diff --git a/ops/nixos/cofractal-ams01/default.nix b/ops/nixos/cofractal-ams01/default.nix index 094fec82d6..1f19df7ae9 100644 --- a/ops/nixos/cofractal-ams01/default.nix +++ b/ops/nixos/cofractal-ams01/default.nix @@ -7,6 +7,7 @@ imports = [ ../lib/zfs.nix ../lib/bgp.nix + ../lib/nixbuild-distributed.nix ]; # Otherwise _this_ machine won't enumerate things properly. diff --git a/ops/nixos/lib/nixbuild-distributed.nix b/ops/nixos/lib/nixbuild-distributed.nix new file mode 100644 index 0000000000..90ca26035e --- /dev/null +++ b/ops/nixos/lib/nixbuild-distributed.nix @@ -0,0 +1,57 @@ +# SPDX-FileCopyrightText: 2023 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ config, lib, ... }: +{ + imports = [ ./vault-agent-secrets.nix ]; + + # Distributed builds! + nix.buildMachines = lib.mkAfter [{ + hostName = "eu.nixbuild.net"; + system = "aarch64-linux"; + maxJobs = 100; + speedFactor = 1; + supportedFeatures = [ "benchmark" "big-parallel" ]; + mandatoryFeatures = [ ]; + } { + hostName = "eu.nixbuild.net"; + system = "x86_64-linux"; + maxJobs = 100; + speedFactor = 1; + supportedFeatures = [ "benchmark" "big-parallel" ]; + mandatoryFeatures = [ ]; + }]; + nix.distributedBuilds = true; + nix.extraOptions = '' + builders-use-substitutes = true + ''; + + my.vault.secrets.id_ed25519_nixbuild = { + group = "users"; + template = '' + {{ with secret "kv/apps/nixbuild" }} + {{ .Data.data.id_ed25519_nixbuild }} + {{ end }} + ''; + }; + my.vault.secrets."id_ed25519_nixbuild.pub" = { + group = "users"; + template = '' + {{ with secret "kv/apps/nixbuild" }} + {{ .Data.data.id_ed25519_nixbuild_pub }} + {{ end }} + ''; + }; + programs.ssh.extraConfig = '' + Host eu.nixbuild.net + PubkeyAcceptedKeyTypes ssh-ed25519 + IdentityFile ${config.my.vault.secrets.id_ed25519_nixbuild.path} + ''; + programs.ssh.knownHosts = { + nixbuild = { + hostNames = [ "eu.nixbuild.net" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM"; + }; + }; +} diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix index 7a4136a170..3991b4d557 100644 --- a/ops/nixos/totoro/default.nix +++ b/ops/nixos/totoro/default.nix @@ -10,6 +10,7 @@ in { ../../../third_party/nixpkgs/nixos/modules/installer/scan/not-detected.nix ../lib/client.nix ../lib/whitby-distributed.nix + ../lib/nixbuild-distributed.nix ../lib/twitternuke.nix ../lib/quotes.bfob.gg.nix ../lib/baserow.nix diff --git a/ops/vault/cfg/config.nix b/ops/vault/cfg/config.nix index 7241224889..d745506600 100644 --- a/ops/vault/cfg/config.nix +++ b/ops/vault/cfg/config.nix @@ -69,13 +69,15 @@ my.apps.gitlab-runner = {}; my.apps.plex-pass = {}; my.apps.ads-b = {}; + my.apps.nixbuild = {}; my.servers.etheroute-lon01.apps = [ "pomerium" ]; - my.servers.porcorosso.apps = [ "quotesdb" ]; - my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" ]; + my.servers.howl.apps = [ "nixbuild" ]; + my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ]; + my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" ]; my.servers.clouvider-fra01.apps = [ "deluge" ]; my.servers.clouvider-lon01.apps = [ "quotesdb" "gitlab-runner" ]; - my.servers.cofractal-ams01.apps = [ "deluge" "gitlab-runner" ]; + my.servers.cofractal-ams01.apps = [ "deluge" "gitlab-runner" "nixbuild" ]; my.servers.bvm-twitterchiver.apps = [ "twitterchiver" ]; my.servers.bvm-matrix.apps = [ "turn" "matrix-synapse" ]; my.servers.bvm-prosody.apps = [ "turn" ];