BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nixos: nix.sshServe: add write option

Browse source 
Adds the ability to provide the --write flag in addition to the --serve flag via
a new option, services.sshServe.write.

A user can now share their system as a remote builder with friends easily as
follows:

{
  nix = {
    sshServe = {
      enable = true;
      write = true;
      keys = ["ssh-dss AAAAB3NzaC1k... alice@example.org"];
    };
  };
}

Co-authored-by: Raphael Megzari <raphael@megzari.com>
This commit is contained in:
matthewcroughan 2021-09-04 11:39:14 +01:00 committed by Raphael Megzari
parent ddc8a3a982
commit 11aedaec1f
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/services/misc/nix-ssh-serve.nix
View file

@ -4,7 +4,7 @@ with lib;
let cfg = config.nix.sshServe;
command =
if cfg.protocol == "ssh"
then "nix-store --serve"
then "nix-store --serve ${lib.optionalString cfg.write "--write"}"
else "nix-daemon --stdio";
in {
options = {
@ -17,6 +17,12 @@ in {
description = "Whether to enable serving the Nix store as a remote store via SSH.";
};
write = mkOption {
type = types.bool;
default = false;
description = "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the nix.trustedUsers option in most use cases, such as allowing remote building of derivations.";
};
keys = mkOption {
type = types.listOf types.str;
default = [];