1 files changed, 108 insertions, 0 deletions
diff --git a/modules/build-client.nix b/modules/build-client.nix
new file mode 100644
index 00000000..763fdb38
--- /dev/null
+++ b/modules/build-client.nix
@@ -0,0 +1,108 @@
+{ flake, config, lib, hostName, ... }:
+with lib;
+let
+  cfg = config.nix.buildServers;
+  secretName = name: "nix-ssh-builder-${name}-private";
+in {
+  options = {
+    nix = {
+      buildServers = mkOption {
+        type = types.attrsOf (types.submodule {
+          options = {
+            address = mkOption {
+              type = types.str;
+            };
+            system = mkOption {
+              type = types.nullOr types.str;
+              default = null;
+              example = "x86_64-linux";
+              description = ''
+                The system type the build machine can execute derivations on.
+                Either this attribute or <varname>systems</varname> must be
+                present, where <varname>system</varname> takes precedence if
+                both are set.
+              '';
+            };
+            systems = mkOption {
+              type = types.listOf types.str;
+              default = [];
+              example = [ "x86_64-linux" "aarch64-linux" ];
+              description = ''
+                The system types the build machine can execute derivations on.
+                Either this attribute or <varname>system</varname> must be
+                present, where <varname>system</varname> takes precedence if
+                both are set.
+              '';
+            };
+            maxJobs = mkOption {
+              type = types.int;
+              default = 1;
+              description = ''
+                The number of concurrent jobs the build machine supports. The
+                build machine will enforce its own limits, but this allows hydra
+                to schedule better since there is no work-stealing between build
+                machines.
+              '';
+            };
+            speedFactor = mkOption {
+              type = types.int;
+              default = 1;
+              description = ''
+                The relative speed of this builder. This is an arbitrary integer
+                that indicates the speed of this builder, relative to other
+                builders. Higher is faster.
+              '';
+            };
+            mandatoryFeatures = mkOption {
+              type = types.listOf types.str;
+              default = [];
+              example = [ "big-parallel" ];
+              description = ''
+                A list of features mandatory for this builder. The builder will
+                be ignored for derivations that don't require all features in
+                this list. All mandatory features are automatically included in
+                <varname>supportedFeatures</varname>.
+              '';
+            };
+            supportedFeatures = mkOption {
+              type = types.listOf types.str;
+              default = [];
+              example = [ "kvm" "big-parallel" ];
+              description = ''
+                A list of features supported by this builder. The builder will
+                be ignored for derivations that require features not in this
+                list.
+              '';
+            };
+          };
+        });
+        default = {};
+      };
+    };
+  };
+  
+  config = mkIf (cfg != {}) {
+    programs.ssh.extraConfig = concatMapStringsSep "\n" ({ name, value }: ''
+      Host ${name}
+        User nix-ssh-builder
+        HostName ${value.address}
+        IdentitiesOnly yes
+        IdentityFile ${config.sops.secrets.${secretName name}.path}
+        ControlMaster auto
+        ControlPath /run/nix-ssh-builder-master-%r@%n:%p
+        ControlPersist 30m
+        Compression yes
+        ForwardAgent no
+        ServerAliveInterval 6
+        ServerAliveCountMax 10
+    '') (mapAttrsToList nameValuePair cfg);
+    sops.secrets = mapAttrs' (name: hCfg: nameValuePair (secretName name) { sopsFile = ../system-profiles/build-server/clients + "/${hostName}/private"; format = "binary"; }) cfg;
+    nix.buildMachines = mapAttrsToList (hostName: hCfg: { inherit hostName; inherit (hCfg) system systems maxJobs speedFactor mandatoryFeatures supportedFeatures; }) cfg;
+  };
+}

diff --git a/modules/build-client.nix b/modules/build-client.nix new file mode 100644 index 00000000..763fdb38 --- /dev/null +++ b/modules/build-client.nix
@@ -0,0 +1,108 @@
	1	{ flake, config, lib, hostName, ... }:
	2
	3	with lib;
	4
	5	let
	6	cfg = config.nix.buildServers;
	7
	8	secretName = name: "nix-ssh-builder-${name}-private";
	9	in {
	10	options = {
	11	nix = {
	12	buildServers = mkOption {
	13	type = types.attrsOf (types.submodule {
	14	options = {
	15	address = mkOption {
	16	type = types.str;
	17	};
	18
	19	system = mkOption {
	20	type = types.nullOr types.str;
	21	default = null;
	22	example = "x86_64-linux";
	23	description = ''
	24	The system type the build machine can execute derivations on.
	25	Either this attribute or <varname>systems</varname> must be
	26	present, where <varname>system</varname> takes precedence if
	27	both are set.
	28	'';
	29	};
	30	systems = mkOption {
	31	type = types.listOf types.str;
	32	default = [];
	33	example = [ "x86_64-linux" "aarch64-linux" ];
	34	description = ''
	35	The system types the build machine can execute derivations on.
	36	Either this attribute or <varname>system</varname> must be
	37	present, where <varname>system</varname> takes precedence if
	38	both are set.
	39	'';
	40	};
	41	maxJobs = mkOption {
	42	type = types.int;
	43	default = 1;
	44	description = ''
	45	The number of concurrent jobs the build machine supports. The
	46	build machine will enforce its own limits, but this allows hydra
	47	to schedule better since there is no work-stealing between build
	48	machines.
	49	'';
	50	};
	51	speedFactor = mkOption {
	52	type = types.int;
	53	default = 1;
	54	description = ''
	55	The relative speed of this builder. This is an arbitrary integer
	56	that indicates the speed of this builder, relative to other
	57	builders. Higher is faster.
	58	'';
	59	};
	60	mandatoryFeatures = mkOption {
	61	type = types.listOf types.str;
	62	default = [];
	63	example = [ "big-parallel" ];
	64	description = ''
	65	A list of features mandatory for this builder. The builder will
	66	be ignored for derivations that don't require all features in
	67	this list. All mandatory features are automatically included in
	68	<varname>supportedFeatures</varname>.
	69	'';
	70	};
	71	supportedFeatures = mkOption {
	72	type = types.listOf types.str;
	73	default = [];
	74	example = [ "kvm" "big-parallel" ];
	75	description = ''
	76	A list of features supported by this builder. The builder will
	77	be ignored for derivations that require features not in this
	78	list.
	79	'';
	80	};
	81	};
	82	});
	83	default = {};
	84	};
	85	};
	86	};
	87
	88	config = mkIf (cfg != {}) {
	89	programs.ssh.extraConfig = concatMapStringsSep "\n" ({ name, value }: ''
	90	Host ${name}
	91	User nix-ssh-builder
	92	HostName ${value.address}
	93	IdentitiesOnly yes
	94	IdentityFile ${config.sops.secrets.${secretName name}.path}
	95	ControlMaster auto
	96	ControlPath /run/nix-ssh-builder-master-%r@%n:%p
	97	ControlPersist 30m
	98	Compression yes
	99	ForwardAgent no
	100	ServerAliveInterval 6
	101	ServerAliveCountMax 10
	102	'') (mapAttrsToList nameValuePair cfg);
	103
	104	sops.secrets = mapAttrs' (name: hCfg: nameValuePair (secretName name) { sopsFile = ../system-profiles/build-server/clients + "/${hostName}/private"; format = "binary"; }) cfg;
	105
	106	nix.buildMachines = mapAttrsToList (hostName: hCfg: { inherit hostName; inherit (hCfg) system systems maxJobs speedFactor mandatoryFeatures supportedFeatures; }) cfg;
	107	};
	108	}