feat[client,server]: add remote builds, confLib

2025-12-06 09:07:21 +01:00 · 2025-12-02 00:57:35 +01:00 · 2025-12-02 00:57:35 +01:00 · 9acfc5f934
commit 9acfc5f934
parent c20f1b0b59
133 changed files with 4297 additions and 3249 deletions
--- a/modules/nixos/client/niri.nix
+++ b/modules/nixos/client/niri.nix
@ -1,30 +0,0 @@
-{ lib, config, pkgs, ... }:
-let
-  moduleName = "niri";
-in
-{
-  options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings";
-  config = lib.mkIf config.swarselmodules.${moduleName}
-    {
-
-      environment.systemPackages = with pkgs; [
-        wl-clipboard
-        wayland-utils
-        libsecret
-        cage
-        gamescope
-        xwayland-satellite-unstable
-      ];
-
-
-      programs.niri = {
-        enable = true;
-        package = pkgs.niri-unstable; # the actual niri that will be installed and used
-      };
-    } // {
-    niri-flake.cache.enable = true;
-    programs.niri = {
-      package = null;
-    };
-  };
-}
--- a/modules/nixos/client/remotebuild.nix
+++ b/modules/nixos/client/remotebuild.nix
@ -0,0 +1,85 @@
+{ lib, config, globals, ... }:
+let
+  inherit (config.swarselsystems) homeDir mainUser isClient;
+in
+{
+  options.swarselmodules.remotebuild = lib.mkEnableOption "enable remote builds on this machine";
+  config = lib.mkIf config.swarselmodules.remotebuild {
+
+    sops.secrets = {
+      builder-key = lib.mkIf isClient { owner = mainUser; path = "${homeDir}/.ssh/builder"; mode = "0600"; };
+      nixbuild-net-key = { owner = mainUser; path = "${homeDir}/.ssh/nixbuild-net"; mode = "0600"; };
+    };
+
+    nix = {
+      settings.builders-use-substitutes = true;
+      distributedBuilds = true;
+      buildMachines = [
+        (lib.mkIf isClient {
+          hostName = config.repo.secrets.common.builder1-ip;
+          system = "aarch64-linux";
+          maxJobs = 20;
+          speedFactor = 10;
+        })
+        (lib.mkIf isClient {
+          hostName = globals.hosts.belchsfactory.wanAddress4;
+          system = "aarch64-linux";
+          maxJobs = 4;
+          speedFactor = 2;
+          protocol = "ssh-ng";
+        })
+        {
+          hostName = "eu.nixbuild.net";
+          system = "x86_64-linux";
+          maxJobs = 100;
+          speedFactor = 2;
+          supportedFeatures = [ "big-parallel" ];
+        }
+      ];
+    };
+    programs.ssh = {
+      knownHosts = {
+        nixbuild = {
+          hostNames = [ "eu.nixbuild.net" ];
+          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM";
+        };
+        builder1 = lib.mkIf isClient {
+          hostNames = [ config.repo.secrets.common.builder1-ip ];
+          publicKey = config.repo.secrets.common.builder1-pubHostKey;
+        };
+        jump = lib.mkIf isClient {
+          hostNames = [ globals.hosts.liliputsteps.wanAddress4 ];
+          publicKey = config.repo.secrets.common.jump-pubHostKey;
+        };
+        builder2 = lib.mkIf isClient {
+          hostNames = [ globals.hosts.belchsfactory.wanAddress4 ];
+          publicKey = config.repo.secrets.common.builder2-pubHostKey;
+        };
+      };
+      extraConfig = ''
+        Host eu.nixbuild.net
+          ConnectTimeout 1
+          PubkeyAcceptedKeyTypes ssh-ed25519
+          ServerAliveInterval 60
+          IPQoS throughput
+          IdentityFile ${config.sops.secrets.nixbuild-net-key.path}
+      '' + lib.optionalString isClient ''
+        Host ${config.repo.secrets.common.builder1-ip}
+          ConnectTimeout 1
+          User ${mainUser}
+          IdentityFile ${config.sops.secrets.builder-key.path}
+
+        Host ${globals.hosts.belchsfactory.wanAddress4}
+          ConnectTimeout 5
+          ProxyJump ${globals.hosts.liliputsteps.wanAddress4}
+          User builder
+          IdentityFile ${config.sops.secrets.builder-key.path}
+
+        Host ${globals.hosts.liliputsteps.wanAddress4}
+          ConnectTimeout 1
+          User jump
+          IdentityFile ${config.sops.secrets.builder-key.path}
+      '';
+    };
+  };
+}
--- a/modules/nixos/client/uwsm.nix
+++ b/modules/nixos/client/uwsm.nix
@ -13,7 +13,7 @@ in
          comment = "Sway compositor managed by UWSM";
          binPath = "/run/current-system/sw/bin/sway";
        };
-        niri = {
+        niri = lib.mkIf (config.swarselmodules ? niri) {
          prettyName = "Niri";
          comment = "Niri compositor managed by UWSM";
          binPath = "/run/current-system/sw/bin/niri-session";