test remote builds

2025-08-23 09:49:02 -05:00
parent 0fdfa33016
commit a62a69c7ce
8 changed files with 121 additions and 32 deletions
--- a/system-config/default.nix
+++ b/system-config/default.nix
@@ -28,7 +28,33 @@

    config = {

-        sops.secrets."remoteBuildSSHKey" = lib.mkIf config.sysconfig.remoteBuildClient {};
+        sops.secrets = (if config.sysconfig.remoteBuildHost then (
+            builtins.listToAttrs 
+                    (builtins.map 
+                        (y: { 
+                            name = "remoteBuildClientKeys/${y}"; 
+                            value = {
+                                format = "yaml";
+                                sopsFile = ./secrets.yaml;
+                            }; 
+                        }) 
+                        (builtins.partition 
+                            (z:  let 
+                                cfg = if 
+                                    ((builtins.readDir ./configuration).${z} == "directory") 
+                                    then (import ./configuration/${z}).config
+                                    else null;
+                                test = if cfg == null then false
+                                    else if !(cfg ? sysconfig) then false
+                                    else if !(cfg.sysconfig ? remoteBuildClient) then false
+                                    else cfg.sysconfig.remoteBuildClient;
+                            in test)
+                            (builtins.readDir ./configuration)
+                        ).right
+                    )
+        ) else {}) // { 
+            "remoteBuildKey" = lib.mkIf config.sysconfig.remoteBuildClient {}; 
+        };
    
        networking.hostName = lib.mkDefault config.sysconfig.host;

@@ -39,7 +65,7 @@
            channel.enable = false;
            settings = {
                experimental-features = [ "nix-command" "flakes" ];
-                trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
+                builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
            };

            distributedBuilds = config.sysconfig.remoteBuildClient;
@@ -47,7 +73,7 @@
                {
                    hostName = "blunkall.us";
                    sshUser = "remote-builder";
-                    sshKey = config.sops.secrets."remoteBuildSSHKey".path;
+                    sshKey = config.sops.secrets."remoteBuildKey".path;
                    supportedFeatures = [
                        "nixos-test"
                        "benchmark"
@@ -59,16 +85,6 @@
            ];
        };

-        boot.binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
-
-        users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
-            isNormalUser = true;
-            createHome = false;
-            openssh.authorizedKeys.keys = [
-                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7wpZD7mpHHpfHBSBV28x3ify+dtoLRDXO91mJ/WhUj root@laptop"
-            ];
-        };
-        
        time.timeZone = lib.mkDefault "America/Chicago";

        i18n = lib.mkDefault {