nixos: distributed builds config init

2025-01-13 13:25:23 +11:00 · 2025-01-13 13:25:23 +11:00 · aa2d8c578e
commit aa2d8c578e
parent f020ae8902
4 changed files with 62 additions and 14 deletions
--- a/modules/nixos/base/builder.nix
+++ b/modules/nixos/base/builder.nix
@ -1,12 +0,0 @@
-{
-  keys,
-  config,
-  ...
-}: let
-  inherit (config.ooknet.host) admin;
-in {
-  users = {
-    groups.builder = {};
-    users.builder = (key: ''command="nix-daemon --stdio",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${key}'') keys.users.${admin.name};
-  };
-}
--- a/modules/nixos/base/default.nix
+++ b/modules/nixos/base/default.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ./nix.nix
+    ./distributed-builds.nix
    ./home-manager.nix
    ./boot.nix
    ./admin.nix
--- a/modules/nixos/base/distributed-builds.nix
+++ b/modules/nixos/base/distributed-builds.nix
@ -0,0 +1,59 @@
+{
+  keys,
+  config,
+  lib,
+  self,
+  ...
+}: let
+  inherit (lib) mkIf;
+  inherit (config.ooknet.host) admin;
+  inherit (config.networking) hostName;
+
+  mkBuilderMachine = {
+    host,
+    speedFactor,
+    systems ? ["x86_64-linux"],
+    supportedFeatures ? ["big-parallel" "kvm" "nixos-test"],
+  }: {
+    inherit speedFactor systems supportedFeatures;
+    hostName = host;
+    maxJobs = self.nixosConfigurations.${host}.config.nix.settings.max-jobs or "auto";
+    protocol = "ssh";
+    sshKey = "/home/${admin.name}/.ssh/builder";
+  };
+
+  builders = {
+    ooksdesk = mkBuilderMachine {
+      host = "ooksdesk";
+      speedFactor = 16;
+    };
+    ooksmedia = mkBuilderMachine {
+      host = "ooksmedia";
+      speedFactor = 8;
+    };
+  };
+in {
+  users = mkIf (hostName == "ooksdesk" || hostName == "ooksmedia") {
+    groups.builder = {};
+    users.builder = {
+      createHome = false;
+      isSystemUser = true;
+      useDefaultShell = true;
+      group = "builder";
+      openssh.authorizedKeys.keys = [
+        ''
+          command="nix-daemon --stdio",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${keys.users.${admin.name}}
+        ''
+      ];
+    };
+  };
+  nix = {
+    distributedBuilds = true;
+    buildMachines =
+      if hostName == "ooksdesk"
+      then []
+      else if hostName == "ooksmedia"
+      then [builders.ooksdesk]
+      else [builders.ooksdesk builders.ooksmedia];
+  };
+}
--- a/modules/nixos/base/nix.nix
+++ b/modules/nixos/base/nix.nix
@ -44,8 +44,9 @@ in {
    settings = {
      trusted-users = ["@wheel" "root" "builder"];
      experimental-features = ["nix-command" "flakes"];
-      accept-flake-config = true;
+      accept-flake-config = false;
      auto-optimise-store = true;
+      warn-dirty = false;
      # cache
      substituters = [
        "https://cache.nixos.org?priority=10"
@ -57,7 +58,6 @@ in {
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "neovim-flake.cachix.org-1:iyQ6lHFhnB5UkVpxhQqLJbneWBTzM8LBYOFPLNH4qZw="
      ];
-      # TODO: setup builders -- builders-use-substitutes = true;
    };
  };
  nixpkgs = {