diff --git a/flake.nix b/flake.nix index 60daf8e..52b7c2e 100644 --- a/flake.nix +++ b/flake.nix @@ -28,7 +28,7 @@ flake-registry = ""; http-connections = 50; show-trace = true; - trusted-users = [ "root" "@wheel" "@admin" ]; + trusted-users = [ "root" "@build" "@wheel" "@admin" ]; use-cgroups = true; warn-dirty = false; }; diff --git a/hosts/best/default.nix b/hosts/best/default.nix index d0dd9de..5997359 100644 --- a/hosts/best/default.nix +++ b/hosts/best/default.nix @@ -27,6 +27,14 @@ in { hashedPasswordFile = config.secrets.thePassword.path; isNormalUser = true; }; + + build = { + description = "Build"; + openssh.authorizedKeys.keys = keys.all; + hashedPasswordFile = config.secrets.thePassword.path; + isNormalUser = true; + extraGroups = [ "build" ]; + }; }; home-manager.users = { diff --git a/hosts/cube/postgresql.nix b/hosts/cube/postgresql.nix index 5c9fa6b..9007280 100644 --- a/hosts/cube/postgresql.nix +++ b/hosts/cube/postgresql.nix @@ -1,10 +1,6 @@ { config, lib, pkgs, ... }: let inherit (lib) const enabled flip genAttrs mkForce mkOverride mkValue; in { - config.environment.systemPackages = [ - config.services.postgresql.package - ]; - config.services.prometheus.exporters.postgres = enabled { listenAddress = "[::]"; runAsLocalSuperUser = true; @@ -26,6 +22,10 @@ in { options.services.postgresql.ensure = mkValue []; + config.environment.systemPackages = [ + config.services.postgresql.package + ]; + config.services.postgresql = enabled { package = pkgs.postgresql_14; diff --git a/modules/common/nix.nix b/modules/common/nix.nix index 56e8c3c..997e804 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -1,5 +1,5 @@ { self, config, inputs, lib, pkgs, ... }: let - inherit (lib) concatStringsSep const disabled filterAttrs flip id isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs; + inherit (lib) attrsToList concatStringsSep const disabled filter filterAttrs flip id isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs; inherit (lib.strings) toJSON; registryMap = inputs @@ -9,18 +9,23 @@ in { # that happens rebuilds are slow thanks to my garbage WiFi. environment.etc.".system-inputs.json".text = toJSON registryMap; - nix.nixPath = registryMap - |> mapAttrsToList (name: value: "${name}=${value}") - |> (if config.isDarwin then concatStringsSep ":" else id); - - nix.registry = registryMap // { default = inputs.nixpkgs; } - |> mapAttrs (_: flake: { inherit flake; }); + nix.distributedBuilds = true; + nix.buildMachines = self.nixosConfigurations + |> attrsToList + |> filter ({ name, value }: + name != config.networking.hostName && + value.config.users.users ? build) + |> map ({ name, value }: { + hostName = name; + maxJobs = 20; + protocol = "ssh-ng"; + sshUser = "build"; + supportedFeatures = [ "kvm" "big-parallel" ]; + system = value.config.nixpkgs.hostPlatform.system; + }); nix.channel = disabled; - nix.settings = (import <| self + /flake.nix).nixConfig - |> flip removeAttrs (if config.isDarwin then [ "use-cgroups" ] else []); - nix.gc = merge { automatic = true; options = "--delete-older-than 3d"; @@ -29,6 +34,16 @@ in { persistent = true; }; + nix.nixPath = registryMap + |> mapAttrsToList (name: value: "${name}=${value}") + |> (if config.isDarwin then concatStringsSep ":" else id); + + nix.registry = registryMap // { default = inputs.nixpkgs; } + |> mapAttrs (_: flake: { inherit flake; }); + + nix.settings = (import <| self + /flake.nix).nixConfig + |> flip removeAttrs (if config.isDarwin then [ "use-cgroups" ] else []); + nix.optimise.automatic = true; environment.systemPackages = [