58 lines
1.5 KiB
Nix
58 lines
1.5 KiB
Nix
|
# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
|
||
|
#
|
||
|
# SPDX-License-Identifier: Apache-2.0
|
||
|
|
||
|
{ config, lib, ... }:
|
||
|
{
|
||
|
imports = [ ./vault-agent-secrets.nix ];
|
||
|
|
||
|
# Distributed builds!
|
||
|
nix.buildMachines = lib.mkAfter [{
|
||
|
hostName = "eu.nixbuild.net";
|
||
|
system = "aarch64-linux";
|
||
|
maxJobs = 100;
|
||
|
speedFactor = 1;
|
||
|
supportedFeatures = [ "benchmark" "big-parallel" ];
|
||
|
mandatoryFeatures = [ ];
|
||
|
} {
|
||
|
hostName = "eu.nixbuild.net";
|
||
|
system = "x86_64-linux";
|
||
|
maxJobs = 100;
|
||
|
speedFactor = 1;
|
||
|
supportedFeatures = [ "benchmark" "big-parallel" ];
|
||
|
mandatoryFeatures = [ ];
|
||
|
}];
|
||
|
nix.distributedBuilds = true;
|
||
|
nix.extraOptions = ''
|
||
|
builders-use-substitutes = true
|
||
|
'';
|
||
|
|
||
|
my.vault.secrets.id_ed25519_nixbuild = {
|
||
|
group = "users";
|
||
|
template = ''
|
||
|
{{ with secret "kv/apps/nixbuild" }}
|
||
|
{{ .Data.data.id_ed25519_nixbuild }}
|
||
|
{{ end }}
|
||
|
'';
|
||
|
};
|
||
|
my.vault.secrets."id_ed25519_nixbuild.pub" = {
|
||
|
group = "users";
|
||
|
template = ''
|
||
|
{{ with secret "kv/apps/nixbuild" }}
|
||
|
{{ .Data.data.id_ed25519_nixbuild_pub }}
|
||
|
{{ end }}
|
||
|
'';
|
||
|
};
|
||
|
programs.ssh.extraConfig = ''
|
||
|
Host eu.nixbuild.net
|
||
|
PubkeyAcceptedKeyTypes ssh-ed25519
|
||
|
IdentityFile ${config.my.vault.secrets.id_ed25519_nixbuild.path}
|
||
|
'';
|
||
|
programs.ssh.knownHosts = {
|
||
|
nixbuild = {
|
||
|
hostNames = [ "eu.nixbuild.net" ];
|
||
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM";
|
||
|
};
|
||
|
};
|
||
|
}
|