49 lines
1.4 KiB
Nix
49 lines
1.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
hostname = config.instance.hostname;
|
|
|
|
site-cfg = config.fudo.sites.${config.instance.local-site};
|
|
|
|
has-build-servers = (length (attrNames site-cfg.build-servers)) > 0;
|
|
|
|
build-keypair = config.fudo.secrets.host-secrets.${hostname}.build-keypair;
|
|
|
|
enable-distributed-builds =
|
|
site-cfg.enable-distributed-builds && has-build-servers && build-keypair != null;
|
|
|
|
local-build-cfg = if (hasAttr hostname site-cfg.build-servers) then
|
|
site-cfg.build-servers.${hostname}
|
|
else null;
|
|
|
|
in {
|
|
config = {
|
|
nix = mkIf enable-distributed-builds {
|
|
buildMachines = mapAttrsToList (hostname: buildOpts: {
|
|
hostName = "${hostname}.${domain-name}";
|
|
maxJobs = buildOpts.max-jobs;
|
|
speedFactor = buildOpts.speed-factor;
|
|
supportedFeatures = buildOpts.supportedFeatures;
|
|
sshKey = build-keypair.private-key;
|
|
sshUser = buildOpts.user;
|
|
}) site-cfg.build-servers;
|
|
distributedBuilds = true;
|
|
|
|
trustedUsers = mkIf (local-build-cfg != null) [
|
|
local-build-host.build-user
|
|
];
|
|
};
|
|
|
|
users.users = mkIf (local-build-cfg != null) {
|
|
${local-build-cfg.build-user} = {
|
|
isSystemUser = true;
|
|
openssh.authorizedKeys.keyFiles =
|
|
concatLists
|
|
(mapAttrsToList (host: hostOpts: hostOpts.build-pubkeys)
|
|
config.instance.local-hosts);
|
|
};
|
|
};
|
|
};
|
|
}
|