diff --git a/profiles/known-hosts/default.nix b/profiles/known-hosts/default.nix
index a6a89fc..4971d21 100644
--- a/profiles/known-hosts/default.nix
+++ b/profiles/known-hosts/default.nix
@@ -66,6 +66,8 @@ let
hostName = fqdn;
sshUser = thatHost.ssh.listenUser;
};
+ remoteStore = "${buildMachine.protocol}://${buildMachine.sshUser}@${buildMachine.hostName}";
+
thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0 && thatHost.ssh ? listenPublicKey;
thatHostIsBuildee = thatHost.ssh ? userPublicKey && thisHostIsBuilder;
thatHostIsThis = elem config.networking.fqdn ([ fqdn ] ++ thatHost.aliases);
@@ -81,6 +83,23 @@ let
nix.settings.builders-use-substitutes = true;
nix.buildMachines = lib.mkIf (!thatHost.isAlias) [ buildMachine ];
+ nix.settings.substituters = lib.mkIf (thatHost.useAsSubstituter && config.currentSpecialisation != "remote-store-${fqdn}") [
+ "${remoteStore}?trusted=true"
+ ];
+
+ specialisation = lib.mkIf (thatHost.remoteStoreSpecialization or false && !thatHost.isAlias) {
+ "remote-store-${fqdn}" = {
+ inheritParentConfig = true;
+ configuration = {
+ currentSpecialisation = lib.mkOverride 0 "remote-store-${fqdn}";
+ # https://docs.lix.systems/manual/lix/stable/command-ref/conf-file.html#conf-store
+ # https://nix.dev/manual/nix/stable/command-ref/conf-file.html#conf-store
+ # https://nix.dev/manual/nix/stable/store/types/
+ nix.settings.store = "${remoteStore}?trusted=true";
+ };
+ };
+ };
+
})
# out or jump
(lib.mkIf (thisHostIsBuildee && thatHost.ssh ? listenPublicKey) {
@@ -130,8 +149,22 @@ in {
imports = lib.forEach hostNames mkRemoteConfig;
- nix.settings.max-jobs =
- lib.mkIf ((thisHost.buildMachine.maxJobs or 0) > 0)
- (lib.mkDefault thisHost.buildMachine.maxJobs);
+ # TODO: upstream this as specialisation.currentSpecialization that is `nullOr str`
+ # https://github.com/NixOS/nixpkgs/blob/b6eaf97c6960d97350c584de1b6dcff03c9daf42/nixos/modules/system/activation/specialisation.nix#L77
+ # https://github.com/NixOS/nixpkgs/blob/b6eaf97c6960d97350c584de1b6dcff03c9daf42/nixos/modules/system/activation/no-clone.nix
+ options.currentSpecialisation = lib.mkOption {
+ type = lib.types.nullOr lib.types.str;
+ internal = true;
+ default = null;
+ description = "Which specialization this is, if any.";
+ };
+
+
+
+ config = {
+ nix.settings.max-jobs =
+ lib.mkIf ((thisHost.buildMachine.maxJobs or 0) > 0)
+ (lib.mkDefault thisHost.buildMachine.maxJobs);
+ };
}
diff --git a/profiles/known-hosts/hosts.toml b/profiles/known-hosts/hosts.toml
index 1b1dcb0..4b1e5da 100644
--- a/profiles/known-hosts/hosts.toml
+++ b/profiles/known-hosts/hosts.toml
@@ -16,6 +16,8 @@
# ssh.connectTimeout
# ssh.userPrivateKey # optional IdentityFile to use
# ssh.userPublicKey # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub
+# useAsSubstituter
+# remoteStoreSpecialization
# buildMachine.supportedFeatures:
@@ -36,6 +38,8 @@ buildMachine.protocol = "ssh" # "ssh-ng"
ssh.listenUser = "nixbld-remote"
ssh.listenPort = 22
ssh.connectTimeout = 3
+useAsSubstituter = false
+remoteStoreSpecialization = false
# in general:
# headless: one job per 4 threads and 8GB RAM
@@ -58,6 +62,7 @@ buildMachine.systems = ["x86_64-linux", "i686-linux", "riscv64-linux"]
buildMachine.maxJobs = 3 # 12 threads 32GB
buildMachine.speedFactor = 3 # i7-5820K
buildMachine.supportedFeatures = ["kvm", "nixos-test"]
+# useAsSubstituter = true
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH03MEINNnjBvtmvN2QsCDCLkvF9ow5FQJp9uiyQ1Iwi"
ssh.proxyJump = "hildring.pvv.ntnu.no"
# wakeonlan 4c:cc:6a:05:51:01
@@ -76,6 +81,7 @@ ssh.proxyJump = "hildring.pvv.ntnu.no"
aliases = [ "noximilien.tail9aac63.ts.net" ]
# buildMachine.maxJobs = 1 # 8 threads 8GB
buildMachine.speedFactor = 1 # i7-3770S
+# useAsSubstituter = true
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4"
ssh.userPublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien"
# wakeonlan 18:03:73:1f:f5:5f
@@ -85,6 +91,8 @@ aliases = [ "sopp.tail9aac63.ts.net" ]
# buildMachine.maxJobs = 2 # 8 threads 32GB
buildMachine.speedFactor = 2 # i7-4790K
buildMachine.supportedFeatures = ["kvm", "nixos-test", "cuda"]
+# useAsSubstituter = true
+remoteStoreSpecialization = true
ssh.listenPort = 26
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GCQjn70BtVdQuJyXx38zN2CDj"
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp"
@@ -96,6 +104,7 @@ aliases = [ "nord.tail9aac63.ts.net" ]
# buildMachine.maxJobs = 1 # 4 threads 32GB
buildMachine.speedFactor = 1 # i5-2500
buildMachine.supportedFeatures = ["kvm", "nixos-test"]
+# useAsSubstituter = true
ssh.listenPort = 24
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBSdIUtUfAxnVbPDmDDFdP2S3Wd3+CC8IfZAANJ76oh"
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6vQllnhqNCE1RqPmTMJ2/29 root@nord"
@@ -104,6 +113,7 @@ ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6v
["rocm.pbsds.net"] # gtx 3070 laptop edition
# buildMachine.maxJobs = 1 # 16 threads 32GB
buildMachine.speedFactor = 5 # i7-11800H
+# useAsSubstituter = true
ssh.listenUser = "pbsds"
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we"
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJCbXQ2q/cCe2wgUT4d0qH6N3Ef7k3WgLCxeqfdk7sDc root@rocm"