depot/ops/nixos/lib/nixbuild-distributed.nix

57 lines
1.5 KiB
Nix

# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ config, lib, ... }:
{
imports = [ ./vault-agent-secrets.nix ];
# Distributed builds!
nix.buildMachines = lib.mkAfter [{
hostName = "eu.nixbuild.net";
system = "aarch64-linux";
maxJobs = 100;
speedFactor = 1;
supportedFeatures = [ "benchmark" "big-parallel" ];
mandatoryFeatures = [ ];
} {
hostName = "eu.nixbuild.net";
system = "x86_64-linux";
maxJobs = 100;
speedFactor = 1;
supportedFeatures = [ "benchmark" "big-parallel" ];
mandatoryFeatures = [ ];
}];
nix.distributedBuilds = true;
nix.extraOptions = ''
builders-use-substitutes = true
'';
my.vault.secrets.id_ed25519_nixbuild = {
group = "users";
template = ''
{{ with secret "kv/apps/nixbuild" }}
{{ .Data.data.id_ed25519_nixbuild }}
{{ end }}
'';
};
my.vault.secrets."id_ed25519_nixbuild.pub" = {
group = "users";
template = ''
{{ with secret "kv/apps/nixbuild" }}
{{ .Data.data.id_ed25519_nixbuild_pub }}
{{ end }}
'';
};
programs.ssh.extraConfig = ''
Host eu.nixbuild.net
PubkeyAcceptedKeyTypes ssh-ed25519
IdentityFile ${config.my.vault.secrets.id_ed25519_nixbuild.path}
'';
programs.ssh.knownHosts = {
nixbuild = {
hostNames = [ "eu.nixbuild.net" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM";
};
};
}