2 files changed, 34 insertions, 0 deletions

diff --git a/hosts/atlas/cachix.nix b/hosts/atlas/cachix.nix
new file mode 100644
index 0000000..1dc1830
--- /dev/null
+++ b/hosts/atlas/cachix.nix
@@ -0,0 +1,18 @@
+{pkgs, ...}: let
+  uploadToCachix = pkgs.writeScriptBin "upload-to-cachix" ''
+    #!/bin/sh
+    set -euf
+
+    OUT_END=$(echo ''${OUT_PATHS: -10})
+    if [ "$OUT_END" == "-spec.json" ]; then
+    exit 0
+    fi
+
+    export HOME=/root
+    exec ${pkgs.cachix}/bin/cachix -c /etc/cachix/cachix.dhall push getchoo $OUT_PATHS > /tmp/hydra_cachix 2>&1
+  '';
+in {
+  nix.extraOptions = ''
+    post-build-hook = ${uploadToCachix}/bin/upload-to-cachix
+  '';
+}
diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix
index 220592d..cf17462 100644
--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@@ -5,6 +5,7 @@
 }: {
   imports = [
     ./hardware-configuration.nix
+    ./cachix.nix
     ./miniflux.nix
     ./nginx.nix
     ./prometheus.nix
@@ -24,11 +25,18 @@
     loader.efi.canTouchEfiVariables = true;
   };
 
+  getchoo.server = {
+    secrets.enable = true;
+    services.loki.enable = true;
+  };
+
   networking = {
     domain = "mydadleft.me";
     hostName = "atlas";
   };
 
+  nix.settings.trusted-users = ["bob"];
+
   system.stateVersion = "22.11";
 
   users.users = let
@@ -44,6 +52,14 @@
       passwordFile = config.age.secrets.userPassword.path;
       inherit openssh;
     };
+    bob = {
+      isNormalUser = true;
+      shell = pkgs.bash;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtbxHjDADxqsG+AgCoiDq0uCsgcnJCIH+9rB6K5pIi9 p-body@p-body"
+        "ssh-ed25519 aaaac3nzac1lzdi1nte5aaaaimpv9widwxvyovh347caulkdgzg7+1m/rz1av5fk3bhm atlas [email protected]"
+      ];
+    };
   };
 
   zramSwap.enable = true;