config/modules/services/remote-builder/default.nix

73 lines
1.9 KiB
Nix
Raw Permalink Normal View History

2024-07-29 15:39:54 +03:00
{ config, lib, ... }:
2024-02-25 20:04:21 +02:00
{
options.mj.services.remote-builder = with lib.types; {
2024-02-27 22:56:09 +02:00
server = {
enable = lib.mkEnableOption "Enable remote builder server";
2024-07-29 15:39:54 +03:00
uidgid = lib.mkOption { type = int; };
sshAllowSubnet = lib.mkOption { type = str; };
publicKeys = lib.mkOption { type = listOf str; };
2024-02-27 22:56:09 +02:00
};
client = {
enable = lib.mkEnableOption "Enable remote builder client";
2024-07-29 15:39:54 +03:00
system = lib.mkOption {
type = enum [
"aarch64-linux"
"x86_64-linux"
];
};
hostName = lib.mkOption { type = str; };
sshKey = lib.mkOption { type = path; };
supportedFeatures = lib.mkOption { type = listOf str; };
2024-07-31 01:06:24 +03:00
maxJobs = lib.mkOption {
type = int;
default = 1;
};
2024-02-25 20:04:21 +02:00
};
};
2024-02-27 22:56:09 +02:00
config = lib.mkMerge [
(
let
cfg = config.mj.services.remote-builder.server;
in
2024-07-29 15:39:54 +03:00
lib.mkIf cfg.enable {
users.users.remote-builder = {
description = "Remote Builder";
home = "/var/lib/remote-builder";
shell = "/bin/sh";
group = "remote-builder";
isSystemUser = true;
createHome = true;
uid = cfg.uidgid;
openssh.authorizedKeys.keys = map (k: ''from="${cfg.sshAllowSubnet}" ${k}'') cfg.publicKeys;
};
users.groups.remote-builder.gid = cfg.uidgid;
nix.settings.trusted-users = [ "remote-builder" ];
}
2024-02-27 22:56:09 +02:00
)
(
let
cfg = config.mj.services.remote-builder.client;
in
2024-07-29 15:39:54 +03:00
lib.mkIf cfg.enable {
nix = {
buildMachines = [
{
inherit (cfg)
hostName
system
sshKey
supportedFeatures
;
protocol = "ssh-ng";
sshUser = "remote-builder";
}
];
distributedBuilds = true;
extraOptions = "builders-use-substitutes = true";
};
}
2024-02-27 22:56:09 +02:00
)
];
2024-02-25 20:04:21 +02:00
}