feat: Change the remotebuild user to a build only user instead of a

regular user

darwin/configuration.nix

@@ -23,7 +23,7 @@
     buildMachines = [
       {
         hostName = "sh.darksailor.dev";
-        sshUser = "fs0c131y";
+        sshUser = "remotebuilder";
         system = "x86_64-linux";
         protocol = "ssh-ng";
         supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];

nixos/deoxys/configuration.nix

@@ -36,7 +36,7 @@
     buildMachines = [
       {
         hostName = "sh.darksailor.dev";
-        sshUser = "fs0c131y";
+        sshUser = "remotebuilder";
         system = "x86_64-linux";
         protocol = "ssh-ng";
         supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];

nixos/mirai/configuration.nix

@@ -30,7 +30,7 @@
     settings = {
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
-      trusted-users = ["root" "servius" "fs0c131y"];
+      trusted-users = ["root" "fs0c131y" "remotebuilder"];
     };
     extraOptions = ''
       build-users-group = nixbld
@@ -54,7 +54,7 @@
   };
   users.users.remotebuilder = {
     isNormalUser = true;
-    openssh.authorizedKeys.keyFiles = [../../secrets/remotebuilder.pub];
+    openssh.authorizedKeys.keyFiles = [../../secrets/id_ed25519.pub];
   };
   users.groups.media = {};
 

nixos/ryu/configuration.nix

@@ -62,15 +62,15 @@
       options = "--delete-older-than +5";
     };
     package = pkgs.nixVersions.latest;
-    # buildMachines = [
+    buildMachines = [
-    #   {
+      {
-    #     hostName = "sh.darksailor.dev";
+        hostName = "sh.darksailor.dev";
-    #     sshUser = "nixbuilder";
+        sshUser = "remotebuilder";
-    #     system = "x86_64-linux";
+        system = "x86_64-linux";
-    #     protocol = "ssh-ng";
+        protocol = "ssh-ng";
-    #     supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+        supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
-    #   }
+      }
-    # ];
+    ];
     distributedBuilds = true;
   };
 
@@ -86,6 +86,12 @@
     tailscale = {
       enable = true;
     };
+    sunshine = {
+      enable = true;
+      openFirewall = true;
+      capSysAdmin = true;
+      # applications = {};
+    };
     mullvad-vpn.enable = true;
     resolved = {
       enable = true;

nixos/ryu/ryu.nix

@@ -16,13 +16,19 @@
   hardware.graphics = {
     enable = true;
     enable32Bit = true;
-    extraPackages = [pkgs.intel-compute-runtime pkgs.nvidia-vaapi-driver];
+    extraPackages = with pkgs; [
+      intel-compute-runtime
+      # intel-media-driver # LIBVA_DRIVER_NAME=iHD
+      # intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+      # vpl-gpu-rt # for newer GPUs on NixOS >24.05 or unstable
+      # libvdpau-va-gl
+      nvidia-vaapi-driver
+    ];
   };
 
   virtualisation.libvirtd.enable = true;
   users.extraUsers.servius.extraGroups = ["libvirtd" "adbusers" "kvm"];
 
-  # options nvidia_drm modeset=1 fbdev=1
   boot.extraModprobeConfig = ''
     options kvm_intel nested=1
     options kvm_intel emulate_invalid_guest_state=0