remote-builder.nix @@ -0,0 +1,32 @@ +{ config, ... }: +{ + nix.buildMachines = [ + { + hostName = "builder"; + sshUser = "builder"; + + protocol = "ssh"; + + sshKey = config.age.secrets.ssh-remote-builder.path; + + systems = [ + "x86_64-linux" + ]; + + maxJobs = 1; + + supportedFeatures = [ + "nixos-test" + ]; + } + ]; + + nix.distributedBuilds = true; + + programs.ssh.extraConfig = '' + Host builder + User builder + HostName vm-synology + IdentityFile ${config.age.secrets.ssh-remote-builder.path} + ''; +} diff --git a/profiles/remote-builder.nix b/profiles/remote-builder.nix deleted file mode 100644 index 50d3e84..0000000 --- a/profiles/remote-builder.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, ... }: -{ - nix.buildMachines = [ - { - hostName = "builder"; - sshUser = "builder"; - - protocol = "ssh"; - - sshKey = config.age.secrets.ssh-remote-builder.path; - - systems = [ - "x86_64-linux" - ]; - - maxJobs = 1; - - supportedFeatures = [ - "nixos-test" - ]; - } - ]; - - nix.distributedBuilds = true; - - programs.ssh.extraConfig = '' - Host builder - User builder - HostName vm-synology - IdentityFile ${config.age.secrets.ssh-remote-builder.path} - ''; -} -- cgit v1.2.3