home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

builder.nix (1965B)


      1 { config, lib, pkgs, ... }:
      2 
      3 let
      4   inherit (lib) mkIf mkEnableOption importTOML filter;
      5   cfg = config.profiles.externalbuilder;
      6   metadata = importTOML ../../../ops/hosts.toml;
      7   currentHostIP =
      8     if builtins.hasAttr "addrs" metadata.hosts.${config.networking.hostName}
      9     then metadata.hosts.${config.networking.hostName}.addrs.v4
     10     else "0.0.0.0";
     11   isCurrentHost = n: n.hostName != currentHostIP;
     12 in
     13 {
     14   options = {
     15     profiles.externalbuilder = {
     16       enable = mkEnableOption "Enable externalbuilder profile";
     17     };
     18   };
     19   config = mkIf cfg.enable {
     20     nix.distributedBuilds = true;
     21     sops.secrets.builder = {
     22       sopsFile = ../../../secrets/builder.yaml;
     23       mode = "600";
     24       path = "/etc/nix/builder.key";
     25     };
     26 
     27     nix.buildMachines = (filter isCurrentHost
     28       [
     29         {
     30           hostName = "${metadata.hosts.shikoku.addrs.v4}";
     31           maxJobs = metadata.hosts.shikoku.builder.maxJobs;
     32           sshUser = "builder";
     33           sshKey = config.sops.secrets.builder.path;
     34           systems = metadata.hosts.shikoku.builder.systems;
     35           supportedFeatures = metadata.hosts.shikoku.builder.features;
     36         }
     37         {
     38           hostName = "${metadata.hosts.aomi.addrs.v4}";
     39           maxJobs = metadata.hosts.aomi.builder.maxJobs;
     40           sshUser = "builder";
     41           sshKey = config.sops.secrets.builder.path;
     42           systems = metadata.hosts.aomi.builder.systems;
     43           supportedFeatures = metadata.hosts.aomi.builder.features;
     44         }
     45       ]
     46     );
     47 
     48     programs.ssh.knownHosts = {
     49       "shikoku" = {
     50         hostNames = [ "shikoku.home" "${metadata.hosts.shikoku.addrs.v4}" ];
     51         publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm";
     52       };
     53       "aomi" = {
     54         hostNames = [ "aomi.home" "${metadata.hosts.aomi.addrs.v4}" ];
     55         publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME";
     56       };
     57     };
     58 
     59   };
     60 
     61 
     62 }