diff --git a/devices/oksys/default.nix b/devices/oksys/default.nix index fefc12a0..79a12f8a 100644 --- a/devices/oksys/default.nix +++ b/devices/oksys/default.nix @@ -8,6 +8,7 @@ ./modules/blocky.nix ./modules/caddy.nix ./modules/headscale.nix + ./modules/remote-builder.nix ./modules/unbound.nix ]; diff --git a/devices/oksys/modules/remote-builder.nix b/devices/oksys/modules/remote-builder.nix new file mode 100644 index 00000000..5404be84 --- /dev/null +++ b/devices/oksys/modules/remote-builder.nix @@ -0,0 +1,36 @@ +{config, ...}: let + servivi = "100.64.0.7"; +in { + home-manager.users.root = { + home.file.".ssh/config".text = '' + Host ${servivi} + # Prevent using ssh-agent or another keyfile, useful for testing + IdentitiesOnly yes + IdentityFile ${config.sops.secrets.nixremote.path} + + # The weakly privileged user on the remote builder – if not set, 'root' is used – which will hopefully fail + User nixremote + ''; + }; + + programs.ssh.knownHosts = { + ${servivi}.publicKey = "servivi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkNW0H4Fl6NFgahlgGbSvglg1DrX4yl1ht9Lp+vHE2A"; + }; + + nix.buildMachines = [ + { + hostName = servivi; + system = "x86_64-linux"; + protocol = "ssh-ng"; + maxJobs = 1; + speedFactor = 2; + supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; + mandatoryFeatures = []; + } + ]; + nix.distributedBuilds = true; + # optional, useful when the builder has a faster internet connection than yours + nix.extraOptions = '' + builders-use-substitutes = true + ''; +} diff --git a/devices/servivi/modules/minecraft.nix b/devices/servivi/modules/minecraft.nix index 5a91705d..97823b10 100644 --- a/devices/servivi/modules/minecraft.nix +++ b/devices/servivi/modules/minecraft.nix @@ -95,22 +95,24 @@ jvmPackage = jre17; jvmOpts = ""; - serverConfig = { - server-port = 25569; - motd = "we do a little hunting of the vaults"; + serverConfig = + { + server-port = 25569; + motd = "we do a little hunting of the vaults"; - extra-options = { - difficulty = "hard"; - enable-command-block = true; - entity-broadcast-range-percentage = 150; - level-type = "default"; - max-players = 8; - spawn-protection = 0; - sync-chunk-writes = true; - use-native-transport = true; - view-distance = 10; - }; - } // defaults; + extra-options = { + difficulty = "hard"; + enable-command-block = true; + entity-broadcast-range-percentage = 150; + level-type = "default"; + max-players = 8; + spawn-protection = 0; + sync-chunk-writes = true; + use-native-transport = true; + view-distance = 10; + }; + } + // defaults; }; }; }; diff --git a/flake.lock b/flake.lock index 3d54569f..2cf0353f 100644 --- a/flake.lock +++ b/flake.lock @@ -898,11 +898,11 @@ }, "nur": { "locked": { - "lastModified": 1703868359, - "narHash": "sha256-NH+jhF6H32MMWRhbkjFjoAtgf4iTL6GddbXv9atJycg=", + "lastModified": 1703879060, + "narHash": "sha256-U0dvm3qwldDDnR1jYE7gNNW7XChYCZ6JyUCcSFFDpBs=", "owner": "nix-community", "repo": "NUR", - "rev": "a2d1b337dff56fdcd367543c81b83fd3691cd1d2", + "rev": "4a8f8f5355cb9d3334d311cb25fc6ab641b501dc", "type": "github" }, "original": { @@ -961,11 +961,11 @@ "sops-nix": "sops-nix" }, "locked": { - "lastModified": 1703687968, - "narHash": "sha256-wkdaj8F/uD8Rm3HmNcy7IVRguzWeCd4svuVPILIWbq4=", + "lastModified": 1703883360, + "narHash": "sha256-+b5xlxvPtwEXPKBCSlJPgtEezSMwK66DUX51mosP+Fc=", "ref": "refs/heads/main", - "rev": "77c68ba0cbc6da18531dedfcf864038a6e4aaf9f", - "revCount": 19, + "rev": "7a2e60d2a2abb9d71994e2f88fa593b28822877e", + "revCount": 20, "type": "git", "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets" }, diff --git a/modules/greetd/default.nix b/modules/greetd/default.nix index 819ee11e..40e301b2 100644 --- a/modules/greetd/default.nix +++ b/modules/greetd/default.nix @@ -3,7 +3,8 @@ pkgs, config, ... -}: with lib; let +}: +with lib; let # Nix stuff isNvidia = config.hardware.nvidia.modesetting.enable; isTouchscreen = config.hardware.sensor.iio.enable;