From e317f9b0e47bfdb7aeab3e903fe2a23a786f6d60 Mon Sep 17 00:00:00 2001
From: Joakim Repomaa <joakim.repomaa@mocoapp.com>
Date: Wed, 23 Jul 2025 13:15:50 +0300
Subject: [PATCH] setup distributed builds

---
 flake.nix                         |  5 ++++-
 hosts/freun-dev/configuration.nix | 27 +++++++++++++++++++--------
 hosts/radish/boot.nix             |  2 --
 hosts/radish/configuration.nix    | 10 ++++++++++
 4 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/flake.nix b/flake.nix
index bbfa259..e28b6ed 100644
--- a/flake.nix
+++ b/flake.nix
@@ -56,7 +56,10 @@
     }@inputs:
     flake-parts.lib.mkFlake { inherit inputs; } (
       let
-        ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
+        ssh.publicKeys = {
+          yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
+          builder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuQaA6JKCOfsfUBI5tzoiYe3tdpLdPfVzeyByx/149C";
+        };
         specialArgs = { inherit inputs ssh self; };
 
       in
diff --git a/hosts/freun-dev/configuration.nix b/hosts/freun-dev/configuration.nix
index 2e17225..64d8d72 100644
--- a/hosts/freun-dev/configuration.nix
+++ b/hosts/freun-dev/configuration.nix
@@ -136,15 +136,26 @@ in
   services.xserver.xkb.options = "eurosign:e,caps:escape";
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.jokke = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    packages = [ pkgs.nh ];
-    openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
-  };
-  users.users.root.openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
+  users.users = {
+    jokke = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+      packages = [ pkgs.nh ];
+      openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
+    };
 
-  nix.settings.trusted-users = [ "jokke" ];
+    builder = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ ssh.publicKeys.builder ];
+    };
+
+    root.openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
+  };
+
+  nix.settings.trusted-users = [
+    "jokke"
+    "builder"
+  ];
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
diff --git a/hosts/radish/boot.nix b/hosts/radish/boot.nix
index c9228e3..7b627cb 100644
--- a/hosts/radish/boot.nix
+++ b/hosts/radish/boot.nix
@@ -23,8 +23,6 @@
     kernel.sysctl = {
       "vm.max_map_count" = 262144;
     };
-
-    binfmt.emulatedSystems = [ "aarch64-linux" ];
   };
 
   environment.systemPackages = with pkgs; [
diff --git a/hosts/radish/configuration.nix b/hosts/radish/configuration.nix
index f0a4212..6ffc144 100644
--- a/hosts/radish/configuration.nix
+++ b/hosts/radish/configuration.nix
@@ -1,6 +1,16 @@
 { ... }:
 {
   nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "freun.dev";
+        maxJobs = 2;
+        protocol = "ssh";
+        sshUser = "builder";
+        system = "aarch64-linux";
+      }
+    ];
     settings = {
       experimental-features = [
         "nix-command"