From 11aedaec1f545d6b02cbe5fedc79629ee1dca557 Mon Sep 17 00:00:00 2001 From: matthewcroughan Date: Sat, 4 Sep 2021 11:39:14 +0100 Subject: [PATCH] nixos: nix.sshServe: add write option Adds the ability to provide the --write flag in addition to the --serve flag via a new option, services.sshServe.write. A user can now share their system as a remote builder with friends easily as follows: { nix = { sshServe = { enable = true; write = true; keys = ["ssh-dss AAAAB3NzaC1k... alice@example.org"]; }; }; } Co-authored-by: Raphael Megzari --- nixos/modules/services/misc/nix-ssh-serve.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix index 7ce3841be2f5..1764c6d79649 100644 --- a/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixos/modules/services/misc/nix-ssh-serve.nix @@ -4,7 +4,7 @@ with lib; let cfg = config.nix.sshServe; command = if cfg.protocol == "ssh" - then "nix-store --serve" + then "nix-store --serve ${lib.optionalString cfg.write "--write"}" else "nix-daemon --stdio"; in { options = { @@ -17,6 +17,12 @@ in { description = "Whether to enable serving the Nix store as a remote store via SSH."; }; + write = mkOption { + type = types.bool; + default = false; + description = "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the nix.trustedUsers option in most use cases, such as allowing remote building of derivations."; + }; + keys = mkOption { type = types.listOf types.str; default = [];