setup distributed builds

2025-07-23 13:15:50 +03:00
parent 40598d20c7
commit e317f9b0e4
4 changed files with 33 additions and 11 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -56,7 +56,10 @@
    }@inputs:
    flake-parts.lib.mkFlake { inherit inputs; } (
      let
-        ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
+        ssh.publicKeys = {
+          yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
+          builder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuQaA6JKCOfsfUBI5tzoiYe3tdpLdPfVzeyByx/149C";
+        };
        specialArgs = { inherit inputs ssh self; };

      in
--- a/hosts/freun-dev/configuration.nix
+++ b/hosts/freun-dev/configuration.nix
@@ -136,15 +136,26 @@ in
  services.xserver.xkb.options = "eurosign:e,caps:escape";

  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.jokke = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    packages = [ pkgs.nh ];
-    openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
-  };
-  users.users.root.openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
+  users.users = {
+    jokke = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+      packages = [ pkgs.nh ];
+      openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
+    };

-  nix.settings.trusted-users = [ "jokke" ];
+    builder = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ ssh.publicKeys.builder ];
+    };
+
+    root.openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
+  };
+
+  nix.settings.trusted-users = [
+    "jokke"
+    "builder"
+  ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget
--- a/hosts/radish/boot.nix
+++ b/hosts/radish/boot.nix
@@ -23,8 +23,6 @@
    kernel.sysctl = {
      "vm.max_map_count" = 262144;
    };
-
-    binfmt.emulatedSystems = [ "aarch64-linux" ];
  };

  environment.systemPackages = with pkgs; [
--- a/hosts/radish/configuration.nix
+++ b/hosts/radish/configuration.nix
@@ -1,6 +1,16 @@
 { ... }:
 {
  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "freun.dev";
+        maxJobs = 2;
+        protocol = "ssh";
+        sshUser = "builder";
+        system = "aarch64-linux";
+      }
+    ];
    settings = {
      experimental-features = [
        "nix-command"