Give devices access to desktop as nix builder

flake.lock

@@ -58,11 +58,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1686226982,
-        "narHash": "sha256-nLuiPoeiVfqqzeq9rmXxpybh77VS37dsY/k8N2LoxVg=",
+        "lastModified": 1686412476,
+        "narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a64b73e07d4aa65cfcbda29ecf78eaf9e72e44bd",
+        "rev": "21951114383770f96ae528d0ae68824557768e81",
         "type": "github"
       },
       "original": {
@@ -74,11 +74,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1685758009,
-        "narHash": "sha256-IT4Z5WGhafrq+xbDTyuKrRPRQ1f+kVOtE+4JU1CHFeo=",
+        "lastModified": 1686392259,
+        "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "eaf03591711b46d21abc7082a8ebee4681f9dbeb",
+        "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88",
         "type": "github"
       },
       "original": {
@@ -90,11 +90,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1686237827,
-        "narHash": "sha256-fAZB+Zkcmc+qlauiFnIH9+2qgwM0NO/ru5pWEw3tDow=",
+        "lastModified": 1686331006,
+        "narHash": "sha256-hElRDWUNG655aqF0awu+h5cmDN+I/dQcChRt2tGuGGU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "81ed90058a851eb73be835c770e062c6938c8a9e",
+        "rev": "85bcb95aa83be667e562e781e9d186c57a07d757",
         "type": "github"
       },
       "original": {
@@ -120,11 +120,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1686341580,
-        "narHash": "sha256-JumpdYiL/ssIPArxY+3KI1Fyi1C9ggJEYdF34/DTEts=",
+        "lastModified": 1686449378,
+        "narHash": "sha256-zPHl5NNhydRKiGhFl9oJ7BJqd7DfPYApE83QQsV9avE=",
         "owner": "asonix",
         "repo": "nixos-rockchip",
-        "rev": "7ebd16810ab4ba77c3ffab09db50a980e3dee9a3",
+        "rev": "55f848fc3e6f661bc596a639626a45360fb53a8f",
         "type": "github"
       },
       "original": {
@@ -151,11 +151,11 @@
         "rockchip": "rockchip"
       },
       "locked": {
-        "lastModified": 1686342717,
-        "narHash": "sha256-aPhcv5ZQ3LuTMvRF7snPX7ev5nuHuv42ucs9QD6Pqt4=",
+        "lastModified": 1686450523,
+        "narHash": "sha256-rG6fgWifjGoMbpntqFDXwLs/+/2eoKaUPI9i9WNdOT8=",
         "ref": "asonix/nabam-sd-image",
-        "rev": "5e2fd84b853a91adeb3163f805ab56d56f856b10",
-        "revCount": 45,
+        "rev": "d544a81345757d64f4c6c0efc3a77ebe249c9f40",
+        "revCount": 46,
         "type": "git",
         "url": "https://git.asonix.dog/asonix/sd-images"
       },
@@ -173,11 +173,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1685848844,
-        "narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=",
+        "lastModified": 1686453485,
+        "narHash": "sha256-75iPAcS6xuw4SNfqLmFCi9wWG1JmDNKaC8l3WJUkmDk=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b",
+        "rev": "cb85e297937af1bd1434cf5f85a3f86a21dc8207",
         "type": "github"
       },
       "original": {

modules/shared/default.nix

@@ -1,8 +1,20 @@
+{ config, ... }:
+
 {
   services.openssh.settings.PasswordAuthentication = false;
 
   sops = {
     age.keyFile = "/home/asonix/.config/sops/age/keys.txt";
     age.generateKey = true;
+
+    secrets.builderKey = {
+      format = "binary";
+      sopsFile = ../../secrets/builderKey.bin;
+    };
   };
+
+  nix.extraOptions = ''
+    builders = ssh://builder@192.168.5.10?ssh-key=${config.sops.secrets.builderKey.path}
+    builders-use-substitutes = false
+  '';
 }

secrets/builderKey.bin

@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:KPc+VYXjcmubD9E8aQrP+efbERODF3U2SVP/O8sA57OIdBnfIsImnTkdYt50x8IlT1gt+luSNZ+fLVs4jjxuKPtoMs+t7LTRP0TJQDkYKVrwEyqxkKUE5e1jXtjPSLI8mMgBJipQy4rkONvCjSd58OdeV9EVFIBbxrS6EjmFRvTHxLf5vR08A0M0ACfwzStVZGi22gOpr98oYomoFbR7k4AlhR/RIvq7glwjg4OZRqRsbKFKIs9+qxnkIJN8TmwmLUfjzwxvHtIFM9/UXzLc27plmZeuhGdUvqPVxPz++otC0A/v9YpZGer6AM5TQbotCHVgaQ1jFATjTvbpu0O+iaeGVeC8qvDWnKTOMIOS+gC40lNyU+5u+dJ0WngpjJcXDwAuXJ62qewtiOhnFjKkXudwQk3G7BBe9skEX1ga6VUJQa3He6nAvt/0xsPtl2rdlVHMwztjgt9T6Tt+mCwvz94jTXj0DHequSwMybDX9Lr/LOELa7qJ0w9pVwo3Imy9LznUXGFrKKSbingFtL3/jSbY0Vfovqi1W2Hv,iv:X7nVHg0cm84MNBeFhmPNLsp9pEoGcw/0cZojFnfQn6U=,tag:21iM7c5kGhf3l7nX8SKkaQ==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age17yhtwnhqjssghc5qqamt0fqdu27zpqms8d8ghrc0txeevywfp3ssklfy57",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVzZzdlIyNitENUxUaCtE\nbUhxOXFrQXNCQkdjTzZwNHo4MzNPbUI1WGdNCjBuSHE5b0Vvb2d0SFRXRnQ3Ums3\nOHNyK2VuUGRpak1URVVsdGtYQm41RXcKLS0tIEI2TksyWCs1V1RQeCtaczhmenNp\nV09nL1VudDN1ZnJMWmhXY0JiYVIvZmcKZ7CvSrWhXZIUo/fB5S0UR37OVMp9W/BS\ngzrBAvL/a7y3NPafovjsJh4rrd6DkvO4xSy5q341y+3rTnL+POSheQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age145uwrexj6ffaaxy7jg3j29gtchhwy0y0nttw06zeuxkqsy8rnpds7fh7xq",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaK0xLVkNyelRwSWRKdG1U\nWjdCNUhaekZHYVJ2WDJlTkhuMThWYU5POFFVCktHaVF5MXByamNwREhIVmN0eEJp\nYzR5TjBuR0Vxbld6WkZKVEhKT3NmYkEKLS0tIDdvVHRJNndFTDlWbGYxeVQraENI\nd1pNME9HYkhoakdFWGJtTldBY2tLdEUKlcBcaMNBVtsdi6xCEtprC2U5hkJ3iOps\n7ZCx9orSKxqSck0BSVEj6W1YWB2qVC6aWhU77EphgTudMnM7iLK+zA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2023-06-12T16:34:05Z",
+		"mac": "ENC[AES256_GCM,data:n+qaQaqHp76hGsY1iI7RjwLPFqQHdc7iGqPwv8S58pXd2AFmJJqg8g+34Qh5VGPid4+A8MKXIqCFuXqUjzcFmum1oQp+m8uDLa8NwAI5UBXhGNoxA7VwSdlDPEJxzLaJuA+pvlZYHFMQnFnIQmUDyQwMy9LW8O97MiHKcWleKGk=,iv:x3diVVnx/hMbe4PFF8tOlyauEDmVB7unyRR4sDET2+M=,tag:vRp25j0XVU38DydlqAy3cw==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.3"
+	}
+}