48 lines
1.3 KiB
Nix
48 lines
1.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
sys = callPackage ../system.nix {};
|
|
|
|
site-cfg = config.fudo.sites.${sys.local-site};
|
|
|
|
has-build-servers = (length (attrNames site-cfg.build-servers)) > 0;
|
|
|
|
build-keypair = config.fudo.secrets.host-secrets.${hostname}.build-keypair;
|
|
|
|
enable-distributed-builds =
|
|
site-cfg.enable-distributed-builds && has-build-servers && build-keypair != null;
|
|
|
|
local-build-cfg =
|
|
mkIf (hasKey site-cfg.build-servers hostname)
|
|
site-cfg.build-servers.hostname;
|
|
|
|
in {
|
|
config = {
|
|
nix = mkIf enable-distributed-builds {
|
|
buildMachines = mapAttrsToList (hostname: buildOpts: {
|
|
hostName = "${hostname}.${domain-name}";
|
|
maxJobs = buildOpts.max-jobs;
|
|
speedFactor = buildOpts.speed-factor;
|
|
supportedFeatures = buildOpts.supportedFeatures;
|
|
sshKey = build-keypair.private-key;
|
|
sshUser = buildOpts.user;
|
|
}) site-cfg.build-servers;
|
|
distributedBuilds = true;
|
|
|
|
trustedUsers = mkIf (local-build-cfg != null) [
|
|
local-build-host.build-user
|
|
];
|
|
};
|
|
|
|
users.users = mkIf (local-build-cfg != null) {
|
|
${local-build-cfg.build-user} = {
|
|
isSystemUser = true;
|
|
openssh.authorizedKeys.keyFiles =
|
|
foldr (a: b: a ++ b) []
|
|
mapAttrsToList (host: hostOpts: hostOpts.build-pubkeys) sys.local-hosts;
|
|
};
|
|
};
|
|
};
|
|
}
|