From a4502806bf966d427af33094eb6950a145241009 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Fri, 6 Dec 2024 12:28:30 +0100
Subject: muhammed: Add ahmed as remote x86_64-linux builder

---
 hosts/muhammed/remote-builders/ahmed-builder.nix | 48 ++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 hosts/muhammed/remote-builders/ahmed-builder.nix

(limited to 'hosts/muhammed/remote-builders/ahmed-builder.nix')

diff --git a/hosts/muhammed/remote-builders/ahmed-builder.nix b/hosts/muhammed/remote-builders/ahmed-builder.nix
new file mode 100644
index 0000000..7b9bd99
--- /dev/null
+++ b/hosts/muhammed/remote-builders/ahmed-builder.nix
@@ -0,0 +1,48 @@
+# This file registers ahmed as a remote x86_64-linux builder.
+#
+# You can test that the remote builder is working with this command:
+#
+#   nix build \
+#   --max-jobs 0 \
+#   --rebuild \
+#   --expr 'derivation { name = "hello"; system = "x86_64-linux"; builder = "/bin/sh"; args = [ "-c" "echo hello >$out" ]; }'
+#
+# See: https://nixos.wiki/wiki/Distributed_build
+# See: hosts/ahmed/remote-builder/default.nix
+# FIXME: How to trust key ahead of time?
+{metadata, ...}: let
+  inherit (metadata.hosts.ahmed) ipAddress;
+in {
+  nix.buildMachines = [
+    {
+      protocol = "ssh-ng";
+      hostName = "ahmed-builder";
+
+      system = "x86_64-linux";
+      maxJobs = 1;
+      speedFactor = 1;
+      supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+      mandatoryFeatures = [];
+    }
+  ];
+
+  environment.etc."ssh/ssh_config.d/100-ahmed-builder.conf".text = ''
+    Host ahmed-builder
+      User remotebuilder
+      Hostname ${ipAddress}
+      HostKeyAlias ahmed-builder
+      # This matches `users.users.<builder>.authorizedKeys` on the server-side.
+      # HACK: We should use a purpose-specific key.
+      IdentityFile /Users/linus/.ssh/id_rsa
+  '';
+
+  # We have to trust ahmeds public key or the Nix daemon will fail to connect.
+  programs.ssh.knownHosts = {
+    ahmed-builder = {
+      hostNames = ["ahmed-builder"];
+      # This is the public key of remotebuilder on the remote machine.
+      # It was obtained by manually connecting to remotebuilder@${ipAddress} and trusting the key.
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodiSwTcZcaZxqLyHjI2MGe1CpIBvIzzbjpXrwAyiYO";
+    };
+  };
+}
-- 
cgit v1.2.3