{ config, lib, pkgs, nixpkgs, ... }: { imports = let dir = builtins.readDir ./.; in builtins.map (x: ./${x}) (builtins.filter (file: (dir.${file} == "directory")) (builtins.attrNames dir) ); options.sysconfig = with lib; { host = mkOption { type = with types; nullOr str; default = null; }; graphical = mkOption { type = with types; bool; default = config.hardware.graphics.enable; }; remoteBuildHost = mkOption { type = with types; bool; default = false; }; remoteBuildClient = mkOption { type = with types; bool; default = false; }; }; config = { networking.hostName = lib.mkDefault config.sysconfig.host; nix = { nixPath = [ "nixpkgs=${nixpkgs}" ]; channel.enable = false; settings = { experimental-features = [ "nix-command" "flakes" ]; builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true; trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ]; substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"]; trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"]; trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; }; distributedBuilds = config.sysconfig.remoteBuildClient; buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [ { hostName = "esotericbytes.com"; sshUser = "remote-builder"; sshKey = config.sops.secrets."remoteBuildKey".path; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; systems = [ "x86_64-linux" "aarch64-linux" ]; } ]; }; users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { isNormalUser = true; createHome = false; }; sops.secrets = let dir = builtins.readDir ../machines; in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs (builtins.map (y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; }) (builtins.filter (x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient) (builtins.attrNames dir) ) ) ); sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost { content = builtins.concatStringsSep ''''\n'' (builtins.map (y: config.sops.placeholder.${y}) (builtins.filter (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) (builtins.attrNames config.sops.secrets) ) ); path = "/etc/ssh/authorized_keys.d/remote-builder"; owner = "remote-builder"; }; programs.ssh.extraConfig = '' Host esotericbytes.com HostName esotericbytes.com Port 2222 ''; sops = { age.keyFile = "/var/lib/sops/age/keys.txt"; defaultSopsFormat = "yaml"; }; time.timeZone = lib.mkDefault "America/Chicago"; i18n = lib.mkDefault { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; }; }; }