hosts/dunamis: break up nix

Signed-off-by: unexplrd <unexplrd@linerds.us>
2025-04-30 00:33:56 +03:00
parent 5e8f5bf7f3
commit a349e3803d
6 changed files with 74 additions and 18 deletions
--- a/hosts/dunamis/nix.nix
+++ b/hosts/dunamis/nix.nix
@ -1,18 +0,0 @@
-# TODO: better file name
-{
-  config,
-  pkgs,
-  ...
-}: {
-  nix = {
-    package = pkgs.lix;
-    channel.enable = false;
-    settings.experimental-features = ["nix-command" "flakes"];
-    daemonCPUSchedPolicy = "idle";
-    sshServe = {
-      enable = true;
-      write = true;
-      keys = map (f: builtins.readFile f) config.users.users.user.openssh.authorizedKeys.keyFiles;
-    };
-  };
-}
--- a/hosts/dunamis/nix/common.nix
+++ b/hosts/dunamis/nix/common.nix
@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  nix = {
+    package = pkgs.lixPackageSets.latest.lix;
+    channel.enable = false;
+    daemonCPUSchedPolicy = "idle";
+    settings = {
+      experimental-features = ["nix-command" "flakes"];
+      builders-use-substitutes = true;
+    };
+  };
+}
--- a/hosts/dunamis/nix/default.nix
+++ b/hosts/dunamis/nix/default.nix
@ -0,0 +1,7 @@
+{
+  imports = [
+    ./common.nix
+    ./substituters.nix
+    ./ssh-serve.nix
+  ];
+}
--- a/hosts/dunamis/nix/distributed-build.nix
+++ b/hosts/dunamis/nix/distributed-build.nix
@ -0,0 +1,30 @@
+{
+  config,
+  inputs,
+  ...
+}: let
+  inherit (builtins) readFile;
+  inherit (config.networking) hostName;
+  inherit (config.sops) secrets;
+  inherit (inputs) mysecrets;
+  pubHost = readFile "${mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
+in {
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "dunamis";
+        publicHostKey = pubHost;
+        sshKey = secrets."ssh-${hostName}-user".path;
+        sshUser = "nix-ssh";
+        supportedFeatures = [
+          "benchmark"
+          "big-parallel"
+          "kvm"
+          "nixos-test"
+        ];
+        system = "x86_64-linux";
+      }
+    ];
+  };
+}
--- a/hosts/dunamis/nix/ssh-serve.nix
+++ b/hosts/dunamis/nix/ssh-serve.nix
@ -0,0 +1,10 @@
+{config, ...}: let
+  inherit (builtins) readFile;
+  inherit (config.users.users) user;
+in {
+  nix.sshServe = {
+    enable = true;
+    write = true;
+    keys = map (f: readFile f) user.openssh.authorizedKeys.keyFiles;
+  };
+}
--- a/hosts/dunamis/nix/substituters.nix
+++ b/hosts/dunamis/nix/substituters.nix
@ -0,0 +1,16 @@
+{
+  nix.settings = {
+    substituters = [
+      "https://cache.nixos.org/"
+      "https://chaotic-nyx.cachix.org/"
+      "https://cosmic.cachix.org/"
+      "https://nix-community.cachix.org/"
+    ];
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
+      "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+}