nixos-config/programs/ssh/builders.nix

{
  config,
  systemConfig,
  lib,
  ...
}:
let
  identityFile =
    if config.home.username == "root" then
      systemConfig.sops.secrets.".ssh/builder_id_ed25519".path
    else
      config.sops.secrets.".ssh/builder_id_ed25519".path;
in
{
  programs.ssh = {
    enable = true;
    matchBlocks = {
      "build-nas" = {
        hostname = "nas.int.chir.rs";
        identitiesOnly = true;
        inherit identityFile;
        port = 22;
        user = "remote-build";
      };
      "build-rainbow-resort" = {
        hostname = "rainbow-resort.int.chir.rs";
        identitiesOnly = true;
        inherit identityFile;
        port = 22;
        user = "remote-build";
      };
      "build-aarch64" = {
        hostname = "instance-20221213-1915.int.chir.rs";
        identitiesOnly = true;
        inherit identityFile;
        port = 22;
        user = "remote-build";
      };
      "build-riscv" = {
        hostname = "not522.tailbab65.ts.net";
        identitiesOnly = true;
        inherit identityFile;
        port = 22;
        user = "remote-build";
      };
    };
  };
  sops.secrets = lib.mkIf (config.home.username != "root") {
    ".ssh/builder_id_ed25519" = {
      mode = "600";
      sopsFile = ./shared-keys.yaml;
    };
  };
}
fix root ssh secrets 2024-11-07 07:51:24 +00:00			`{`
			`config,`
			`systemConfig,`
			`lib,`
			`...`
format all code 2024-11-09 14:02:26 +00:00			`}:`
			`let`
fix root ssh secrets 2024-11-07 07:51:24 +00:00			`identityFile =`
format all code 2024-11-09 14:02:26 +00:00			`if config.home.username == "root" then`
			`systemConfig.sops.secrets.".ssh/builder_id_ed25519".path`
			`else`
			`config.sops.secrets.".ssh/builder_id_ed25519".path;`
			`in`
			`{`
add remote building 2024-11-06 09:09:17 +00:00			`programs.ssh = {`
			`enable = true;`
			`matchBlocks = {`
			`"build-nas" = {`
			`hostname = "nas.int.chir.rs";`
			`identitiesOnly = true;`
fix root ssh secrets 2024-11-07 07:51:24 +00:00			`inherit identityFile;`
add remote building 2024-11-06 09:09:17 +00:00			`port = 22;`
			`user = "remote-build";`
			`};`
			`"build-rainbow-resort" = {`
			`hostname = "rainbow-resort.int.chir.rs";`
			`identitiesOnly = true;`
fix root ssh secrets 2024-11-07 07:51:24 +00:00			`inherit identityFile;`
add remote building 2024-11-06 09:09:17 +00:00			`port = 22;`
			`user = "remote-build";`
			`};`
			`"build-aarch64" = {`
			`hostname = "instance-20221213-1915.int.chir.rs";`
			`identitiesOnly = true;`
fix root ssh secrets 2024-11-07 07:51:24 +00:00			`inherit identityFile;`
add remote building 2024-11-06 09:09:17 +00:00			`port = 22;`
			`user = "remote-build";`
			`};`
			`"build-riscv" = {`
			`hostname = "not522.tailbab65.ts.net";`
			`identitiesOnly = true;`
fix root ssh secrets 2024-11-07 07:51:24 +00:00			`inherit identityFile;`
add remote building 2024-11-06 09:09:17 +00:00			`port = 22;`
			`user = "remote-build";`
			`};`
			`};`
			`};`
fix root ssh secrets 2024-11-07 07:51:24 +00:00			`sops.secrets = lib.mkIf (config.home.username != "root") {`
			`".ssh/builder_id_ed25519" = {`
			`mode = "600";`
			`sopsFile = ./shared-keys.yaml;`
			`};`
add remote building 2024-11-06 09:09:17 +00:00			`};`
			`}`