{
lib,
config,
...
}:
let
vivariumBuilderDefault = {
systems = [
"x86_64-linux"
];
protocol = "ssh-ng";
sshUser = "nixremote";
};
# MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key
# TODO Proper configuration option instead of pile of defs and hacks
vivariumBuilders = [
{
hostName = "morton.frogeye.fr";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEetvIp4ZrP+ofXNDypnrLxdU034SBYg7fx9FxClDJA3";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
maxJobs = 12; # 8 cores, 16 with hyperthreading, trying not to overload the thing
}
];
# MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat
publicKeys = [
"ludwig.frogeye.fr:jTlN0fCOLU49M3LQw5j/u++Gmwrsv3m9RGs0slSg6r0="
"abavorana.frogeye.fr:rcKZ9gwaIQLcst/vbhbF7meUQD5sveT2QQN4a+Zo1BM="
"morton.frogeye.fr:rSjbCZ4mgXkb+ENKI7sk/KIbftlQzCTQA7pWkdfS2r4="
];
in
{
config = {
programs.ssh.knownHosts = lib.trivial.pipe vivariumBuilders [
(builtins.map (builder: {
name = builder.hostName;
value.publicKey = builder.publicKey;
}))
builtins.listToAttrs
];
# Currently using port 22 only because:
# - Morton has to use it for git
# - Hopefully allowed on some firewalls
# - Thought you couldn't set SSH config
# You might be able to set SSH config with porgrams.ssh, although I only tried creating a /root/.ssh/config file
# (which does not work, unless logged in as root. host keys from root are used regardless of the user, though)
nix = {
buildMachines = builtins.map (
vivariumBuilder:
lib.attrsets.filterAttrs (k: v: k != "publicKey") (vivariumBuilderDefault // vivariumBuilder)
) vivariumBuilders;
distributedBuilds = true;
settings = {
builders-use-substitutes = true;
trusted-public-keys = publicKeys;
substituters = builtins.map (
builder: "${builder.protocol}://${builder.sshUser}@${builder.hostName}"
) config.nix.buildMachines;
};
};
};
}