attempt at configuring the remote builder on the VM

3 files changed, 45 insertions, 0 deletions

diff --git a/machines/darwin/aarch64-darwin/mba-m2.nix b/machines/darwin/aarch64-darwin/mba-m2.nix
index a2c5607..1cd9aa8 100644
--- a/machines/darwin/aarch64-darwin/mba-m2.nix
+++ b/machines/darwin/aarch64-darwin/mba-m2.nix
@@ -8,6 +8,7 @@
   imports = [
     "${self}/profiles/home-manager.nix"
     "${self}/profiles/darwin.nix"
+    "${self}/profiles/remote-builder.nix"
   ];
 
   system.primaryUser = adminUser.name;
diff --git a/machines/nixos/x86_64-linux/vm-synology.nix b/machines/nixos/x86_64-linux/vm-synology.nix
index 4b499f2..d947973 100644
--- a/machines/nixos/x86_64-linux/vm-synology.nix
+++ b/machines/nixos/x86_64-linux/vm-synology.nix
@@ -80,5 +80,15 @@
     };
   };
 
+  users.users.builder = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+    ];
+    isNormalUser = true;
+    group = "nogroup";
+  };
+
+  nix.settings.trusted-users = [ "builder" ];
+
   system.stateVersion = "23.11"; # Did you read the comment?
 }
diff --git a/profiles/remote-builder.nix b/profiles/remote-builder.nix
new file mode 100644
index 0000000..cc7751f
--- /dev/null
+++ b/profiles/remote-builder.nix
@@ -0,0 +1,34 @@
+{ ... }:
+{
+  nix.buildMachines = [
+    {
+      hostName = "vm-synology";
+      sshUser = "builder";
+
+      # 'ssh-ng' is faster if both machines are NixOS but falls flat if the
+      # machine Nix will attempt a connection to is not NixOS. In such a case
+      # you must use 'ssh' instead.
+      protocol = "ssh-ng";
+
+      # Systems for which builds will be offloaded.
+      systems = [
+        "x86_64-linux"
+      ];
+
+      # Default is 1 but may keep the builder idle in between builds
+      maxJobs = 1;
+
+      supportedFeatures = [
+        "nixos-test"
+      ];
+    }
+  ];
+
+  nix.distributedBuilds = true;
+
+  programs.ssh.extraConfig = ''
+    Host builder
+      User builder
+      HostName vm-synology
+  '';
+}