From 0f86479aa9920b7c4c2493d26e87c35ee0e46d0c Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Wed, 29 Jan 2025 17:51:30 +0100
Subject: nix: remote builds: factor out

---
 config/default.nix           |  2 +-
 config/nix.nix               | 24 ++++++++++++++++++++++++
 config/nix/default.nix       | 19 -------------------
 config/nix/remote-builds.nix | 29 -----------------------------
 4 files changed, 25 insertions(+), 49 deletions(-)
 create mode 100644 config/nix.nix
 delete mode 100644 config/nix/default.nix
 delete mode 100644 config/nix/remote-builds.nix

(limited to 'config')

diff --git a/config/default.nix b/config/default.nix
index 9e31dab..974736f 100644
--- a/config/default.nix
+++ b/config/default.nix
@@ -5,7 +5,7 @@
     ./environment.nix
     ./hardware
     ./networking
-    ./nix
+    ./nix.nix
     ./users.nix
   ];
 
diff --git a/config/nix.nix b/config/nix.nix
new file mode 100644
index 0000000..4276c3f
--- /dev/null
+++ b/config/nix.nix
@@ -0,0 +1,24 @@
+{...}: {
+  personal.nix = {
+    enable = true;
+    autoUpgrade.enable = true;
+    gc.enable = true;
+    flake = "git+file:///etc/nixos/";
+    remoteBuilds = {
+      enable = true;
+      machines.hephaistos = {
+        enable = true;
+        domain = "local";
+      };
+    };
+  };
+  nix.settings.max-jobs = 1;
+  nixpkgs.flake = {
+    setNixPath = true;
+    setFlakeRegistry = true;
+  };
+  system.autoUpgrade.flags = [
+    # for reading secrets from a file
+    "--impure"
+  ];
+}
diff --git a/config/nix/default.nix b/config/nix/default.nix
deleted file mode 100644
index a9d79cc..0000000
--- a/config/nix/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{lib, ...}: {
-  imports = [./remote-builds.nix];
-
-  personal.nix = {
-    enable = true;
-    autoUpgrade.enable = true;
-    gc.enable = true;
-    flake = "git+file:///etc/nixos/";
-  };
-  nix.settings.max-jobs = lib.mkDefault 1;
-  nixpkgs.flake = {
-    setNixPath = true;
-    setFlakeRegistry = true;
-  };
-  system.autoUpgrade.flags = [
-    # for reading secrets from a file
-    "--impure"
-  ];
-}
diff --git a/config/nix/remote-builds.nix b/config/nix/remote-builds.nix
deleted file mode 100644
index a895aad..0000000
--- a/config/nix/remote-builds.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{...}: {
-  programs.ssh = {
-    extraConfig = ''
-      Host hephaistos.local
-        # Prevent using ssh-agent or another keyfile, useful for testing
-        IdentitiesOnly yes
-        IdentityFile /etc/ssh/nixremote
-        # The weakly privileged user on the remote builder – if not set, 'root' is used – which will hopefully fail
-        User nixremote
-    '';
-    knownHosts."hephaistos.local".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtqi8tziBuviUV8LDK2ddQQUbHdJYB02dgWTK5Olxq";
-  };
-
-  nix = {
-    distributedBuilds = true;
-    buildMachines = [
-      {
-        hostName = "hephaistos.local";
-        system = "x86_64-linux";
-        # Nix custom ssh-variant that avoids lots of "trusted-users" settings pain
-        protocol = "ssh-ng";
-        maxJobs = 4;
-        speedFactor = 4;
-        supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
-        mandatoryFeatures = [];
-      }
-    ];
-  };
-}
-- 
cgit v1.2.3