specializations and remote stores

hoo boy this increases the eval times

profiles/known-hosts/default.nix

@@ -66,6 +66,8 @@ let
       hostName = fqdn;
       sshUser = thatHost.ssh.listenUser;
     };
+    remoteStore = "${buildMachine.protocol}://${buildMachine.sshUser}@${buildMachine.hostName}";
+
     thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0 && thatHost.ssh ? listenPublicKey;
     thatHostIsBuildee = thatHost.ssh ? userPublicKey && thisHostIsBuilder;
     thatHostIsThis = elem config.networking.fqdn ([ fqdn ] ++ thatHost.aliases);
@@ -81,6 +83,23 @@ let
       nix.settings.builders-use-substitutes = true;
       nix.buildMachines = lib.mkIf (!thatHost.isAlias) [ buildMachine ];
 
+      nix.settings.substituters = lib.mkIf (thatHost.useAsSubstituter && config.currentSpecialisation != "remote-store-${fqdn}") [
+        "${remoteStore}?trusted=true"
+      ];
+
+      specialisation = lib.mkIf (thatHost.remoteStoreSpecialization or false && !thatHost.isAlias) {
+        "remote-store-${fqdn}" = {
+          inheritParentConfig = true;
+          configuration = {
+            currentSpecialisation = lib.mkOverride 0 "remote-store-${fqdn}";
+            # https://docs.lix.systems/manual/lix/stable/command-ref/conf-file.html#conf-store
+            # https://nix.dev/manual/nix/stable/command-ref/conf-file.html#conf-store
+            # https://nix.dev/manual/nix/stable/store/types/
+            nix.settings.store = "${remoteStore}?trusted=true";
+          };
+        };
+      };
+
     })
     # out or jump
     (lib.mkIf (thisHostIsBuildee && thatHost.ssh ? listenPublicKey) {
@@ -130,8 +149,22 @@ in {
 
   imports = lib.forEach hostNames mkRemoteConfig;
 
-  nix.settings.max-jobs =
-    lib.mkIf ((thisHost.buildMachine.maxJobs or 0) > 0)
-    (lib.mkDefault thisHost.buildMachine.maxJobs);
+  # TODO: upstream this as specialisation.currentSpecialization that is `nullOr str`
+  # https://github.com/NixOS/nixpkgs/blob/b6eaf97c6960d97350c584de1b6dcff03c9daf42/nixos/modules/system/activation/specialisation.nix#L77
+  # https://github.com/NixOS/nixpkgs/blob/b6eaf97c6960d97350c584de1b6dcff03c9daf42/nixos/modules/system/activation/no-clone.nix
+  options.currentSpecialisation = lib.mkOption {
+    type = lib.types.nullOr lib.types.str;
+    internal = true;
+    default = null;
+    description = "Which specialization this is, if any.";
+  };
+
+
+
+  config = {
+    nix.settings.max-jobs =
+      lib.mkIf ((thisHost.buildMachine.maxJobs or 0) > 0)
+      (lib.mkDefault thisHost.buildMachine.maxJobs);
+  };
 
 }

profiles/known-hosts/hosts.toml

@@ -16,6 +16,8 @@
 # ssh.connectTimeout
 # ssh.userPrivateKey    # optional IdentityFile to use
 # ssh.userPublicKey     # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub
+# useAsSubstituter
+# remoteStoreSpecialization
 
 
 # buildMachine.supportedFeatures:
@@ -36,6 +38,8 @@ buildMachine.protocol = "ssh" # "ssh-ng"
 ssh.listenUser = "nixbld-remote"
 ssh.listenPort = 22
 ssh.connectTimeout = 3
+useAsSubstituter = false
+remoteStoreSpecialization = false
 
 # in general:
 #   headless:  one job per 4 threads and 8GB RAM
@@ -58,6 +62,7 @@ buildMachine.systems = ["x86_64-linux", "i686-linux", "riscv64-linux"]
 buildMachine.maxJobs = 3 # 12 threads 32GB
 buildMachine.speedFactor = 3 # i7-5820K
 buildMachine.supportedFeatures = ["kvm", "nixos-test"]
+# useAsSubstituter = true
 ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH03MEINNnjBvtmvN2QsCDCLkvF9ow5FQJp9uiyQ1Iwi"
 ssh.proxyJump = "hildring.pvv.ntnu.no"
 # wakeonlan 4c:cc:6a:05:51:01
@@ -76,6 +81,7 @@ ssh.proxyJump = "hildring.pvv.ntnu.no"
 aliases = [ "noximilien.tail9aac63.ts.net" ]
 # buildMachine.maxJobs = 1 # 8 threads 8GB
 buildMachine.speedFactor = 1 # i7-3770S
+# useAsSubstituter = true
 ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4"
 ssh.userPublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien"
 # wakeonlan 18:03:73:1f:f5:5f
@@ -85,6 +91,8 @@ aliases = [ "sopp.tail9aac63.ts.net" ]
 # buildMachine.maxJobs = 2 # 8 threads 32GB
 buildMachine.speedFactor = 2 # i7-4790K
 buildMachine.supportedFeatures = ["kvm", "nixos-test", "cuda"]
+# useAsSubstituter = true
+remoteStoreSpecialization = true
 ssh.listenPort = 26
 ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GCQjn70BtVdQuJyXx38zN2CDj"
 ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp"
@@ -96,6 +104,7 @@ aliases = [ "nord.tail9aac63.ts.net" ]
 # buildMachine.maxJobs = 1 # 4 threads 32GB
 buildMachine.speedFactor = 1 # i5-2500
 buildMachine.supportedFeatures = ["kvm", "nixos-test"]
+# useAsSubstituter = true
 ssh.listenPort = 24
 ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBSdIUtUfAxnVbPDmDDFdP2S3Wd3+CC8IfZAANJ76oh"
 ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6vQllnhqNCE1RqPmTMJ2/29 root@nord"
@@ -104,6 +113,7 @@ ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6v
 ["rocm.pbsds.net"] # gtx 3070 laptop edition
 # buildMachine.maxJobs = 1 # 16 threads 32GB
 buildMachine.speedFactor = 5 # i7-11800H
+# useAsSubstituter = true
 ssh.listenUser = "pbsds"
 ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we"
 ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJCbXQ2q/cCe2wgUT4d0qH6N3Ef7k3WgLCxeqfdk7sDc root@rocm"