From e9977076f56534b542c5f88dcefb965707c12e73 Mon Sep 17 00:00:00 2001
From: Natsu Kagami <nki@nkagami.me>
Date: Mon, 19 Aug 2024 16:01:37 +0200
Subject: [PATCH] Use ip addresses instead of hosts

---
 modules/services/nix-build-farm/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/services/nix-build-farm/default.nix b/modules/services/nix-build-farm/default.nix
index e76350d..54b6559 100644
--- a/modules/services/nix-build-farm/default.nix
+++ b/modules/services/nix-build-farm/default.nix
@@ -24,6 +24,12 @@ in
       type = types.path;
       description = "The path to the private SSH key file";
     };
+
+    ipAddrs = mkOption {
+      type = types.str;
+      description = "The ip addresses to limit access to";
+      default = "11.0.0.*";
+    };
   };
 
   config = mkIf cfg.enable (
@@ -47,7 +53,7 @@ in
           description = "Nix build farm user";
           group = build-user;
           isNormalUser = true;
-          openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${host.host}" ${host.pubKey}'') otherHosts;
+          openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${cfg.ipAddrs}" ${host.pubKey}'') otherHosts;
         };
         groups.${build-user} = { };
       };