From 77a0a36bb8f0a973086c49a5c1117e9384305df8 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Thu, 23 Nov 2023 01:59:37 +0000
Subject: [PATCH] enable remote-building for lappy/moby

---
 hosts/by-name/servo/default.nix |  1 +
 hosts/common/default.nix        |  2 ++
 hosts/modules/nixcache.nix      | 20 ++++++++++++++++++++
 modules/services/nixserve.nix   |  1 +
 4 files changed, 24 insertions(+)

diff --git a/hosts/by-name/servo/default.nix b/hosts/by-name/servo/default.nix
index d125e49c..5a1e2918 100644
--- a/hosts/by-name/servo/default.nix
+++ b/hosts/by-name/servo/default.nix
@@ -29,6 +29,7 @@
   sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
   sane.nixcache.substituters.servo = false;
   sane.nixcache.substituters.desko = false;
+  sane.nixcache.remote-builders.desko = false;
   # sane.services.duplicity.enable = true;  # TODO: re-enable after HW upgrade
 
   # automatically log in at the virtual consoles.
diff --git a/hosts/common/default.nix b/hosts/common/default.nix
index 8464e5c0..e2268220 100644
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -57,6 +57,8 @@
   # does the daemon continually scan the nix store?
   # does the builder use some content-addressed db to efficiently dedupe?
   nix.settings.auto-optimise-store = true;
+  # TODO: see if i can remove this?
+  nix.settings.trusted-users = [ "root" ];
 
   services.journald.extraConfig = ''
     # docs: `man journald.conf`
diff --git a/hosts/modules/nixcache.nix b/hosts/modules/nixcache.nix
index aba3ad28..a6343aa1 100644
--- a/hosts/modules/nixcache.nix
+++ b/hosts/modules/nixcache.nix
@@ -36,6 +36,10 @@ in
       nixos = subOpt;
       cachix = subOpt;
     };
+    sane.nixcache.remote-builders.desko = mkOption {
+      default = true;
+      type = types.bool;
+    };
   };
 
   config = {
@@ -55,5 +59,21 @@ in
       "desko:Q7mjjqoBMgNQ5P0e63sLur65A+D4f3Sv4QiycDIKxiI="
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
     ];
+
+    nix.buildMachines = lib.mkIf cfg.remote-builders.desko [{
+      hostName = "desko";
+      system = "x86_64-linux";
+      protocol = "ssh-ng";
+      maxJobs = 4; # constrained by ram, for things like webkitgtk, etc.
+      speedFactor = 8;
+      supportedFeatures = [ "big-parallel" ];
+      mandatoryFeatures = [ ];
+      # TODO: define sshUser and sshKey here instead of in hosts/common/users/root.nix
+    }];
+    nix.distributedBuilds = lib.mkIf cfg.remote-builders.desko true;
+    # optional, useful when the builder has a faster internet connection than yours
+    nix.extraOptions = lib.mkIf cfg.remote-builders.desko ''
+      builders-use-substitutes = true
+    '';
   };
 }
diff --git a/modules/services/nixserve.nix b/modules/services/nixserve.nix
index 5463184e..bc07822b 100644
--- a/modules/services/nixserve.nix
+++ b/modules/services/nixserve.nix
@@ -24,6 +24,7 @@ in
   };
 
   config = mkIf cfg.enable {
+    nix.settings.trusted-users = [ "nixremote" ];
     services.nix-serve = {
       enable = true;
       inherit (cfg) port secretKeyFile;