7 changed files with 106 additions and 23 deletions
--- a/home/.config/vicinae/settings.json
+++ b/home/.config/vicinae/settings.json
@ -1,21 +0,0 @@
-// This configuration is merged with the default vicinae configuration file, which you can obtain by running the `vicinae config default` command.
-// Every item defined in this file takes precedence over the values defined in the default config or any other imported file.
-//
-// You can make manual edits to this file, however you should keep in mind that this file may be written to by vicinae when a configuration change is made through the GUI.
-// When that happens, any custom comments or formatting will be lost.
-//
-// If you want to maintain a configuration file with your own comments and formatting, you should create a separate file and add it to the 'imports' array.
-//
-// Learn more about configuration at https://docs.vicinae.com/config
-
-{
-   "$schema": "https://vicinae.com/schemas/config.json",
-   "theme": {
-      "dark": {
-         "name": "matugen"
-      }
-   },
-   "launcher_window": {
-      "opacity": 1
-   }
-}
--- a/home/.config/vicinae/vicinae.json
+++ b/home/.config/vicinae/vicinae.json
@ -0,0 +1,23 @@
+{
+    "closeOnFocusLoss": false,
+    "considerPreedit": false,
+    "faviconService": "twenty",
+    "font": {
+        "size": 12
+    },
+    "keybinding": "default",
+    "keybinds": {
+    },
+    "popToRootOnClose": true,
+    "rootSearch": {
+        "searchFiles": true
+    },
+    "theme": {
+        "name": "matugen"
+    },
+    "window": {
+        "csd": true,
+        "opacity": 1,
+        "rounding": 10
+    }
+}
--- a/homeModules/vicinae.nix
+++ b/homeModules/vicinae.nix
@ -10,8 +10,8 @@
    systemd.autoStart = true;
  };

-  xdg.configFile."vicinae/settings.json".source =
-    lib.mkForce "${config.dotfiles.path}/.config/vicinae/settings.json";
+  xdg.configFile."vicinae/vicinae.json".source =
+    lib.mkForce "${config.dotfiles.path}/.config/vicinae/vicinae.json";

  xdg.configFile."matugen/config.toml".source = "${config.dotfiles.path}/.config/matugen/config.toml";
  xdg.configFile."matugen/templates/vicinae.toml".source =
--- a/machines/genepi/builder.nix
+++ b/machines/genepi/builder.nix
@ -0,0 +1,13 @@
+{ self, ... }:
+{
+  imports = [
+    self.nixosModules.remote-builder
+  ];
+
+  roles.remote-builder = {
+    enable = true;
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"
+    ];
+  };
+}
--- a/machines/genepi/configuration.nix
+++ b/machines/genepi/configuration.nix
@ -6,6 +6,7 @@
  imports = [
    ./actual.nix
    ./boot.nix
+    ./builder.nix
    ./freshrss.nix
    ./glance.nix
    ./homeassistant.nix
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@ -56,6 +56,22 @@

  programs.kdeconnect.enable = true;

+  # Remote builds
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        sshUser = "nixremote";
+        sshKey = "/etc/ssh/ssh_host_ed25519_key";
+        systems = [ "aarch64-linux" ];
+        hostName = "genepi";
+      }
+    ];
+    extraOptions = ''
+      builders-use-substitutes = true
+    '';
+  };
+
  nixpkgs.config.allowUnfree = true;

  i18n.supportedLocales = [
--- a/nixosModules/remote-builder.nix
+++ b/nixosModules/remote-builder.nix
@ -0,0 +1,51 @@
+{ config, lib, ... }:
+let
+  cfg = config.roles.remote-builder;
+in
+{
+  options = {
+    roles.remote-builder = {
+      enable = lib.mkEnableOption {
+        description = "Whether to allow remote building on this machine";
+      };
+
+      user = lib.mkOption {
+        type = lib.types.str;
+        default = "nixremote";
+        example = "remote-builder";
+        description = "The name of the user used to run the builds";
+      };
+
+      group = lib.mkOption {
+        type = lib.types.str;
+        default = "${cfg.user}";
+        example = "remote-builder";
+        description = "The group of the user used to run the builds";
+      };
+
+      authorizedKeys = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [ ];
+        example = [ "ssh-ed25519 AAAA... user@host" ];
+        description = "List of SSH keys authorized to run builds on this machine";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.users."${cfg.user}" = {
+      createHome = true;
+      home = "/home/${cfg.user}";
+      isSystemUser = true;
+      group = cfg.group;
+      useDefaultShell = true;
+      openssh.authorizedKeys.keys = map (
+        key: ''restrict,command="nix-daemon --stdio" ${key}''
+      ) cfg.authorizedKeys;
+    };
+
+    users.groups.${cfg.user} = { };
+
+    nix.settings.trusted-users = [ cfg.user ];
+  };
+}