20 lines
451 B
Nix
20 lines
451 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
services.openssh.settings.PasswordAuthentication = false;
|
|
|
|
sops = {
|
|
age.keyFile = "/home/asonix/.config/sops/age/keys.txt";
|
|
age.generateKey = true;
|
|
|
|
secrets.builderKey = {
|
|
format = "binary";
|
|
sopsFile = ../../secrets/builderKey.bin;
|
|
};
|
|
};
|
|
|
|
nix.extraOptions = ''
|
|
builders = ssh://builder@192.168.5.10?ssh-key=${config.sops.secrets.builderKey.path}
|
|
builders-use-substitutes = false
|
|
'';
|
|
}
|