From d83782f315f06c8d26127a2c8f811b0b536caa2e Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Sun, 30 Apr 2023 12:49:15 -0600
Subject: [PATCH] Set up Nix build worker

---
 common/default.nix           |  1 +
 common/nix-builder.nix       | 60 ++++++++++++++++++++++++++++++++++++
 machines/phil/properties.nix |  1 +
 3 files changed, 62 insertions(+)
 create mode 100644 common/nix-builder.nix

diff --git a/common/default.nix b/common/default.nix
index 5f164b6..398c76e 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -12,6 +12,7 @@
     ./server
     ./pc
     ./machine-info
+    ./nix-builder.nix
     ./ssh.nix
   ];
 
diff --git a/common/nix-builder.nix b/common/nix-builder.nix
new file mode 100644
index 0000000..b3849e5
--- /dev/null
+++ b/common/nix-builder.nix
@@ -0,0 +1,60 @@
+{ config, lib, ... }:
+
+let
+  builderRole = "nix-builder";
+  builderUserName = "nix-builder";
+
+  machinesByRole = role: lib.filterAttrs (hostname: cfg: builtins.elem role cfg.systemRoles) config.machines.hosts;
+  otherMachinesByRole = role: lib.filterAttrs (hostname: cfg: hostname != config.networking.hostName) (machinesByRole role);
+  thisMachineHasRole = role: builtins.hasAttr config.networking.hostName (machinesByRole role);
+
+  builders = machinesByRole builderRole;
+  thisMachineIsABuilder = thisMachineHasRole builderRole;
+
+  # builders don't include themselves as a remote builder
+  otherBuilders = lib.filterAttrs (hostname: cfg: hostname != config.networking.hostName) builders;
+in
+lib.mkMerge [
+  # configure builder
+  (lib.mkIf thisMachineIsABuilder {
+    users.users.${builderUserName} = {
+      description = "Distributed Nix Build User";
+      group = builderUserName;
+      isSystemUser = true;
+      createHome = true;
+      home = "/var/lib/nix-builder";
+      useDefaultShell = true;
+      openssh.authorizedKeys.keys = builtins.map
+        (builderCfg: builderCfg.hostKey)
+        (builtins.attrValues config.machines.hosts);
+    };
+    users.groups.${builderUserName} = { };
+
+    nix.settings.trusted-users = [
+      builderUserName
+    ];
+  })
+
+  # use each builder
+  {
+    nix.distributedBuilds = true;
+
+    nix.buildMachines = builtins.map
+      (builderCfg: {
+        hostName = builtins.elemAt builderCfg.hostNames 0;
+        system = builderCfg.arch;
+        protocol = "ssh-ng";
+        sshUser = builderUserName;
+        sshKey = "/etc/ssh/ssh_host_ed25519_key";
+        maxJobs = 3;
+        speedFactor = 10;
+        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+      })
+      (builtins.attrValues otherBuilders);
+
+    # It is very likely that the builder's internet is faster or just as fast
+    nix.extraOptions = ''
+      builders-use-substitutes = true
+    '';
+  }
+]
diff --git a/machines/phil/properties.nix b/machines/phil/properties.nix
index c7f1d07..519e9e5 100644
--- a/machines/phil/properties.nix
+++ b/machines/phil/properties.nix
@@ -9,6 +9,7 @@
   systemRoles = [
     "server"
     "gitea-runner"
+    "nix-builder"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlgRPpuUkZqe8/lHugRPm/m2vcN9psYhh5tENHZt9I2";