Further attempt at remote builds

2024-05-06 22:25:35 +02:00 · 2024-05-06 22:25:35 +02:00 · 836f8ee8b4
parent b0168f4354
commit 836f8ee8b4
2 changed files with 38 additions and 3 deletions
--- a/os/geoffrey.nix
+++ b/os/geoffrey.nix
@ -18,6 +18,8 @@
    # even though home-manager sets it
    programs.zsh.enable = true;

+    nix.settings.trusted-users = [ "geoffrey" ];
+
    home-manager = {
      users.geoffrey = { pkgs, ... }: {
        frogeye = lib.mkDefault config.frogeye;
--- a/os/remote-builds/default.nix
+++ b/os/remote-builds/default.nix
@ -1,15 +1,48 @@
 { pkgs, lib, config, ... }:
 let
+  vivariumBuilderDefault = {
+    systems = [ "x86_64-linux" ];
+    protocol = "ssh-ng";
+    sshUser = "nixremote";
+    # sshKey doesn't work
+  };
+  vivariumBuilders = [
+    {
+      hostName = "abavorana.frogeye.fr";
+      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUZsaW9WYWZVWEIwdFNzSDRUVHBremphUkNkb0piSmRjVDRGOXFLZithMnEgcm9vdEBhYmF2b3JhbmEK";
+      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+    }
+    {
+      hostName = "ludwig.clowncar.frogeye.fr";
+      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSVBaRHIrQmVqZzRXTVVGR1NGdkd5YituMk0zMG9VR09KVUlzY3Z1b2F4VEQgcm9vdEBsdWR3aWcK";
+    }
+  ];
+  # MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat
  publicKeys = [
    "abavorana.frogeye.fr:rcKZ9gwaIQLcst/vbhbF7meUQD5sveT2QQN4a+Zo1BM="
    "ludwig.clowncar.frogeye.fr:jTlN0fCOLU49M3LQw5j/u++Gmwrsv3m9RGs0slSg6r0="
  ];
-  # MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat
 in
 {
  config = {
-    nix.settings = {
-      trusted-public-keys = publicKeys;
+    system.activationScripts.diff = {
+      supportsDryActivation = true;
+      text = ''
+        mkdir -p /root/.ssh
+        cat ${pkgs.writeText "root-ssh-config" (lib.strings.concatLines (builtins.map (builder: ''
+        Host ${builder.hostName}
+          Port 2278
+        '') vivariumBuilders)) } > /root/.ssh/config
+      '';
+    };
+    nix = {
+      buildMachines = builtins.map (vivariumBuilder: vivariumBuilderDefault // vivariumBuilder) vivariumBuilders;
+      distributedBuilds = true;
+      settings = {
+        builders-use-substitutes = true;
+        trusted-public-keys = publicKeys;
+      };
    };
  };
 }
+# TODO Make it work. I think it just doesn't like non-standard SSH ports.