diff --git a/modules/remote_builders.nix b/modules/remote_builders.nix index a07ec02..60f8374 100644 --- a/modules/remote_builders.nix +++ b/modules/remote_builders.nix @@ -1,8 +1,8 @@ { - config, - clan-core, - self, lib, + config, + pkgs, + self, ... }: @@ -22,6 +22,8 @@ let others = filterAttrs (n: v: n != config.networking.hostName) self.nixosConfigurations; + max = a: b: if a > b then a else b; + mkBuilder = hostName: attrs: let @@ -40,7 +42,7 @@ let protocol = "ssh-ng"; # default is 1 but may keep the builder idle in between builds maxJobs = 3; - speedFactor = cfg'.speedFactor - (cfg.speedFactor) + 1; + speedFactor = max (cfg'.speedFactor - cfg.speedFactor + 1) 1; supportedFeatures = cfg'.supportedFeatures; mandatoryFeatures = [ ]; }; @@ -48,8 +50,16 @@ let buildMachines = mapAttrsToList mkBuilder others; remotebuildKeys = mapAttrsToList ( - _name: attrs: attrs.config.clan.core.vars.generators.openssh.files."ssh.id_ed25519.pub".value + _name: attrs: attrs.config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519.pub".value ) others; + + mkMatch = host: + '' + Match User remotebuild Host ${host} + IdentityFile ${config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519".path} + ''; + othersName = attrNames others; + sshConfig = concatLines (map mkMatch othersName); in { options.our.buildMachines = { @@ -88,10 +98,20 @@ in users.groups.remotebuild = { }; - programs.ssh.extraConfig = '' - Match User remotebuild - IdentityFile ${config.clan.core.vars.generators.openssh.files."ssh.id_ed25519".path} - ''; + clan.core.vars.generators.remotebuild = { + files."ssh.id_ed25519" = { }; + files."ssh.id_ed25519.pub".secret = false; + runtimeInputs = [ + pkgs.coreutils + pkgs.openssh + ]; + script = '' + ssh-keygen -t ed25519 -N "" -f "$out"/ssh.id_ed25519 + ''; + }; + + programs.ssh.extraConfig = sshConfig; + nix = { buildMachines = buildMachines; # required, otherwise remote buildMachines above aren't used