nix-daemon patch

0001-nix-daemon-Add-types-to-nix.buildMachines.patch

From 727dc270ca8735b35f9355bdc3fd280d06a410a1 Mon Sep 17 00:00:00 2001
From: Vincent Gatine <nurelin@nurelin.eu>
Date: Sat, 28 Sep 2019 21:20:37 +0200
Subject: [PATCH] nix-daemon: Add types to nix.buildMachines

Add types to nix.buildMachines to disallow the possibility of using a
path instead of a string in `sshKey` and having the private ssh key
being copied into the nix store with read permssions for everyone.
---
 nixos/modules/services/misc/nix-daemon.nix | 29 +++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index 3826f728afd..fe938d287f6 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -199,7 +199,34 @@ in
       };

       buildMachines = mkOption {
-        type = types.listOf types.attrs;
+        type = types.listOf types.submodule {
+          options = {
+            hostName = mkOption {
+              type = types.string;
+            };
+            sshUser = mkOption {
+              type = types.string;
+            };
+            sshKey = mkOption {
+              type = types.string;
+            };
+            system = mkOption {
+              type = types.string;
+            };
+            maxJobs = mkOption {
+              type = types.int;
+            };
+            speedFactor = mkOption {
+              type = types.int;
+            };
+            supportedFeatures = mkOption {
+              type = types.listOf types.string;
+            };
+            mandatoryFeatures = mkOption {
+              type = types.listOf types.string;
+            };
+          };
+        };
         default = [];
         example = literalExample ''
           [ { hostName = "voila.labs.cs.uu.nl";
--
2.23.0