muhammed: Add ahmed as remote x86_64-linux builder

3 files changed, 102 insertions, 0 deletions

diff --git a/hosts/muhammed/remote-builders/ahmed-builder.nix b/hosts/muhammed/remote-builders/ahmed-builder.nix
new file mode 100644
index 0000000..7b9bd99
--- /dev/null
+++ b/hosts/muhammed/remote-builders/ahmed-builder.nix
@@ -0,0 +1,48 @@
+# This file registers ahmed as a remote x86_64-linux builder.
+#
+# You can test that the remote builder is working with this command:
+#
+#   nix build \
+#   --max-jobs 0 \
+#   --rebuild \
+#   --expr 'derivation { name = "hello"; system = "x86_64-linux"; builder = "/bin/sh"; args = [ "-c" "echo hello >$out" ]; }'
+#
+# See: https://nixos.wiki/wiki/Distributed_build
+# See: hosts/ahmed/remote-builder/default.nix
+# FIXME: How to trust key ahead of time?
+{metadata, ...}: let
+  inherit (metadata.hosts.ahmed) ipAddress;
+in {
+  nix.buildMachines = [
+    {
+      protocol = "ssh-ng";
+      hostName = "ahmed-builder";
+
+      system = "x86_64-linux";
+      maxJobs = 1;
+      speedFactor = 1;
+      supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+      mandatoryFeatures = [];
+    }
+  ];
+
+  environment.etc."ssh/ssh_config.d/100-ahmed-builder.conf".text = ''
+    Host ahmed-builder
+      User remotebuilder
+      Hostname ${ipAddress}
+      HostKeyAlias ahmed-builder
+      # This matches `users.users.<builder>.authorizedKeys` on the server-side.
+      # HACK: We should use a purpose-specific key.
+      IdentityFile /Users/linus/.ssh/id_rsa
+  '';
+
+  # We have to trust ahmeds public key or the Nix daemon will fail to connect.
+  programs.ssh.knownHosts = {
+    ahmed-builder = {
+      hostNames = ["ahmed-builder"];
+      # This is the public key of remotebuilder on the remote machine.
+      # It was obtained by manually connecting to remotebuilder@${ipAddress} and trusting the key.
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodiSwTcZcaZxqLyHjI2MGe1CpIBvIzzbjpXrwAyiYO";
+    };
+  };
+}
diff --git a/hosts/muhammed/remote-builders/default.nix b/hosts/muhammed/remote-builders/default.nix
new file mode 100644
index 0000000..50bda96
--- /dev/null
+++ b/hosts/muhammed/remote-builders/default.nix
@@ -0,0 +1,18 @@
+# Manages remote Nix builders. These are useful for building faster and for
+# other architectures.
+{...}: {
+  imports = [
+    ./local-linux-builder.nix
+    ./ahmed-builder.nix
+  ];
+
+  # Enable using remote builders.
+  nix.distributedBuilds = true;
+
+  # Optional, useful when the builder has a faster internet connection than
+  # yours. This may be the case since this host is a laptop and one of the
+  # remote builders isn't.
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+  '';
+}
diff --git a/hosts/muhammed/remote-builders/local-linux-builder.nix b/hosts/muhammed/remote-builders/local-linux-builder.nix
new file mode 100644
index 0000000..dba2297
--- /dev/null
+++ b/hosts/muhammed/remote-builders/local-linux-builder.nix
@@ -0,0 +1,36 @@
+# Create a local Linux builder. This will allow us to build aarch64-linux
+# targets directly on this machine.
+{...}: {
+  # XXX: Why is this necessary?
+  nix.settings.trusted-users = ["linus"];
+
+  nix.linux-builder = {
+    enable = true;
+
+    # Clearing the VM state upon startup should improve reliability at the cost
+    # of some startup speed. Will have to re-evaluate if this trade off is
+    # worth it at some point.
+    ephemeral = true;
+
+    config = {pkgs, ...}: {
+      environment.systemPackages = with pkgs; [
+        # cntr is used to jump into the sandbox of packages that use breakpointHook.
+        pkgs.cntr
+
+        # Nix is used to debug and fetch other tools as needed.
+        pkgs.nix
+      ];
+
+      # Allow root login. This would normally be horrible but it's a local VM so who cares.
+      users.users.root.hashedPassword = "$y$j9T$TosKLKCZ.g9be.Wz5/qVJ.$YWvn4nAp8tn.xhHGBMOz748PHma6QGhN/WShilEbz8A";
+      services.openssh.permitRootLogin = "yes";
+    };
+  };
+
+  # Add system-features to the nix daemon that are needed for NixOS tests
+  # Starting with Nix 2.19, this will be automatic
+  nix.settings.system-features = [
+    "nixos-test"
+    "apple-virt"
+  ];
+}