feat: add best as a distribured builder

flake.nix

@@ -28,7 +28,7 @@
     flake-registry           = "";
     http-connections         = 50;
     show-trace               = true;
-    trusted-users            = [ "root" "@wheel" "@admin" ];
+    trusted-users            = [ "root" "@build" "@wheel" "@admin" ];
     use-cgroups              = true;
     warn-dirty               = false;
   };

hosts/best/default.nix

@@ -27,6 +27,14 @@ in {
       hashedPasswordFile          = config.secrets.thePassword.path;
       isNormalUser                = true;
     };
+
+    build = {
+      description                 = "Build";
+      openssh.authorizedKeys.keys = keys.all;
+      hashedPasswordFile          = config.secrets.thePassword.path;
+      isNormalUser                = true;
+      extraGroups                 = [ "build" ];
+    };
   };
 
   home-manager.users = {

hosts/cube/postgresql.nix

@@ -1,10 +1,6 @@
 { config, lib, pkgs, ... }: let
   inherit (lib) const enabled flip genAttrs mkForce mkOverride mkValue;
 in {
-  config.environment.systemPackages = [
-    config.services.postgresql.package
-  ];
-
   config.services.prometheus.exporters.postgres = enabled {
     listenAddress       = "[::]";
     runAsLocalSuperUser = true;
@@ -26,6 +22,10 @@ in {
 
   options.services.postgresql.ensure = mkValue [];
 
+  config.environment.systemPackages = [
+    config.services.postgresql.package
+  ];
+
   config.services.postgresql = enabled {
     package = pkgs.postgresql_14;
 

modules/common/nix.nix

@@ -1,5 +1,5 @@
 { self, config, inputs, lib, pkgs, ... }: let
-  inherit (lib) concatStringsSep const disabled filterAttrs flip id isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs;
+  inherit (lib) attrsToList concatStringsSep const disabled filter filterAttrs flip id isType mapAttrs mapAttrsToList merge mkAfter optionalAttrs;
   inherit (lib.strings) toJSON;
 
   registryMap = inputs
@@ -9,18 +9,23 @@ in {
   # that happens rebuilds are slow thanks to my garbage WiFi.
   environment.etc.".system-inputs.json".text = toJSON registryMap;
 
-  nix.nixPath = registryMap
+  nix.distributedBuilds = true;
-      |> mapAttrsToList (name: value: "${name}=${value}")
+  nix.buildMachines     = self.nixosConfigurations
-      |> (if config.isDarwin then concatStringsSep ":" else id);
+    |> attrsToList
-
+    |> filter ({ name, value }:
-  nix.registry = registryMap // { default = inputs.nixpkgs; }
+      name != config.networking.hostName &&
-    |> mapAttrs (_: flake: { inherit flake; });
+      value.config.users.users ? build)
+    |> map ({ name, value }: {
+      hostName          = name;
+      maxJobs           = 20;
+      protocol          = "ssh-ng";
+      sshUser           = "build";
+      supportedFeatures = [ "kvm" "big-parallel" ];
+      system            = value.config.nixpkgs.hostPlatform.system;
+    });
 
   nix.channel = disabled;
 
-  nix.settings = (import <| self + /flake.nix).nixConfig
-    |> flip removeAttrs (if config.isDarwin then [ "use-cgroups" ] else []);
-
   nix.gc = merge {
     automatic  = true;
     options    = "--delete-older-than 3d";
@@ -29,6 +34,16 @@ in {
     persistent = true;
   };
 
+  nix.nixPath = registryMap
+      |> mapAttrsToList (name: value: "${name}=${value}")
+      |> (if config.isDarwin then concatStringsSep ":" else id);
+
+  nix.registry = registryMap // { default = inputs.nixpkgs; }
+    |> mapAttrs (_: flake: { inherit flake; });
+
+  nix.settings = (import <| self + /flake.nix).nixConfig
+    |> flip removeAttrs (if config.isDarwin then [ "use-cgroups" ] else []);
+
   nix.optimise.automatic = true;
 
   environment.systemPackages = [