setup orbstack-builder

elohmeier · Oct 23, 2024 · 8a7ef0d · 8a7ef0d
1 parent f156e73
commit 8a7ef0d
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 0 deletions.
diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix
@@ -29,6 +29,7 @@ in
 
   flake.darwinConfigurations = {
     mb4 = darwinSystemFor "aarch64-darwin" [
+      ./orbstack-builder.nix
       (
         { pkgs, ... }:
         {

diff --git a/modules/darwin/orbstack-builder.nix b/modules/darwin/orbstack-builder.nix
@@ -0,0 +1,42 @@
+{
+  ...
+}:
+
+{
+  environment.etc."ssh/ssh_config.d/100-linux-builder.conf".text = ''
+    Host linux-builder
+      User builder
+      Hostname localhost
+      HostKeyAlias linux-builder
+      Port 31022
+      IdentityFile /etc/nix/builder_ed25519
+  '';
+
+  nix.distributedBuilds = true;
+
+  nix.buildMachines = [
+    {
+      hostName = "linux-builder";
+      sshUser = "builder";
+      sshKey = "/etc/nix/builder_ed25519";
+      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUxoT2tPWDVIcG13ZjdDWWlZMnNWQWZ5T1FTM3pNUTJWeXVPRWhPTXhQVGEgcm9vdEBuaXhvcy1idWlsZGVyCg==";
+      maxJobs = 4;
+      protocol = "ssh-ng";
+      speedFactor = 1;
+      supportedFeatures = [
+        "kvm"
+        "benchmark"
+        "big-parallel"
+      ];
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];
+    }
+  ];
+
+  nix.settings = {
+    builders-use-substitutes = true;
+    trusted-users = [ "enno" ];
+  };
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
@@ -141,5 +141,11 @@ in
         }
       )
     ];
+
+    orb-nixos-builder = nixosSystemFor "aarch64-linux" [
+      self.nixosModules.defaults
+      self.nixosModules.orbstack-defaults
+      ./orbstack-builder.nix
+    ];
   };
 }
diff --git a/modules/nixos/orbstack-builder.nix b/modules/nixos/orbstack-builder.nix
@@ -0,0 +1,37 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  user = "builder";
+in
+{
+  environment.systemPackages = [ pkgs.btop ];
+
+  networking.hostName = "nixos-builder";
+
+  services.openssh = {
+    enable = lib.mkForce true;
+    ports = [ 31022 ];
+  };
+
+  documentation.enable = lib.mkForce false;
+
+  nix.channel.enable = false;
+
+  nix.settings = {
+    auto-optimise-store = true;
+    min-free = 1024 * 1024 * 1024;
+    max-free = 3 * 1024 * 1024 * 1024;
+    trusted-users = [ user ];
+  };
+
+  users.users."${user}" = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtB32gQF96zxxtDazLlmFTZANch/2MNlU+2nmMos8cs builder@localhost"
+    ];
+  };
+}