got substituting to work along with remote building

2025-12-10 00:43:56 -05:00 · 2023-06-18 10:17:52 -04:00 · 2023-06-18 10:17:52 -04:00 · ee2beea680
commit ee2beea680
parent 7fd4c88056
2 changed files with 46 additions and 20 deletions
--- a/modules/builders.nix
+++ b/modules/builders.nix
@ -16,6 +16,9 @@
            keep-derivations = false;
            builders-use-substitutes = true;
            max-jobs = 0;
+            substituters = ["ssh-ng://nix-ssh@gerg-desktop" "https://cache.nixos.org/"];
+            trusted-public-keys = ["gerg-desktop:6p1+h6jQnb1MOt3ra3PlQpfgEEF4zRrQWiEuAqcjBj8=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="];
+            secret-key-files = "/persist/cache-keys/cache-priv-key.pem";
          };
          distributedBuilds = true;
          buildMachines = [
@ -39,26 +42,42 @@
        };
      }
    )
-    (lib.mkIf config.localModules.remoteBuild.isBuilder {
-      users = {
-        groups.builder = {};
-        users.builder = {
-          createHome = false;
-          isSystemUser = true;
-          openssh.authorizedKeys.keys = [
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@mom-laptop"
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop"
-          ];
-          useDefaultShell = true;
-          group = "builder";
-        };
-      };

-      nix.settings = {
-        trusted-users = ["builder"];
-        keep-outputs = true;
-        keep-derivations = true;
-      };
-    })
+    (
+      let
+        keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@mom-laptop"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop"
+        ];
+      in
+        lib.mkIf
+        config.localModules.remoteBuild.isBuilder
+        {
+          users = {
+            groups.builder = {};
+            users.builder = {
+              createHome = false;
+              isSystemUser = true;
+              openssh.authorizedKeys = {inherit keys;};
+              useDefaultShell = true;
+              group = "builder";
+            };
+          };
+
+          nix = {
+            settings = {
+              trusted-users = ["builder" "nix-ssh"];
+              keep-outputs = true;
+              keep-derivations = true;
+            };
+            sshServe = {
+              enable = true;
+              write = true;
+              inherit keys;
+              protocol = "ssh-ng";
+            };
+          };
+        }
+    )
  ];
 }