feat: add best as a distribured builder

2025-07-28 10:37:44 +00:00 · 2025-02-25 22:33:25 +03:00 · 2025-02-25 22:33:25 +03:00 · 20ce1c9ff5
commit 20ce1c9ff5
parent a7c9b60944
4 changed files with 38 additions and 15 deletions
--- a/flake.nix
+++ b/flake.nix
@ -28,7 +28,7 @@
    flake-registry           = "";
    http-connections         = 50;
    show-trace               = true;
-    trusted-users            = [ "root" "@wheel" "@admin" ];
+    trusted-users            = [ "root" "@build" "@wheel" "@admin" ];
    use-cgroups              = true;
    warn-dirty               = false;
  };
--- a/hosts/best/default.nix
+++ b/hosts/best/default.nix
@ -27,6 +27,14 @@ in {
      hashedPasswordFile          = config.secrets.thePassword.path;
      isNormalUser                = true;
    };
+
+    build = {
+      description                 = "Build";
+      openssh.authorizedKeys.keys = keys.all;
+      hashedPasswordFile          = config.secrets.thePassword.path;
+      isNormalUser                = true;
+      extraGroups                 = [ "build" ];
+    };
  };

  home-manager.users = {
--- a/hosts/cube/postgresql.nix
+++ b/hosts/cube/postgresql.nix
@ -1,10 +1,6 @@
 { config, lib, pkgs, ... }: let
  inherit (lib) const enabled flip genAttrs mkForce mkOverride mkValue;
 in {
-  config.environment.systemPackages = [
-    config.services.postgresql.package
-  ];
-
  config.services.prometheus.exporters.postgres = enabled {
    listenAddress       = "[::]";
    runAsLocalSuperUser = true;
@ -26,6 +22,10 @@ in {

  options.services.postgresql.ensure = mkValue [];

+  config.environment.systemPackages = [
+    config.services.postgresql.package
+  ];
+
  config.services.postgresql = enabled {
    package = pkgs.postgresql_14;

--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@ -1,5 +1,5 @@
 { self, config, inputs, lib, pkgs, ... }: let
-  inherit (lib) concatStringsSep const disabled filterAttrs flip id isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs;
+  inherit (lib) attrsToList concatStringsSep const disabled filter filterAttrs flip id isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs;
  inherit (lib.strings) toJSON;

  registryMap = inputs
@ -9,18 +9,23 @@ in {
  # that happens rebuilds are slow thanks to my garbage WiFi.
  environment.etc.".system-inputs.json".text = toJSON registryMap;

-  nix.nixPath = registryMap
-      |> mapAttrsToList (name: value: "${name}=${value}")
-      |> (if config.isDarwin then concatStringsSep ":" else id);
-
-  nix.registry = registryMap // { default = inputs.nixpkgs; }
-    |> mapAttrs (_: flake: { inherit flake; });
+  nix.distributedBuilds = true;
+  nix.buildMachines     = self.nixosConfigurations
+    |> attrsToList
+    |> filter ({ name, value }:
+      name != config.networking.hostName &&
+      value.config.users.users ? build)
+    |> map ({ name, value }: {
+      hostName          = name;
+      maxJobs           = 20;
+      protocol          = "ssh-ng";
+      sshUser           = "build";
+      supportedFeatures = [ "kvm" "big-parallel" ];
+      system            = value.config.nixpkgs.hostPlatform.system;
+    });

  nix.channel = disabled;

-  nix.settings = (import <| self + /flake.nix).nixConfig
-    |> flip removeAttrs (if config.isDarwin then [ "use-cgroups" ] else []);
-
  nix.gc = merge {
    automatic  = true;
    options    = "--delete-older-than 3d";
@ -29,6 +34,16 @@ in {
    persistent = true;
  };

+  nix.nixPath = registryMap
+      |> mapAttrsToList (name: value: "${name}=${value}")
+      |> (if config.isDarwin then concatStringsSep ":" else id);
+
+  nix.registry = registryMap // { default = inputs.nixpkgs; }
+    |> mapAttrs (_: flake: { inherit flake; });
+
+  nix.settings = (import <| self + /flake.nix).nixConfig
+    |> flip removeAttrs (if config.isDarwin then [ "use-cgroups" ] else []);
+
  nix.optimise.automatic = true;

  environment.systemPackages = [