feat(nix,bm-hostkey0): relaxed sandbox, SSH RemoteForward support, add pass, holo cache

nix/os/devices/sj-bm-hostkey0/configuration.nix

@@ -33,6 +33,9 @@ in {
     ../../profiles/common/user.nix
     ../../snippets/nix-settings.nix
     ../../snippets/nix-settings-holo-chain.nix
+    {
+      nix.settings.sandbox = lib.mkForce "relaxed";
+    }
 
     ../../snippets/holo-zerotier.nix
 
@@ -49,6 +52,10 @@ in {
       };
 
       home-manager.users.steveej = {pkgs, ...}: {
+        imports = [
+          ../../../home-manager/programs/pass.nix
+        ];
+
         home.packages = [
           pkgs.nil
           pkgs.rnix-lsp
@@ -90,6 +97,9 @@ in {
 
   services.openssh.enable = true;
   services.openssh.settings.PermitRootLogin = "yes";
+  services.openssh.extraConfig = ''
+    StreamLocalBindUnlink yes
+  '';
 
   boot = {
     kernel = {

nix/os/snippets/nix-settings-holo-chain.nix

@@ -3,14 +3,14 @@
     substituters = [
       "https://holochain-ci.cachix.org"
       "https://holochain-ci-internal.cachix.org"
-      # "https://cache.holo.host/"
+      "https://cache.holo.host/"
     ];
 
     trusted-public-keys = [
       "holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
       "holochain-ci-internal.cachix.org-1:QvVsSrTiearCjrLTVtNtJOdQCDTseXh7UXUuSMx46NE="
-      # "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
+      "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
-      # "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="
+      "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="
     ];
   };
 }