global/programs/nix/dist-builds.nix at main · soopy.moe/gensokyo

soopy.moe / gensokyo
nixos config
gensokyo / global / programs / nix / dist-builds.nix
at main 1.6 kB view raw
 1# Like distcc but not really
 2{
 3  lib,
 4  inputs,
 5  config,
 6  hostname,
 7  ...
 8}:
 9let
10  baselineFeatures = [
11    "big-parallel"
12    "ca-derivations"
13  ];
14
15  mkBuildMachines =
16    attr:
17    let
18      cleanAttr = builtins.removeAttrs attr [ hostname ];
19    in
20    lib.mapAttrsToList (
21      name: value:
22      {
23        hostName = name + ".mist-nessie.ts.net";
24
25        protocol = "ssh"; # nevermind we need hydra
26        sshUser = "builder";
27        sshKey = config.sops.secrets.builder_key.path;
28
29        speedFactor = 1;
30        maxJobs = 2;
31        supportedFeatures = baselineFeatures;
32
33        systems = [
34          "i686-linux"
35          "x86_64-linux"
36        ];
37      }
38      // value
39    ) cleanAttr;
40in
41{
42  sops.secrets.builder_key = {
43    sopsFile = inputs.self + "/creds/sops/global/id_builder";
44    format = "binary";
45  };
46
47  nix.distributedBuilds = true;
48  nix.settings.builders-use-substitutes = true;
49  nix.buildMachines = mkBuildMachines {
50    renko = {
51      supportedFeatures = baselineFeatures ++ [
52        "kvm"
53        "nixos-test"
54      ];
55      speedFactor = 5;
56      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUoreGNleXA4YnRVNnd0dThpRUFKMkZ4cm5rZlBsS1M3TWFJL2xLT0ZuUDEgcm9vdEByZW5rbwo=";
57    };
58    nijika = {
59      systems = [ "aarch64-linux" ];
60      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSVBsWGZ5MnMxejRIQ05oem92Rk55UzBhcCtyMEF2ZzAzNDlKeFFjMW0xaFEK";
61    };
62  };
63
64  services.openssh.extraConfig = lib.mkAfter ''
65    Match User builder
66      Banner none
67      PasswordAuthentication no
68      KbdInteractiveAuthentication no
69  '';
70}