From 8e40b3dc025e0ed29beb40511e9727709e93b748 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Czy=C5=BC?= <mike@c2yz.com>
Date: Sat, 16 Nov 2024 11:49:25 +0100
Subject: [PATCH] feat: zion remote builder config

---
 hosts/default.nix                |  1 +
 hosts/keys/remotebuild.pub       |  1 +
 hosts/modules/remote-builder.nix | 31 +++++++++++++++++++++++++++++++
 3 files changed, 33 insertions(+)
 create mode 100644 hosts/keys/remotebuild.pub
 create mode 100644 hosts/modules/remote-builder.nix

diff --git a/hosts/default.nix b/hosts/default.nix
index 3011922..6cee019 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -22,6 +22,7 @@
       ./modules/packages.nix
       ./modules/pipewire.nix
       ./modules/printing.nix
+      ./modules/remote-builder.nix
       ./modules/security.nix
       ./modules/ssh.nix
       ./modules/users.nix
diff --git a/hosts/keys/remotebuild.pub b/hosts/keys/remotebuild.pub
new file mode 100644
index 0000000..5fe6de3
--- /dev/null
+++ b/hosts/keys/remotebuild.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINlOY3fRdbxMUVFli1jNXtf+x7DOB7xjLObfDOgVDnmd root@nixos
diff --git a/hosts/modules/remote-builder.nix b/hosts/modules/remote-builder.nix
new file mode 100644
index 0000000..ce4d043
--- /dev/null
+++ b/hosts/modules/remote-builder.nix
@@ -0,0 +1,31 @@
+{
+  users.users.remotebuild = {
+    isNormalUser = true;
+    createHome = false;
+    group = "remotebuild";
+
+    openssh.authorizedKeys.keyFiles = [ ../keys/remotebuild.pub ];
+  };
+
+  users.groups.remotebuild = {};
+
+  nix = {
+    nrBuildUsers = 64;
+    settings = {
+      trusted-users = [ "remotebuild" ];
+
+      min-free = 10 * 1024 * 1024;
+      max-free = 200 * 1024 * 1024;
+
+      max-jobs = "auto";
+      cores = 0;
+    };
+  };
+
+  systemd.services.nix-daemon.serviceConfig = {
+    MemoryAccounting = true;
+    MemoryMax = "90%";
+    OOMScoreAdjust = 500;
+  }; 
+}
+