# SPDX-FileCopyrightText: 2023 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { config, lib, ... }: { imports = [ ./vault-agent-secrets.nix ]; # Distributed builds! nix.buildMachines = lib.mkAfter [{ hostName = "eu.nixbuild.net"; system = "aarch64-linux"; maxJobs = 100; speedFactor = 1; supportedFeatures = [ "benchmark" "big-parallel" ]; mandatoryFeatures = [ ]; } { hostName = "eu.nixbuild.net"; system = "x86_64-linux"; maxJobs = 100; speedFactor = 1; supportedFeatures = [ "benchmark" "big-parallel" ]; mandatoryFeatures = [ ]; }]; nix.distributedBuilds = true; nix.extraOptions = '' builders-use-substitutes = true ''; my.vault.secrets.id_ed25519_nixbuild = { group = "users"; template = '' {{ with secret "kv/apps/nixbuild" }} {{ .Data.data.id_ed25519_nixbuild }} {{ end }} ''; }; my.vault.secrets."id_ed25519_nixbuild.pub" = { group = "users"; template = '' {{ with secret "kv/apps/nixbuild" }} {{ .Data.data.id_ed25519_nixbuild_pub }} {{ end }} ''; }; programs.ssh.extraConfig = '' Host eu.nixbuild.net PubkeyAcceptedKeyTypes ssh-ed25519 IdentityFile ${config.my.vault.secrets.id_ed25519_nixbuild.path} ''; programs.ssh.knownHosts = { nixbuild = { hostNames = [ "eu.nixbuild.net" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM"; }; }; }