made a build and nixremote modules.

2025-09-27 16:31:05 -06:00 · 2025-09-27 16:31:05 -06:00 · 4b81028cde
commit 4b81028cde
parent 8cd5e390cf
7 changed files with 198 additions and 166 deletions
--- a/config/base.nix
+++ b/config/base.nix
@ -78,19 +78,7 @@
      "dotnet-sdk-6.0.428"
    ];
  };
-  nix =
-    let
-      featuresList = [
-        "nixos-test"
-        "benchmark"
-        "big-parallel"
-        "kvm"
-        "gccarch-znver3"
-        "gccarch-skylake"
-        "gccarch-alderlake"
-      ];
-    in
-    {
+  nix = {
    distributedBuilds = true;
    optimise.automatic = true;
    settings = {
@ -101,7 +89,6 @@
        "root"
        "nixremote"
      ];
-        system-features = featuresList;
      experimental-features = [
        "nix-command"
        "flakes"
--- a/hosts/miniserver/configuration.nix
+++ b/hosts/miniserver/configuration.nix
@ -1,11 +1,32 @@
-{ ... }:
+{ config, ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ../../config/base.nix
    ../../config/stylix.nix
  ];
-  my = import ./toggles.nix;
+  my = import ./toggles.nix // {
+    nix.cores = 3;
+    nix.maxJobs = 8;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = [
+      ../../secrets/ssh/ed25519_nixworkstation.pub
+      ../../secrets/ssh/ed25519_nixserver.pub
+    ];
+  };
+  nix.buildMachines =
+    let
+      buildMachine = hostName: maxJobs: speedFactor: {
+        inherit hostName maxJobs speedFactor;
+        system = "x86_64-linux";
+        sshUser = "nixremote";
+        supportedFeatures = config.my.nix.features;
+      };
+    in
+    [
+      (buildMachine "workstation" 16 40)
+      (buildMachine "server" 16 17)
+    ];
  networking = {
    hostName = "miniserver";
    firewall = {
@ -13,47 +34,7 @@
      allowedUDPPorts = [ 2049 ];
    };
  };
-  nix = {
-    settings = {
-      cores = 3;
-      max-jobs = 8;
-    };
-    buildMachines =
-      let
-        buildMachine = hostName: maxJobs: speedFactor: {
-          inherit hostName maxJobs speedFactor;
-          system = "x86_64-linux";
-          sshUser = "nixremote";
-          supportedFeatures = [
-            "nixos-test"
-            "benchmark"
-            "big-parallel"
-            "kvm"
-            "gccarch-znver3"
-            "gccarch-skylake"
-            "gccarch-alderlake"
-          ];
-        };
-      in
-      [
-        (buildMachine "workstation" 16 40)
-        (buildMachine "server" 16 17)
-      ];
-  };
  nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
-  users = {
-    groups.nixremote.gid = 555;
-    users.nixremote = {
-      isNormalUser = true;
-      createHome = true;
-      group = "nixremote";
-      home = "/var/nixremote/";
-      openssh.authorizedKeys.keyFiles = [
-        ../../secrets/ssh/ed25519_nixworkstation.pub
-        ../../secrets/ssh/ed25519_nixserver.pub
-      ];
-    };
-  };
  services = {
    btrfs.autoScrub = {
      enable = true;
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@ -10,7 +10,24 @@
    ../../config/base.nix
    ../../config/stylix.nix
  ];
-  my = import ./toggles.nix { inherit config; };
+  my = import ./toggles.nix { inherit config; } // {
+    nix.cores = 6;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = [
+      ../../secrets/ssh/ed25519_nixworkstation.pub
+      ../../secrets/ssh/ed25519_nixminiserver.pub
+    ];
+  };
+  nix.buildMachines = [
+    {
+      hostName = "workstation";
+      system = "x86_64-linux";
+      sshUser = "nixremote";
+      maxJobs = 12;
+      speedFactor = 1;
+      supportedFeatures = config.my.nix.features;
+    }
+  ];
  sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml;
  networking =
    let
@ -51,49 +68,9 @@
        ];
      };
    };
-  nix =
-    let
-      featuresList = [
-        "nixos-test"
-        "benchmark"
-        "big-parallel"
-        "kvm"
-        "gccarch-znver3"
-        "gccarch-skylake"
-        "gccarch-alderlake"
-      ];
-    in
-    {
-      settings.cores = 6;
-      buildMachines = [
-        {
-          hostName = "workstation";
-          system = "x86_64-linux";
-          sshUser = "nixremote";
-          maxJobs = 12;
-          speedFactor = 1;
-          supportedFeatures = featuresList;
-        }
-      ];
-    };
-  users = {
-    groups.nixremote.gid = 555;
-    users = {
-      jawz.packages = builtins.attrValues {
+  users.users.jawz.packages = builtins.attrValues {
    inherit (pkgs) podman-compose;
  };
-      nixremote = {
-        isNormalUser = true;
-        createHome = true;
-        group = "nixremote";
-        home = "/var/nixremote/";
-        openssh.authorizedKeys.keyFiles = [
-          ../../secrets/ssh/ed25519_nixworkstation.pub
-          ../../secrets/ssh/ed25519_nixminiserver.pub
-        ];
-      };
-    };
-  };
  services.btrfs.autoScrub = {
    enable = true;
    fileSystems = [
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@ -21,7 +21,15 @@ in
    ../../config/stylix.nix
    ../../environments/gnome.nix
  ];
-  my = import ./toggles.nix;
+  my = import ./toggles.nix // {
+    nix.cores = 8;
+    nix.maxJobs = 8;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = [
+      ../../secrets/ssh/ed25519_nixserver.pub
+      ../../secrets/ssh/ed25519_nixminiserver.pub
+    ];
+  };
  home-manager.users.jawz = {
    programs = {
      vscode = {
@ -60,14 +68,7 @@ in
        allowedUDPPortRanges = openPortRanges;
      };
  };
-  nix.settings = {
-    cores = 8;
-    max-jobs = 8;
-  };
-  users = {
-    groups.nixremote.gid = 555;
-    users = {
-      jawz.packages = [
+  users.users.jawz.packages = [
    (pkgs.google-cloud-sdk.withExtraComponents [
      pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
    ])
@ -81,18 +82,6 @@ in
      google-cloud-sdk-gce
      ;
  };
-      nixremote = {
-        isNormalUser = true;
-        createHome = true;
-        group = "nixremote";
-        home = "/var/nixremote/";
-        openssh.authorizedKeys.keyFiles = [
-          ../../secrets/ssh/ed25519_nixserver.pub
-          ../../secrets/ssh/ed25519_nixminiserver.pub
-        ];
-      };
-    };
-  };
  environment = {
    pathsToLink = [ "share/thumbnailers" ];
    systemPackages = builtins.attrValues {
--- a/modules/modules.nix
+++ b/modules/modules.nix
@ -30,7 +30,11 @@ in
    ++ autoImport "scripts"
    ++ autoImport "servers"
    ++ autoImport "services"
-    ++ autoImport "shell";
+    ++ autoImport "shell"
+    ++ [
+      ./nix/build.nix
+      ./users/nixremote.nix
+    ];
  options.my = {
    localhost = lib.mkOption {
      type = lib.types.str;
--- a/modules/nix/build.nix
+++ b/modules/nix/build.nix
@ -0,0 +1,53 @@
+{ lib, config, ... }:
+{
+  options.my.nix = {
+    features = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+        "gccarch-znver3"
+        "gccarch-skylake"
+        "gccarch-alderlake"
+      ];
+      description = "List of supported nix build features for this system";
+    };
+    
+    buildMachines = lib.mkOption {
+      type = lib.types.listOf lib.types.attrs;
+      default = [];
+      description = "List of remote build machines configuration";
+    };
+    
+    cores = lib.mkOption {
+      type = lib.types.nullOr lib.types.int;
+      default = null;
+      description = "Number of cores to use for builds (null = auto-detect)";
+    };
+    
+    maxJobs = lib.mkOption {
+      type = lib.types.nullOr lib.types.int;
+      default = null;
+      description = "Maximum number of parallel jobs (null = auto-detect)";
+    };
+  };
+
+  config = {
+    nix.settings = lib.mkMerge [
+      {
+        system-features = config.my.nix.features;
+      }
+      (lib.mkIf (config.my.nix.cores != null) {
+        cores = config.my.nix.cores;
+      })
+      (lib.mkIf (config.my.nix.maxJobs != null) {
+        max-jobs = config.my.nix.maxJobs;
+      })
+    ];
+    
+    nix.buildMachines = lib.mkIf (config.my.nix.buildMachines != []) 
+      config.my.nix.buildMachines;
+  };
+} 
--- a/modules/users/nixremote.nix
+++ b/modules/users/nixremote.nix
@ -0,0 +1,41 @@
+{ lib, config, ... }:
+{
+  options.my.users.nixremote = {
+    enable = lib.mkEnableOption "nixremote user for distributed builds";
+    
+    authorizedKeys = lib.mkOption {
+      type = lib.types.listOf lib.types.path;
+      default = [
+        ../../secrets/ssh/ed25519_nixworkstation.pub
+        ../../secrets/ssh/ed25519_nixserver.pub
+        ../../secrets/ssh/ed25519_nixminiserver.pub
+      ];
+      description = "List of SSH public key files to authorize for nixremote user";
+    };
+    
+    gid = lib.mkOption {
+      type = lib.types.int;
+      default = 555;
+      description = "Group ID for the nixremote group";
+    };
+    
+    home = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/nixremote/";
+      description = "Home directory for the nixremote user";
+    };
+  };
+
+  config = lib.mkIf config.my.users.nixremote.enable {
+    users = {
+      groups.nixremote.gid = config.my.users.nixremote.gid;
+      users.nixremote = {
+        isNormalUser = true;
+        createHome = true;
+        group = "nixremote";
+        home = config.my.users.nixremote.home;
+        openssh.authorizedKeys.keyFiles = config.my.users.nixremote.authorizedKeys;
+      };
+    };
+  };
+}