remote builder: simplify auth

2023-11-23 02:06:54 +00:00
parent 175144663d
commit 0bd9125484
2 changed files with 2 additions and 21 deletions
--- a/hosts/common/users/root.nix
+++ b/hosts/common/users/root.nix
@@ -7,24 +7,4 @@
    # - `/root/.cache/mesa_shader_cache` takes up 1-2 MB on moby
    { path = "/root"; user = "root"; group = "root"; mode = "0700"; }
  ];
-
-  sane.users.root = {
-    home = "/root";
-    fs.".ssh/nixremote".symlink.target = config.sops.secrets."nixremote_ssh_key".path;
-    fs.".ssh/nixremote.pub".symlink.text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4KI7I2w5SvXRgUrXYiuBXPuTL+ZZsPoru5a2YkIuCf";
-    fs.".ssh/config".symlink.text = ''
-      # root -> <other nix host> happens for remote builds
-      # provide the auth, and instruct which remote user to login as:
-      Host desko
-        # Prevent using ssh-agent or another keyfile
-        IdentitiesOnly yes
-        IdentityFile /root/.ssh/nixremote
-        User nixremote
-      Host servo
-        # Prevent using ssh-agent or another keyfile
-        IdentitiesOnly yes
-        IdentityFile /root/.ssh/nixremote
-        User nixremote
-    '';
-  };
 }
--- a/hosts/modules/nixcache.nix
+++ b/hosts/modules/nixcache.nix
@@ -68,7 +68,8 @@ in
      speedFactor = 8;
      supportedFeatures = [ "big-parallel" ];
      mandatoryFeatures = [ ];
-      # TODO: define sshUser and sshKey here instead of in hosts/common/users/root.nix
+      sshUser = "nixremote";
+      sshKey = config.sops.secrets."nixremote_ssh_key".path;
    }];
    nix.distributedBuilds = lib.mkIf cfg.remote-builders.desko true;
    # optional, useful when the builder has a faster internet connection than yours