From 9166792bb3959d9c0ddb4c1b1021a190bce730b1 Mon Sep 17 00:00:00 2001
From: Peder Bergebakken Sundt <pbsds@hotmail.com>
Date: Sat, 4 Mar 2023 01:33:23 +0100
Subject: [PATCH] remotes

---
 hosts/bolle/default.nix              |   1 +
 hosts/noximilien/default.nix         |   1 +
 profiles/remote-builders/default.nix | 101 +++++++++++++++------------
 3 files changed, 59 insertions(+), 44 deletions(-)

diff --git a/hosts/bolle/default.nix b/hosts/bolle/default.nix
index ab93166..57ddf56 100644
--- a/hosts/bolle/default.nix
+++ b/hosts/bolle/default.nix
@@ -31,6 +31,7 @@
   ];
 
   # run/build weird binaries
+  # TODO: somehow make sure this is in sync with remote-builders
   boot.binfmt.emulatedSystems = [
     "wasm32-wasi"
     "wasm64-wasi"
diff --git a/hosts/noximilien/default.nix b/hosts/noximilien/default.nix
index 3288659..22755bd 100644
--- a/hosts/noximilien/default.nix
+++ b/hosts/noximilien/default.nix
@@ -87,6 +87,7 @@
   ];
 
   # run/build weird binaries
+  # TODO: somehow make sure this is in sync with remote-builders
   boot.binfmt.emulatedSystems = [
     "wasm32-wasi"
     "wasm64-wasi"
diff --git a/profiles/remote-builders/default.nix b/profiles/remote-builders/default.nix
index 6f37ac6..873bdae 100644
--- a/profiles/remote-builders/default.nix
+++ b/profiles/remote-builders/default.nix
@@ -6,62 +6,76 @@ let
   # - "benchmark"    - has "equal" performance
   # - "big-parallel" - is beefy, for stuff like llvm
 
+  # find 'publicKey' with `ssh-keyscan`
+
   remotes = [
-    /** /
+    /**/
     {
-      systems = [ "x86_64-linux" ];
-      hostName = "bolle.pbsds.net";
-      sshUser = "pbsds";
-      maxJobs = 16;
-      #maxJobs = 1; # at least for big-parallel
+      systems     = [ "x86_64-linux" "wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ];
+      hostName    = "bolle.pbsds.net";
+      sshUser     = "pbsds";
+      maxJobs     = 16;
+      #maxJobs     = 1; # at least for big-parallel
       speedFactor = 2;
-      supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
-      #mandatoryFeatures = [ ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdkKmRB0WjD3L+k8GNTVJDLpOUqLBMW17ld/Jzapo6";
-      proxy.user="pederbs";
-      proxy.host="isvegg.pvv.ntnu.no";
+      supportedFeatures  = [ "kvm" "big-parallel" "nixos-test" ];
+      #mandatoryFeatures  = [ ];
+      publicKey  = "bolle.pbsds.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeOB/57N1fQPVorIUlkkJZaQduBo+4+km2Qbj4ebd/k";
+      proxy.user = "pederbs";
+      proxy.host = "isvegg.pvv.ntnu.no";
       proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
     }
     /**/
     {
-      systems = ["x86_64-linux"];
-      hostName = "rocm.pbsds.net";
-      sshUser = "pbsds";
-      maxJobs = 8;
-      #maxJobs = 4;
-      #maxJobs = 1; # at least for big-parallel
-      speedFactor = 3;
-      supportedFeatures = [ "kvm" "big-parallel" ];
-      #mandatoryFeatures = [ ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we";
-      proxy.user="pederbs";
-      proxy.host="isvegg.pvv.ntnu.no";
-      proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
+      systems     = [ "x86_64-linux" "wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ];
+      hostName    = "noximilien.pbsds.net";
+      sshUser     = "pbsds";
+      maxJobs     = 4;
+      #maxJobs    = 1; # at least for big-parallel
+      speedFactor = 1;
+      supportedFeatures  = [ "kvm" "big-parallel" "nixos-test" ];
+      #mandatoryFeatures  = [ ];
+      publicKey = "noximilien.pbsds.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4";
     }
     /**/
     {
-      systems = ["x86_64-linux"];
-      hostName = "isvegg.pvv.ntnu.no";
-      sshUser = "pederbs";
-      maxJobs = 2;
+      systems            = ["x86_64-linux"];
+      hostName           = "rocm.pbsds.net";
+      sshUser            = "pbsds";
+      maxJobs            = 8;
+      #maxJobs            = 4;
+      #maxJobs            = 1; # at least for big-parallel
+      speedFactor        = 3;
+      supportedFeatures  = [ "kvm" "big-parallel" ];
+      #mandatoryFeatures  = [ ];
+      publicKey          = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we";
+      proxy.user         = "pederbs";
+      proxy.host         = "isvegg.pvv.ntnu.no";
+      proxy.publicKey    = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
+    }
+    /**/
+    {
+      systems     = ["x86_64-linux"];
+      hostName    = "isvegg.pvv.ntnu.no";
+      sshUser     = "pederbs";
+      maxJobs     = 2;
       speedFactor = 0;
-      publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
+      publicKey   = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
     }
     {
-      systems = ["x86_64-linux"];
-      hostName = "eirin.pvv.ntnu.no";
-      sshUser = "pederbs";
-      maxJobs = 2;
+      systems     = ["x86_64-linux"];
+      hostName    = "eirin.pvv.ntnu.no";
+      sshUser     = "pederbs";
+      maxJobs     = 2;
       speedFactor = 0;
-      publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=";
+      publicKey   = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=";
     }
     {
-      systems = ["x86_64-linux"];
-      hostName = "demiurgen.pvv.ntnu.no";
-      sshUser = "pederbs";
-      maxJobs = 2;
+      systems     = ["x86_64-linux"];
+      hostName    = "demiurgen.pvv.ntnu.no";
+      sshUser     = "pederbs";
+      maxJobs     = 2;
       speedFactor = 0;
-      publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=";
+      publicKey   = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=";
     }
     /**/
   ];
@@ -73,8 +87,10 @@ let
     }@args:
   let
     buildMachine = lib.filterAttrs (key: _: !builtins.elem key ["publicKey" "proxy"]) args; # this should have syntactic sugar: ...@buildMachine
-  in  {
+    filter = lib.mkIf (buildMachine.hostName != config.networking.fqdn);
+  in filter {
     nix.buildMachines = [ buildMachine ];
+    #TODO: users.users.root.openssh.authorizedKeys.keys
     programs.ssh.knownHosts.${buildMachine.hostName}.publicKey = publicKey;
     # the timeout is great to have when a remote is unresponsive, as nix currently does not give a shit
     programs.ssh.extraConfig = ''
@@ -95,10 +111,7 @@ in {
   # https://github.com/NixOS/nix/issues/2457
 
   # useful when the builder has a faster internet connection than i do
-  nix.extraOptions = ''
-    builders-use-substitutes = true
-  '';
-  # TODO: can i make ^ non-string?
+  nix.settings.builders-use-substitutes = true;
 
   # TIL: this can be a list of configurations and lambdas, not just file paths
   imports = builtins.map mkRemoteConfig remotes;