From 8e6df3bc7b8868d14efe24b0ef8e6586f72bbb41 Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Tue, 23 Jun 2026 09:53:26 +0200 Subject: [PATCH] Added remote rebuild option --- nixos/default.nix | 7 +++++++ secrets/secrets.yaml | 5 +++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/nixos/default.nix b/nixos/default.nix index 613c00e..fcec4c6 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -22,6 +22,11 @@ ./catppuccin.nix ]; + sops.secrets."nix_cache_priv_key" = { + + mode = "0400"; + }; + nix = { settings = { trusted-users = [ @@ -42,11 +47,13 @@ "https://nix-community.cachix.org" "https://cyper-cache.cachix.org" ]; + secret-key-files = [ config.sops.secrets."nix_cache_priv_key".path ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cyper-cache.cachix.org-1:pOpeWFEjGHg9XvqRg+DQpYnGRQNp+z+QEF8Ev2mbSoM=" + "cyper-nix:+YuG586UwrtNkXeGiivcr5GTCbZK70ILU2YqOxUoIWw=" ]; auto-optimise-store = true; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index a4dee49..d5483e7 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -33,6 +33,7 @@ gitea: runnerToken: ENC[AES256_GCM,data:giY3e3oHqWytgIWfnuKxOfrp8R+u7I0lMzEGnLWXnZWL9aQkVsM1kiF1FNKn/A==,iv:YsQrAKU8pncPeSSosOFn9BjU676KCh956FGC2hnCuac=,tag:+eZ1y6P/85XNPD9gVVNMgA==,type:str] ssh_private_key: ENC[AES256_GCM,data:R511mVFVk1ogAd5CKk/2P6rtT4NnHIFfKyqeCen545QgcvDqDFmW0rFBmPJyipaya2srJNoWvKJbnvxWtTYeJh2tPAybRMoUicStIFMUn3FPNfjx/WuQFLhKLoU3UOHHPJnkFqkQ9MBqLq2k5K7MVsNNFTxIDCKS1jPgkTmAWjRZ0EFiRXLa+Gvnz3GP5ltgfjDwdPeb5xp0/AqKPD8jea9w5ClR6ckrRHCLsfXhL2e9IaF4B96JlIv4rICLX3HmeIgM2PKl2MnSt8we5z39bBoLSA0yWG6BvpiMBaFqbo7jeHf1SxI6R404/emHhwW3pwSCDrq2ZE1ATG2UmA5NssFcVuaBPBoQer+n5haVYMNpNUp6rtKZeAIbf5JEOXJ6CJqiInfnnzOMNGhGFkGUYkhsy3p6Ti/lmNMPX/xtY+8ZqMwXf5drssm5KgnQ5nDbVqnTWAhoT/D3t+cJVAaXGTGw88fU0X95dZr8vaL/5nBCj1uUdv5cRBJ8PGhqbBX8PoiXrtGooBGhxf6nHbxIneSzG1++MZGo3e1G,iv:D1lgCnZKm3Gyv6cZpQ7zGW7JXN5RCwoaas+LroTkhPc=,tag:WI6Nr1cX8gm5pjFpu/Ok0w==,type:str] ssh_github_key: ENC[AES256_GCM,data:vZAH4cRDsgGXLAppQKOyUPOvmBJZ27bujMGz4hQ8tt0xhGFUP28llwGZz/VRuU02Yv4alLgVWBAIPuyhZT9f35KnjIR1Mmb7HXk/6oaNM59/lBiISLrnOpC10WmJ9O5krKdxwP8ZDvHA34B0s+oYNkTNXiU0S8AVg3icploax7ylKH5Dorj53kjdYSTjd8KN6ZsgCKmcz97+GnP0IgdmauyNL7e+kv9WIfE8Xx1kGvC8WVnidX2YhSxm6vt8l60eUj9etRigU88oFYTDZ+mIf4lucSpzaLZutz2fM/16D/o9SS7mmTrEllj2S+IXc9ZZTRKKDLbW+yv0XUi0XZi+OHAdZScjS54NZKyT9uWrc/IDJHammGsoHRQpHZtbGhkeFi/KdJsYBsWItslXjM0xJVtFIM2tMnd10kv9UGuXsSl9J4NC0rpz3aXnQqG4ZAhMjN9D/DTJpB4K0pcFyd2FDWdrbKq5iPfnU/V6ecnHPML6wCt6gua/LdK1MWoG3l2SqwMLYj1r7UW5fQZqSw1EK0BAtp9cQMLBL/2w8ykMfWpLekE=,iv:gcinU7xOoXQkFVkLNB3sQYHAcZy3pZN+bDRIq4sspys=,tag:yawgAHBKIkGpnKPHsRId4g==,type:str] +nix_cache_priv_key: ENC[AES256_GCM,data:FbRHM4n7BDMDgZYtTOdpS0SQx80afxMC3uw6PtdKb1zcAjyQRYwJe0esTDLklLDh8Kx6dgZOJbrf2sYIzF5xVv09U1Uz0C1UnF4M6yhbg+Nqg0HfVj55L3Z6ulrxNlgq7gY=,iv:F9DZUsyzZocKoB0yByeBcrCw9Ytcp+Xk6y8+ZH4OV7k=,tag:mSf1zVciPkifzr3kVFAt0g==,type:str] sops: age: - enc: | @@ -44,7 +45,7 @@ sops: 6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w== -----END AGE ENCRYPTED FILE----- recipient: age10pyhca0jy75wtqv5hrn0gf0jcam5272zx9h73a8xwwaxyfq89c0qs5dr9t - lastmodified: "2026-06-22T18:17:22Z" - mac: ENC[AES256_GCM,data:nIGjfBCia9y1+f0dE6TRK6pBLo3B+vqmK88t5xrCY9j+SIzPvCc2Iv6h8AXSfunvIZpxODhn+PmX2FBwa9TtNVePi/Iywu43fRGHz67gSVYTyTBoLRAxqW/7hEvRMXu0ECUfAPzQCq3rd4iWjMXyIYU/FsX9g4NlIno0zcCV5cs=,iv:M4FBoxzojH01hScrRoET3AwmG3qevhkxiET+W94drh0=,tag:rHf7wbkp64FKybjZL0EDDQ==,type:str] + lastmodified: "2026-06-23T07:50:18Z" + mac: ENC[AES256_GCM,data:KlPMGQNnGdXGfUhuGviQ/lvDBOfjy9IiTFhLaJEwafJfAQmyYe+VclRV2kKK1A98rvZqhey/pvXyrpU1FQNbrvTVCgPMKiX8ggSmF62Ocz2ljj/tQqQhyZbtPM229k69FXdoDFjl0vg9T8nrYtNh+S8Xy17yw5CA1gI7GYILCF0=,iv:Km4NRYjTsZO3NYoWCUdQrmeXUPdbN+cI4CqJFkH70ww=,tag:TTCA8X2jAO1x20NILNyngg==,type:str] unencrypted_suffix: _unencrypted version: 3.13.1