diff --git a/hosts/ficolobuild/build3.nix b/hosts/ficolobuild/build3.nix index 6158fc9a..96f7d675 100644 --- a/hosts/ficolobuild/build3.nix +++ b/hosts/ficolobuild/build3.nix @@ -19,6 +19,17 @@ networking.hostName = "build3"; + # Yubikey signer + users.users = { + yubimaster = { + isNormalUser = true; + extraGroups = ["docker"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDfEUoARtE5ZMYofegtm3lECzaQeAktLQ2SqlHcV9jL signer" + ]; + }; + }; + # Trust Themisto Hydra user nix.settings = { trusted-users = ["root" "themisto" "@wheel"]; diff --git a/hosts/ficolobuild/build4.nix b/hosts/ficolobuild/build4.nix index de9829c6..72e9074c 100644 --- a/hosts/ficolobuild/build4.nix +++ b/hosts/ficolobuild/build4.nix @@ -17,6 +17,17 @@ networking.hostName = "build4"; + # Yubikey signer + users.users = { + yubimaster = { + isNormalUser = true; + extraGroups = ["docker"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2BcpFzSXOuK9AzN+J1HBVnuVV8D3wgdEwPuILNy2aM signer" + ]; + }; + }; + # Trust Themisto Hydra user nix.settings = { trusted-users = ["root" "themisto"]; diff --git a/hosts/ficolobuild/builder.nix b/hosts/ficolobuild/builder.nix index fe3f1458..0e64f98f 100644 --- a/hosts/ficolobuild/builder.nix +++ b/hosts/ficolobuild/builder.nix @@ -4,6 +4,7 @@ { self, config, + pkgs, inputs, lib, modulesPath, @@ -41,4 +42,10 @@ # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + + # Environment for Yubikey provisioning + environment.systemPackages = with pkgs; [ + usbutils + ]; + virtualisation.docker.enable = true; }