1 files changed, 35 insertions, 0 deletions
diff --git a/system-profiles/build-server/default.nix b/system-profiles/build-server/default.nix
new file mode 100644
index 00000000..9c821f64
--- /dev/null
+++ b/system-profiles/build-server/default.nix
@@ -0,0 +1,35 @@
+{ customUtils, flake, config, lib, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [ openssh ];
+  
+  config = {
+    users.groups.nix-ssh-builder = {};
+    users.users.nix-ssh-builder = {
+      description = "Nix build server user";
+      useDefaultShell = true;
+      isSystemUser = true;
+      group = "nix-ssh-builder";
+    };
+    services.openssh = {
+      enable = true;
+      extraConfig = ''
+        Match User nix-ssh-builder
+          AllowAgentForwarding no
+          AllowTcpForwarding no
+          PermitTTY no
+          PermitTunnel no
+          X11Forwarding no
+          ForceCommand ${config.nix.package.out}/bin/nix-store --serve --write
+        Match All
+      '';
+    };
+    users.users.nix-ssh-builder.openssh.authorizedKeys.keys =
+      let
+        importKeys = dir: lib.attrValues (customUtils.mapFilterAttrs (_: v: v == "directory") (n: _: lib.nameValuePair n (importKeys' dir n)) (builtins.readDir dir));
+        importKeys' = dir: host: builtins.readFile (dir + "/${host}/public");
+      in importKeys ./clients;
+  };
+}

diff --git a/system-profiles/build-server/default.nix b/system-profiles/build-server/default.nix new file mode 100644 index 00000000..9c821f64 --- /dev/null +++ b/system-profiles/build-server/default.nix
@@ -0,0 +1,35 @@
	1	{ customUtils, flake, config, lib, ... }:
	2
	3	{
	4	imports = with flake.nixosModules.systemProfiles; [ openssh ];
	5
	6	config = {
	7	users.groups.nix-ssh-builder = {};
	8	users.users.nix-ssh-builder = {
	9	description = "Nix build server user";
	10	useDefaultShell = true;
	11	isSystemUser = true;
	12	group = "nix-ssh-builder";
	13	};
	14
	15	services.openssh = {
	16	enable = true;
	17	extraConfig = ''
	18	Match User nix-ssh-builder
	19	AllowAgentForwarding no
	20	AllowTcpForwarding no
	21	PermitTTY no
	22	PermitTunnel no
	23	X11Forwarding no
	24	ForceCommand ${config.nix.package.out}/bin/nix-store --serve --write
	25	Match All
	26	'';
	27	};
	28
	29	users.users.nix-ssh-builder.openssh.authorizedKeys.keys =
	30	let
	31	importKeys = dir: lib.attrValues (customUtils.mapFilterAttrs (_: v: v == "directory") (n: _: lib.nameValuePair n (importKeys' dir n)) (builtins.readDir dir));
	32	importKeys' = dir: host: builtins.readFile (dir + "/${host}/public");
	33	in importKeys ./clients;
	34	};
	35	}