nix: share builder setup across machines

2025-12-06 14:49:14 +00:00 · 2024-08-16 22:51:43 +02:00 · 2024-08-16 22:51:43 +02:00 · 8024315063
commit 8024315063
parent 7919ce882d
5 changed files with 5 additions and 11 deletions
--- a/nix/nixosModules/builders/default.nix
+++ b/nix/nixosModules/builders/default.nix
@ -0,0 +1,54 @@
+{
+  nix.distributedBuilds = true;
+
+  # NOTE:
+  # https://github.com/NixOS/hydra/issues/584#issuecomment-1901289182
+  # use ssh-ng to "fix" not trusted user issue
+  nix.buildMachines =
+    let
+      def = {
+        hostName = throw "hostName is not defined";
+        system = throw "system is not defined";
+        protocol = "ssh";
+        sshUser = "nix-remote-builder";
+        speedFactor = 1;
+        supportedFeatures = [
+          "nixos-test"
+          "benchmark"
+          "big-parallel"
+          "kvm"
+        ];
+        mandatoryFeatures = [ ];
+      };
+
+      builder = def // {
+        hostName = "builder";
+        system = "x86_64-linux";
+        speedFactor = 1;
+      };
+
+      hydrogen = def // {
+        hostName = "hydrogen";
+        system = "aarch64-linux";
+        speedFactor = 2;
+      };
+
+      oracle = def // {
+        hostName = "oracle";
+        system = "aarch64-linux";
+        protocol = "ssh-ng";
+        sshUser = "ubuntu";
+        speedFactor = 8;
+      };
+    in
+    [
+      builder
+      hydrogen
+      oracle
+    ];
+
+  # optional, useful when the builder has a faster internet connection than yours
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+  '';
+}
--- a/nix/nixosModules/default.nix
+++ b/nix/nixosModules/default.nix
@ -17,6 +17,7 @@ let
    "leana"
    "zram"
    "i_am_builder"
+    "builders"
  ];

  sharedModules.imports = map toModule sharedModuleNames;
--- a/nix/nixosModules/i_am_builder/default.nix
+++ b/nix/nixosModules/i_am_builder/default.nix
@ -19,8 +19,8 @@
    # credit:
    # https://github.com/nix-community/srvos/blob/main/nixos/roles/nix-remote-builder.nix
    openssh.authorizedKeys.keys = map (key: ''restrict ${key}'') [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKf9AFsIEjkf0c5Hu73Vr4rKkGKzMkgYBJODw1Vvi2DL root@carbon"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdzs65v65s5sVEv+BClW7qYb0tWuLOZ4e8lIAActeUq root@bismuth"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt+MINzxBF8uyFIuz/UvMZe9Ml+qxU0hxxi7UAmUzpc leana@bismuth"
    ];
  };