feat: zion remote builder config

hosts/default.nix

@@ -22,6 +22,7 @@
       ./modules/packages.nix
       ./modules/pipewire.nix
       ./modules/printing.nix
+      ./modules/remote-builder.nix
       ./modules/security.nix
       ./modules/ssh.nix
       ./modules/users.nix

hosts/keys/remotebuild.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINlOY3fRdbxMUVFli1jNXtf+x7DOB7xjLObfDOgVDnmd root@nixos

hosts/modules/remote-builder.nix

@@ -0,0 +1,31 @@
+{
+  users.users.remotebuild = {
+    isNormalUser = true;
+    createHome = false;
+    group = "remotebuild";
+
+    openssh.authorizedKeys.keyFiles = [ ../keys/remotebuild.pub ];
+  };
+
+  users.groups.remotebuild = {};
+
+  nix = {
+    nrBuildUsers = 64;
+    settings = {
+      trusted-users = [ "remotebuild" ];
+
+      min-free = 10 * 1024 * 1024;
+      max-free = 200 * 1024 * 1024;
+
+      max-jobs = "auto";
+      cores = 0;
+    };
+  };
+
+  systemd.services.nix-daemon.serviceConfig = {
+    MemoryAccounting = true;
+    MemoryMax = "90%";
+    OOMScoreAdjust = 500;
+  }; 
+}
+