2025-05-04 16:20:00 -04:00
{
config ,
lib ,
2025-11-19 22:38:58 -05:00
all_nixos_configs ,
2025-11-27 17:51:08 -05:00
pkgs ,
2025-05-04 16:20:00 -04:00
. . .
} :
2025-11-18 22:02:12 -05:00
# TODO: FreeBSD is x86_64-freebsd
2025-05-04 16:20:00 -04:00
let
make_machine_config = name : {
enable = lib . mkOption {
type = lib . types . bool ;
default = false ;
example = true ;
description = " W h e t h e r w e w a n t t o u s e t h e ${ name } m a c h i n e d u r i n g d i s t r i b u t e d b u i l d s . " ;
} ;
additional_config = lib . mkOption {
type = lib . types . attrs ;
default = { } ;
example = lib . literalExpression {
speedFactor = 2 ;
} ;
description = " A d d i t i o n a l c o n f i g v a l u e s f o r t h e b u i l d M a c h i n e s e n t r y . F o r e x a m p l e , s p e e d F a c t o r . " ;
} ;
2026-01-11 16:38:56 -05:00
substituter_url = lib . mkOption {
type = lib . types . nullOr lib . types . str ;
default = null ;
example = " s s h - n g : / / r e m o t e - h o s t " ;
description = " U R L t o u s e a s a s u b s t i t u t e r . " ;
} ;
2025-05-04 16:20:00 -04:00
} ;
2025-11-19 22:38:58 -05:00
static_host_configs = {
quark = {
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
publicHostKey = " c 3 N o L W V k M j U 1 M T k g Q U F B Q U M z T n p h Q z F s W k R J M U 5 U R T V B Q U F B S U x 0 a l p l Y l V Y T k R k U 3 Y 1 e n V G b j M 3 e F N M Z U N 3 S 2 h P K z F M d W o v M 2 F Y N F J R T E E g c m 9 v d E B x d W F y a w o = " ;
systems = [
" i 6 8 6 - l i n u x "
" x 8 6 _ 6 4 - l i n u x "
# "aarch64-linux"
] ;
} ;
2026-01-11 16:38:56 -05:00
hydra = {
# Does not work, so we have to use root's authorized keys. Not sure why. My best guess is it is related to overriding the ssh target via the ssh config.
#
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
# publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUNJRk9tU0NWV25xVVFFL2RKd2R0STdRQ29LTHhBNHRmWnRSYStFSG9XV0wgcm9vdEBoeWRyYQo=";
# publicHostKey = "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFDNk1nNytKMys1d2c5QkJmLzkweWJhbnhJK3ZiSXRzY1ZoTzRRVFNMT1FJM1QxbWMrNUxTK2oxdDY4a20zVmx1c2k5WWh0UmNOVk1NbmZQT3Q3ejFyZ0Q4Y05iY3UzU0xCOTNGR2hvb1ZtUktyVEMyaVE4bkxZYVoyV1lrdnZ3UjJ6b24zTjRlTlFJdWUwR0EzTEtNKy82RDN5V3didjRYV2pFeWtpa1NoVFJUVUtMTjU4aUVVOVRmcnEzeE1Ib0EvYmJZMGIxK1QzUDRkQ05wb3BFcFczaVJaYkV0NUpvNS92VFBsVjc4L3I3bnV2eHlaVjU3dWhzYjhFQlFzYUdCYTIraEt6SUhFblBHWXlPUDVRRWVCZ1ZBUzh6bFg4aktaZnZuaDA0NmdFdFoyMWJWdHNBZHNXcnVYdXNEUVQyanJ2VjJOVTYvc2cyMzZPbFZvWVU4Z1JYRHZiTXhoclVSVWNsajM1RGlzTi9wMEd2clZOckVjSktZK245MS9UMG9qU0gvVTVlRzVPclhZRXQwVzIra0NsVDk0T2kxM2JjQkVDYmVUUXJKMjJRc1hKSnVEVkVzOWhsU2RLemZkMDVaaVc3MllHaHRCRWptL015UG1nSHhxYzNTKzEwc0VvT2FIazdtRjQ0M0o1MzZoWEVHZDhGWjROMnQ3MlF3V3RuUGoyNENYOG8wbmNJN2ZIYTRHTWsybi9EWU84MlNUTEJHeVBMTkxnK040NUcyYUhaSk1NWGprWlplMUVZS0dQQm5tcTFlVUdFMVd0ZkVRSEhCTHd3Y0dDdm15aWI1NTliQ0p5NWExS2pnSGNBYlk0WVRKOTlwMWtPT2lIcVlvTnArczlhSklPZU93aE5xbkkrOUxrWnYrbEhCdXRoM3A1anRRNzA3bEJMMmVBd1E9PSByb290QGh5ZHJhCg==";
systems = [
" i 6 8 6 - l i n u x "
" x 8 6 _ 6 4 - l i n u x "
# "aarch64-linux"
] ;
hostName = lib . mkForce " h y d r a ? r e m o t e - s t o r e = l o c a l ? r o o t = / h o m e / n i x w o r k e r / p e r s i s t / r o o t " ;
} ;
2025-11-19 22:38:58 -05:00
} ;
2026-01-11 16:38:56 -05:00
joined_configs =
lib . genAttrs
( builtins . filter ( hostname : config . me . distributed_build . machines . " ${ hostname } " . enable ) (
builtins . attrNames all_nixos_configs
) )
(
hostname :
( lib . mkMerge [
{
hostName = hostname ;
sshUser = " n i x w o r k e r " ;
sshKey = " / p e r s i s t / m a n u a l / s s h / r o o t / k e y s / i d _ e d 2 5 5 1 9 " ;
maxJobs = 1 ;
supportedFeatures = all_nixos_configs . " ${ hostname } " . config . me . optimizations . system_features ;
}
static_host_configs . " ${ hostname } "
config . me . distributed_build . machines . " ${ hostname } " . additional_config
] )
) ;
2025-05-04 16:20:00 -04:00
in
{
imports = [ ] ;
options . me = {
distributed_build . enable = lib . mkOption {
type = lib . types . bool ;
default = false ;
example = true ;
description = " W h e t h e r w e w a n t t o u s e m u l t i p l e m a c h i n e s t o p e r f o r m a n i x o s - r e b u i l d . " ;
} ;
2025-11-19 22:38:58 -05:00
distributed_build . machines = lib . mapAttrs ( name : value : make_machine_config name ) all_nixos_configs ;
2025-05-04 16:20:00 -04:00
} ;
config = lib . mkIf config . me . distributed_build . enable (
lib . mkMerge [
{
nix . distributedBuilds = true ;
2025-11-27 17:51:08 -05:00
2026-01-11 16:38:56 -05:00
# Using an ssh-based substituter slows down the build because querying the remote store for paths takes ages.
#
# nix.settings.substituters = lib.mkForce [
# "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/home/nixworker/persist/root"
# ];
2025-11-30 14:16:48 -05:00
# nix.settings.substitute = lib.mkForce true;
2026-01-11 16:38:56 -05:00
2025-11-30 14:16:48 -05:00
# nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" ''
# set -euo pipefail
# IFS=$'\n\t'
# set -f # disable globbing
# echo "Signing and uploading paths" $OUT_PATHS
# exec nix copy --to 'ssh://hydra' $OUT_PATHS
# '';
2025-11-27 17:51:08 -05:00
nix . settings . secret-key-files = [ " / p e r s i s t / m a n u a l / n i x / n i x - c a c h e - k e y . s e c " ] ;
nix . settings . trusted-public-keys = lib . mkForce [
" o d o : 0 S / X K S F j j I r i h Q 7 l b H E I e b X k / c / x u o o d h m 0 G z 2 6 Y h j A = "
2025-11-29 19:59:10 -05:00
" o d o w o r k : z g 3 U K B A y L y 3 x t Z k L 0 h M t b x H j x g n 5 A 2 Q Y 8 N N A g y R T 6 Y o = "
2025-11-29 18:40:37 -05:00
" q u a r k : E b 6 y g k I i V l c U q b 5 h O j E V I Q c f Y L p C z 4 0 Y V Y A 3 / r x r g B c = "
2025-11-27 17:51:08 -05:00
] ;
2025-05-04 16:20:00 -04:00
}
2025-11-19 22:38:58 -05:00
{
nix . buildMachines = (
map (
hostname :
( lib . mkIf config . me . distributed_build . machines . " ${ hostname } " . enable (
lib . mkMerge [
{
hostName = hostname ;
sshUser = " n i x w o r k e r " ;
sshKey = " / p e r s i s t / m a n u a l / s s h / r o o t / k e y s / i d _ e d 2 5 5 1 9 " ;
maxJobs = 1 ;
supportedFeatures = all_nixos_configs . " ${ hostname } " . config . me . optimizations . system_features ;
}
static_host_configs . " ${ hostname } "
config . me . distributed_build . machines . " ${ hostname } " . additional_config
]
) )
) ( builtins . attrNames all_nixos_configs )
) ;
}
2026-01-11 16:38:56 -05:00
# {
# nix.settings.substitute = lib.mkForce true;
# nix.settings.substituters = lib.mkForce (
# lib.mapAttrsToList (hostname: joined_config: "ssh-ng://${joined_config.hostName}") joined_configs
# );
# }
2025-05-04 16:20:00 -04:00
]
) ;
}
