summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/build-client.nix108
1 files changed, 108 insertions, 0 deletions
diff --git a/modules/build-client.nix b/modules/build-client.nix
new file mode 100644
index 00000000..763fdb38
--- /dev/null
+++ b/modules/build-client.nix
@@ -0,0 +1,108 @@
1{ flake, config, lib, hostName, ... }:
2
3with lib;
4
5let
6 cfg = config.nix.buildServers;
7
8 secretName = name: "nix-ssh-builder-${name}-private";
9in {
10 options = {
11 nix = {
12 buildServers = mkOption {
13 type = types.attrsOf (types.submodule {
14 options = {
15 address = mkOption {
16 type = types.str;
17 };
18
19 system = mkOption {
20 type = types.nullOr types.str;
21 default = null;
22 example = "x86_64-linux";
23 description = ''
24 The system type the build machine can execute derivations on.
25 Either this attribute or <varname>systems</varname> must be
26 present, where <varname>system</varname> takes precedence if
27 both are set.
28 '';
29 };
30 systems = mkOption {
31 type = types.listOf types.str;
32 default = [];
33 example = [ "x86_64-linux" "aarch64-linux" ];
34 description = ''
35 The system types the build machine can execute derivations on.
36 Either this attribute or <varname>system</varname> must be
37 present, where <varname>system</varname> takes precedence if
38 both are set.
39 '';
40 };
41 maxJobs = mkOption {
42 type = types.int;
43 default = 1;
44 description = ''
45 The number of concurrent jobs the build machine supports. The
46 build machine will enforce its own limits, but this allows hydra
47 to schedule better since there is no work-stealing between build
48 machines.
49 '';
50 };
51 speedFactor = mkOption {
52 type = types.int;
53 default = 1;
54 description = ''
55 The relative speed of this builder. This is an arbitrary integer
56 that indicates the speed of this builder, relative to other
57 builders. Higher is faster.
58 '';
59 };
60 mandatoryFeatures = mkOption {
61 type = types.listOf types.str;
62 default = [];
63 example = [ "big-parallel" ];
64 description = ''
65 A list of features mandatory for this builder. The builder will
66 be ignored for derivations that don't require all features in
67 this list. All mandatory features are automatically included in
68 <varname>supportedFeatures</varname>.
69 '';
70 };
71 supportedFeatures = mkOption {
72 type = types.listOf types.str;
73 default = [];
74 example = [ "kvm" "big-parallel" ];
75 description = ''
76 A list of features supported by this builder. The builder will
77 be ignored for derivations that require features not in this
78 list.
79 '';
80 };
81 };
82 });
83 default = {};
84 };
85 };
86 };
87
88 config = mkIf (cfg != {}) {
89 programs.ssh.extraConfig = concatMapStringsSep "\n" ({ name, value }: ''
90 Host ${name}
91 User nix-ssh-builder
92 HostName ${value.address}
93 IdentitiesOnly yes
94 IdentityFile ${config.sops.secrets.${secretName name}.path}
95 ControlMaster auto
96 ControlPath /run/nix-ssh-builder-master-%r@%n:%p
97 ControlPersist 30m
98 Compression yes
99 ForwardAgent no
100 ServerAliveInterval 6
101 ServerAliveCountMax 10
102 '') (mapAttrsToList nameValuePair cfg);
103
104 sops.secrets = mapAttrs' (name: hCfg: nameValuePair (secretName name) { sopsFile = ../system-profiles/build-server/clients + "/${hostName}/private"; format = "binary"; }) cfg;
105
106 nix.buildMachines = mapAttrsToList (hostName: hCfg: { inherit hostName; inherit (hCfg) system systems maxJobs speedFactor mandatoryFeatures supportedFeatures; }) cfg;
107 };
108}