feat[client,server]: add remote builds, confLib

2025-12-06 09:07:21 +01:00 · 2025-12-02 00:57:35 +01:00 · 2025-12-02 00:57:35 +01:00 · 9acfc5f934
commit 9acfc5f934
parent c20f1b0b59
133 changed files with 4297 additions and 3249 deletions
--- a/modules/nixos/client/remotebuild.nix
+++ b/modules/nixos/client/remotebuild.nix
@ -0,0 +1,85 @@
+{ lib, config, globals, ... }:
+let
+  inherit (config.swarselsystems) homeDir mainUser isClient;
+in
+{
+  options.swarselmodules.remotebuild = lib.mkEnableOption "enable remote builds on this machine";
+  config = lib.mkIf config.swarselmodules.remotebuild {
+
+    sops.secrets = {
+      builder-key = lib.mkIf isClient { owner = mainUser; path = "${homeDir}/.ssh/builder"; mode = "0600"; };
+      nixbuild-net-key = { owner = mainUser; path = "${homeDir}/.ssh/nixbuild-net"; mode = "0600"; };
+    };
+
+    nix = {
+      settings.builders-use-substitutes = true;
+      distributedBuilds = true;
+      buildMachines = [
+        (lib.mkIf isClient {
+          hostName = config.repo.secrets.common.builder1-ip;
+          system = "aarch64-linux";
+          maxJobs = 20;
+          speedFactor = 10;
+        })
+        (lib.mkIf isClient {
+          hostName = globals.hosts.belchsfactory.wanAddress4;
+          system = "aarch64-linux";
+          maxJobs = 4;
+          speedFactor = 2;
+          protocol = "ssh-ng";
+        })
+        {
+          hostName = "eu.nixbuild.net";
+          system = "x86_64-linux";
+          maxJobs = 100;
+          speedFactor = 2;
+          supportedFeatures = [ "big-parallel" ];
+        }
+      ];
+    };
+    programs.ssh = {
+      knownHosts = {
+        nixbuild = {
+          hostNames = [ "eu.nixbuild.net" ];
+          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM";
+        };
+        builder1 = lib.mkIf isClient {
+          hostNames = [ config.repo.secrets.common.builder1-ip ];
+          publicKey = config.repo.secrets.common.builder1-pubHostKey;
+        };
+        jump = lib.mkIf isClient {
+          hostNames = [ globals.hosts.liliputsteps.wanAddress4 ];
+          publicKey = config.repo.secrets.common.jump-pubHostKey;
+        };
+        builder2 = lib.mkIf isClient {
+          hostNames = [ globals.hosts.belchsfactory.wanAddress4 ];
+          publicKey = config.repo.secrets.common.builder2-pubHostKey;
+        };
+      };
+      extraConfig = ''
+        Host eu.nixbuild.net
+          ConnectTimeout 1
+          PubkeyAcceptedKeyTypes ssh-ed25519
+          ServerAliveInterval 60
+          IPQoS throughput
+          IdentityFile ${config.sops.secrets.nixbuild-net-key.path}
+      '' + lib.optionalString isClient ''
+        Host ${config.repo.secrets.common.builder1-ip}
+          ConnectTimeout 1
+          User ${mainUser}
+          IdentityFile ${config.sops.secrets.builder-key.path}
+
+        Host ${globals.hosts.belchsfactory.wanAddress4}
+          ConnectTimeout 5
+          ProxyJump ${globals.hosts.liliputsteps.wanAddress4}
+          User builder
+          IdentityFile ${config.sops.secrets.builder-key.path}
+
+        Host ${globals.hosts.liliputsteps.wanAddress4}
+          ConnectTimeout 1
+          User jump
+          IdentityFile ${config.sops.secrets.builder-key.path}
+      '';
+    };
+  };
+}