hosts/oparic: CN network

.sops.yaml

@@ -1,11 +1,18 @@
 keys:
-  - &primary age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
+  - &user age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
+  - &oparic-local-dev age1mgxmpfpy6qg374kyq66cc5yw68qfw0mlk89rcdy3lkzw9q93jvwqg73395
+# 按 GPT 的说法, 要想不踩坑, 就绝对不要用宽泛的匹配规则
 creation_rules:
-  - path_regex: secrets/ssh-config.yaml$
+  - path_regex: ^secrets/ssh-config\.yaml$
     key_groups:
       - age:
-          - *primary
+          - *user
-  - path_regex: secrets/ssh-private.yaml$
+  - path_regex: ^secrets/ssh-private\.yaml$
     key_groups:
       - age:
-          - *primary
+          - *user
+  - path_regex: ^secrets/hosts/oparic-local-dev\.yaml$
+    key_groups:
+      - age:
+          - *user
+          - *oparic-local-dev

hosts/hypnos/configuration.nix

@@ -7,6 +7,17 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
+  nix.buildMachines = [{
+    hostName = "192.168.2.22";
+    systems = [ "x86_64-linux" ];
+    sshUser = "origami";
+    sshKey = "/Users/origami/.config/sops-nix/secrets/ssh-private";
+    protocol = "ssh-ng";
+    maxJobs = 4;
+    supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ];
+  }];
+  nix.distributedBuilds = true;
+
   networking.hostName = "hypnos";
   time.timeZone = "Asia/Shanghai";
 

hosts/oparic-local-dev/configuration.nix

@@ -85,6 +85,12 @@
 
   services.openssh.enable = true;
 
+  # Mihomo 代理
+  services.mihomo = {
+    enable = true;
+    configFile = "/etc/mihomo/config.yaml";
+  };
+
   # 密钥管理: 这是对外机器
   sops.defaultSopsFile = ../../secrets/hosts/oparic-local-dev.yaml;
   sops.age.keyFile = "/var/lib/sops/age/keys.txt";