Build with morton!

os/remote-builds/default.nix

@@ -1,5 +1,4 @@
 {
-  pkgs,
   lib,
   config,
   ...
@@ -8,62 +7,51 @@ let
   vivariumBuilderDefault = {
     systems = [
       "x86_64-linux"
-      "aarch64-linux"
     ];
     protocol = "ssh-ng";
     sshUser = "nixremote";
-    # sshKey doesn't work
   };
-  # MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key | base64 -w0
+  # MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key
+  # TODO Proper configuration option instead of pile of defs and hacks
   vivariumBuilders = [
     {
-      hostName = "ludwig.frogeye.fr";
+      hostName = "morton.frogeye.fr";
-      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU41SXZhMzNXeGplN095cHVEUHBSakFNMTlvRUtEVDRiYlpUTm82V1FLZTAgZ2VvZmZyZXlAY3VyYWNhbwo=";
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEetvIp4ZrP+ofXNDypnrLxdU034SBYg7fx9FxClDJA3";
-      maxJobs = 4;
-    }
-    {
-      hostName = "abavorana.frogeye.fr";
-      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5iNzcrS01tRHI0MVhZdmZITXQvK3NHMkJCSEIzYUl4M045WDNVejhFaUogZ2VvZmZyZXlAY3VyYWNhbwo=";
       supportedFeatures = [
         "nixos-test"
         "benchmark"
         "big-parallel"
         "kvm"
       ];
-      maxJobs = 8;
+      maxJobs = 12; # 8 cores, 16 with hyperthreading, trying not to overload the thing
     }
   ];
   # MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat
   publicKeys = [
     "ludwig.frogeye.fr:jTlN0fCOLU49M3LQw5j/u++Gmwrsv3m9RGs0slSg6r0="
     "abavorana.frogeye.fr:rcKZ9gwaIQLcst/vbhbF7meUQD5sveT2QQN4a+Zo1BM="
+    "morton.frogeye.fr:rSjbCZ4mgXkb+ENKI7sk/KIbftlQzCTQA7pWkdfS2r4="
   ];
 in
 {
   config = {
-    system.activationScripts.remote = {
+    programs.ssh.knownHosts = lib.trivial.pipe vivariumBuilders [
-      supportsDryActivation = true;
+      (builtins.map (builder: {
-      text = ''
+        name = builder.hostName;
-        mkdir -p /root/.ssh
+        value.publicKey = builder.publicKey;
-        cat ${
+      }))
-          pkgs.writeText "root-ssh-config" (
+      builtins.listToAttrs
-            lib.strings.concatLines (
+    ];
-              builtins.map (builder: ''
+    # Currently using port 22 only because:
-                Host ${builder.hostName}
+    # - Morton has to use it for git
-                  VerifyHostKeyDNS yes
+    # - Hopefully allowed on some firewalls
-                  UpdateHostKeys yes
+    # - Thought you couldn't set SSH config
-              '') vivariumBuilders
+    # You might be able to set SSH config with porgrams.ssh, although I only tried creating a /root/.ssh/config file
-              # Check SSHFP records so hopefully no need to manually add SSH host keys,
+    # (which does not work, unless logged in as root. host keys from root are used regardless of the user, though)
-              # yet add them to known_hosts should we not be using DNSSEC-validating DNS.
-              # No persistent socket since sometimes it goes a weird state and have to remove them.
-            )
-          )
-        } > /root/.ssh/config
-      '';
-    };
     nix = {
       buildMachines = builtins.map (
-        vivariumBuilder: vivariumBuilderDefault // vivariumBuilder
+        vivariumBuilder:
+        lib.attrsets.filterAttrs (k: v: k != "publicKey") (vivariumBuilderDefault // vivariumBuilder)
       ) vivariumBuilders;
       distributedBuilds = true;
       settings = {