feat[client,server]: add remote builds, confLib

2025-12-06 09:07:21 +01:00 · 2025-12-02 00:57:35 +01:00 · 2025-12-02 00:57:35 +01:00 · f2674bee48
commit f2674bee48
parent 626d990b4a
133 changed files with 4297 additions and 3249 deletions
--- a/modules/nixos/common/globals.nix
+++ b/modules/nixos/common/globals.nix
@ -197,6 +197,10 @@ in
            main = mkOption {
              type = types.str;
            };
+            externalDns = mkOption {
+              type = types.listOf types.str;
+              description = "List of external dns nameservers";
+            };
          };
        };
      };
--- a/modules/nixos/common/home-manager-secrets.nix
+++ b/modules/nixos/common/home-manager-secrets.nix
@ -25,7 +25,7 @@ in
      }) // (lib.optionalAttrs modules.emacs {
        emacs-radicale-pw = { owner = mainUser; };
        github-forge-token = { owner = mainUser; };
-      }) // (lib.optionalAttrs modules.optional.work {
+      }) // (lib.optionalAttrs (modules ? optional-work) {
        harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
      }) // (lib.optionalAttrs modules.anki {
        anki-user = { owner = mainUser; };
--- a/modules/nixos/common/nodes.nix
+++ b/modules/nixos/common/nodes.nix
@ -34,6 +34,11 @@ let
      "nginx"
      "virtualHosts"
    ]
+    [
+      "swarselsystems"
+      "server"
+      "dns"
+    ]
  ];

  attrsForEachOption =
--- a/modules/nixos/common/settings.nix
+++ b/modules/nixos/common/settings.nix
@ -59,8 +59,8 @@ in
  config = lib.mkIf config.swarselmodules.general
    (lib.recursiveUpdate
      {
-        sops.secrets.github-api-token = lib.mkIf (!minimal) {
-          owner = mainUser;
+        sops.secrets = lib.mkIf (!minimal) {
+          github-api-token = { owner = mainUser; };
        };

        nix =
@ -83,7 +83,11 @@ in
              trusted-public-keys = [
                atticPublicKey
              ];
-              trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
+              trusted-users = [
+                "@wheel"
+                "${config.swarselsystems.mainUser}"
+                (lib.mkIf config.swarselmodules.server.ssh-builder "builder")
+              ];
            };
            # extraOptions = ''
            #   plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins