3 files changed, 33 insertions, 1 deletions

diff --git a/config/default.nix b/config/default.nix
index dd22e26..4078e47 100644
--- a/config/default.nix
+++ b/config/default.nix
@@ -5,7 +5,7 @@
     ./boot.nix
     ./environment.nix
     ./networking.nix
-    ./nix.nix
+    ./nix
     ./services
     ./users.nix
   ];
diff --git a/config/nix.nix b/config/nix/default.nix
index a3d2da2..c930095 100644
--- a/config/nix.nix
+++ b/config/nix/default.nix
@@ -1,4 +1,6 @@
 {lib, ...}: {
+  imports = [./remote-builds.nix];
+
   personal.nix = {
     enable = true;
     autoUpgrade = {
diff --git a/config/nix/remote-builds.nix b/config/nix/remote-builds.nix
new file mode 100644
index 0000000..5f23108
--- /dev/null
+++ b/config/nix/remote-builds.nix
@@ -0,0 +1,30 @@
+{...}: {
+  networking.hosts."10.13.42.2" = ["hephaistos.local"];
+  programs.ssh = {
+    extraConfig = ''
+      Host hephaistos.local
+        # Prevent using ssh-agent or another keyfile, useful for testing
+        IdentitiesOnly yes
+        IdentityFile /etc/ssh/nixremote
+        # The weakly privileged user on the remote builder – if not set, 'root' is used – which will hopefully fail
+        User nixremote
+    '';
+    knownHosts."hephaistos.local".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtqi8tziBuviUV8LDK2ddQQUbHdJYB02dgWTK5Olxq";
+  };
+
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "hephaistos.local";
+        system = "x86_64-linux";
+        # Nix custom ssh-variant that avoids lots of "trusted-users" settings pain
+        protocol = "ssh-ng";
+        maxJobs = 4;
+        speedFactor = 4;
+        supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+        mandatoryFeatures = [];
+      }
+    ];
+  };
+}