builder.nix (1965B)
1 { config, lib, pkgs, ... }: 2 3 let 4 inherit (lib) mkIf mkEnableOption importTOML filter; 5 cfg = config.profiles.externalbuilder; 6 metadata = importTOML ../../../ops/hosts.toml; 7 currentHostIP = 8 if builtins.hasAttr "addrs" metadata.hosts.${config.networking.hostName} 9 then metadata.hosts.${config.networking.hostName}.addrs.v4 10 else "0.0.0.0"; 11 isCurrentHost = n: n.hostName != currentHostIP; 12 in 13 { 14 options = { 15 profiles.externalbuilder = { 16 enable = mkEnableOption "Enable externalbuilder profile"; 17 }; 18 }; 19 config = mkIf cfg.enable { 20 nix.distributedBuilds = true; 21 sops.secrets.builder = { 22 sopsFile = ../../../secrets/builder.yaml; 23 mode = "600"; 24 path = "/etc/nix/builder.key"; 25 }; 26 27 nix.buildMachines = (filter isCurrentHost 28 [ 29 { 30 hostName = "${metadata.hosts.shikoku.addrs.v4}"; 31 maxJobs = metadata.hosts.shikoku.builder.maxJobs; 32 sshUser = "builder"; 33 sshKey = config.sops.secrets.builder.path; 34 systems = metadata.hosts.shikoku.builder.systems; 35 supportedFeatures = metadata.hosts.shikoku.builder.features; 36 } 37 { 38 hostName = "${metadata.hosts.aomi.addrs.v4}"; 39 maxJobs = metadata.hosts.aomi.builder.maxJobs; 40 sshUser = "builder"; 41 sshKey = config.sops.secrets.builder.path; 42 systems = metadata.hosts.aomi.builder.systems; 43 supportedFeatures = metadata.hosts.aomi.builder.features; 44 } 45 ] 46 ); 47 48 programs.ssh.knownHosts = { 49 "shikoku" = { 50 hostNames = [ "shikoku.home" "${metadata.hosts.shikoku.addrs.v4}" ]; 51 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm"; 52 }; 53 "aomi" = { 54 hostNames = [ "aomi.home" "${metadata.hosts.aomi.addrs.v4}" ]; 55 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME"; 56 }; 57 }; 58 59 }; 60 61 62 }