modules/nixos: rename config to shared

Signed-off-by: unexplrd <unexplrd@linerds.us>

modules/nixos/shared/nix/common.nix

@@ -0,0 +1,41 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  nix = {
+    package = pkgs.lixPackageSets.latest.lix;
+    channel.enable = false;
+    daemonCPUSchedPolicy = "idle";
+    optimise = {
+      automatic = true;
+      dates = ["weekly"];
+    };
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [
+        "nix-command"
+        "flakes"
+        # for container in builds support
+        "auto-allocate-uids"
+        "cgroups"
+
+        # Enable the use of the fetchClosure built-in function in the Nix language.
+        "fetch-closure"
+
+        # Allow derivation builders to call Nix, and thus build derivations recursively.
+        # "recursive-nix"
+
+        # Allow the use of the impure-env setting.
+        # "configurable-impure-env"
+      ];
+    };
+  };
+  # no longer need to pre-allocate build users for everything
+  nix.settings.auto-allocate-uids = lib.mkDefault true;
+  # Needs a patch in Nix to work properly: https://github.com/NixOS/nix/pull/13135
+  nix.settings.use-cgroups = true;
+
+  # for container in builds support
+  nix.settings.system-features = ["uid-range"];
+}

modules/nixos/shared/nix/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./common.nix
+    ./distibuted-build.nix
+    ./substituters.nix
+  ];
+}

modules/nixos/shared/nix/distibuted-build.nix

@@ -0,0 +1,49 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}: let
+  isBuildHost = config.networking.hostName == "dunamis";
+in {
+  config = lib.mkMerge [
+    (lib.mkIf isBuildHost {
+      nix = let
+        inherit (builtins) readFile;
+        inherit (config.users.users) user;
+      in {
+        sshServe = {
+          enable = true;
+          keys = map (f: readFile f) user.openssh.authorizedKeys.keyFiles;
+          protocol = "ssh-ng";
+          trusted = true;
+          write = true;
+        };
+      };
+    })
+    (lib.mkIf (!isBuildHost) {
+      nix = let
+        inherit (builtins) readFile;
+        inherit (config.networking) hostName;
+        inherit (config.sops) secrets;
+        inherit (inputs) mysecrets;
+        pubHost = readFile "${mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
+      in {
+        distributedBuilds = true;
+        buildMachines = [
+          {
+            hostName = "dunamis";
+            maxJobs = 3;
+            protocol = "ssh-ng";
+            publicHostKey = pubHost;
+            speedFactor = 2;
+            sshKey = secrets."ssh-${hostName}-user".path;
+            sshUser = "nix-ssh";
+            supportedFeatures = ["benchmark" "big-parallel" "kvm" "nixos-test"];
+            system = "x86_64-linux";
+          }
+        ];
+      };
+    })
+  ];
+}

modules/nixos/shared/nix/substituters.nix

@@ -0,0 +1,16 @@
+{
+  nix.settings = {
+    substituters = [
+      "https://cache.nixos.org/"
+      "https://chaotic-nyx.cachix.org/"
+      "https://cosmic.cachix.org/"
+      "https://nix-community.cachix.org/"
+    ];
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
+      "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+}