2 files changed, 32 insertions, 3 deletions

diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix
index 681065b..51a5e34 100644
--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@@ -18,9 +18,24 @@
   ];
 
   networking.hostName = "atlas";
-  nix.settings.trusted-users = ["atlas"];
+  nix = {
+    settings.trusted-users = ["atlas" "nix-ssh"];
+    sshServe = {
+      enable = true;
+      keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlNzPwEdNMT+wuW9pfYBQ7CSNUhBAF7rRXTRD4UIx9Z hercules-ci-agent@p-body"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+0oAgrDPVGl/SL54koypwWzMzjnVdqTm+QNkU2amF9 p-body@p-body"
+      ];
+    };
+  };
 
-  services.hercules-ci-agent.enable = true;
+  services = {
+    hercules-ci-agent.enable = true;
+    nix-serve = {
+      enable = true;
+      secretKeyFile = "/var/cache-priv-key.pem";
+    };
+  };
 
   swapDevices = [
     {
diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix
index c303882..e170977 100644
--- a/hosts/p-body/default.nix
+++ b/hosts/p-body/default.nix
@@ -18,7 +18,21 @@
   ];
 
   networking.hostName = "p-body";
-  nix.settings.trusted-users = ["p-body"];
+  nix.settings = {
+    trusted-substituters = [
+      "https://nix-community.cachix.org"
+      "https://hercules-ci.cachix.org"
+      "ssh://[email protected]:420"
+    ];
+
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
+      "164.152.18.102:1qdvbe6dUxq/UPgB4G2JzOOqj1cU0WlNO+OrlQC2ticKX/RTM50jWpN3VswO10DPIrRLUnrTl+UtoNL3Vgu3Ow=="
+    ];
+
+    trusted-users = ["p-body"];
+  };
 
   services = {
     #caddy = {