refactor: remote-builders to clan service

modules/remote_builders.nix

@@ -1,123 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  self,
-  ...
-}: let
-  inherit
-    (lib)
-    filterAttrs
-    mkEnableOption
-    mkIf
-    mapAttrsToList
-    concatLines
-    mkOption
-    types
-    ;
-  cfg = config.our.buildMachines;
-
-  builders = filterAttrs (_n: v: v.config.our.buildMachines.enable) self.nixosConfigurations;
-  others = filterAttrs (n: _v: n != config.networking.hostName) builders;
-
-  mkBuilder = hostName: attrs: let
-    config' = attrs.config;
-    cfg' = config'.our.buildMachines;
-    pkgs' = attrs.pkgs;
-  in {
-    # NOTE: https://github.com/NixOS/nix/issues/3177
-    hostName =
-      if hostName == config.networking.hostName
-      then "local?root=/nix/store"
-      else hostName;
-    sshUser =
-      if hostName == config.networking.hostName
-      then null
-      else "remotebuild";
-    # CPU architecture of the builder, and the operating system it runs.
-    # If your builder supports multiple architectures
-    # (e.g. search for "binfmt" for emulation),
-    systems = [pkgs'.system] ++ config'.boot.binfmt.emulatedSystems;
-    # Nix custom ssh-variant that avoids lots of "trusted-users" settings pain
-    protocol =
-      if hostName == config.networking.hostName
-      then null
-      else "ssh-ng";
-    # default is 1 but may keep the builder idle in between builds
-    maxJobs = 3;
-    speedFactor = 1;
-    supportedFeatures = cfg'.supportedFeatures;
-    mandatoryFeatures = [];
-  };
-
-  buildMachines = mapAttrsToList mkBuilder builders;
-
-  remotebuildKeys =
-    mapAttrsToList (
-      _name: attrs: attrs.config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519.pub".value
-    )
-    others;
-
-  mkMatch = hostName: _v: ''
-    Match User remotebuild Host ${hostName}
-      IdentityFile ${config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519".path}
-  '';
-  sshConfig = concatLines (mapAttrsToList mkMatch others);
-in {
-  options.our.buildMachines = {
-    enable = mkEnableOption "Use this machine as a remoteBuilder for others and vice versa.";
-    supportedFeatures = mkOption {
-      type = types.listOf (
-        types.oneOf [
-          "nixos-test"
-          "benchmark"
-          "big-parallel"
-          "kvm"
-        ]
-      );
-      default = [];
-      description = ''
-        kvm          | Everything which builds inside a vm, like NixOS tests
-        nixos-test   | Machine can run NixOS tests
-        big-parallel | kernel config, libreoffice, evolution, llvm and chromium
-        benchmark    | Machine can generate metrics (means the builds usually takes the same amount of time)
-      '';
-    };
-  };
-  config = mkIf cfg.enable {
-    users.users.remotebuild = {
-      isNormalUser = true;
-      createHome = false;
-      group = "remotebuild";
-
-      openssh.authorizedKeys.keys = remotebuildKeys;
-    };
-
-    users.groups.remotebuild = {};
-
-    clan.core.vars.generators.remotebuild = {
-      files."ssh.id_ed25519" = {};
-      files."ssh.id_ed25519.pub".secret = false;
-      runtimeInputs = [
-        pkgs.coreutils
-        pkgs.openssh
-      ];
-      script = ''
-        ssh-keygen -t ed25519 -N "" -f "$out"/ssh.id_ed25519
-      '';
-    };
-
-    programs.ssh.extraConfig = sshConfig;
-
-    nix = {
-      buildMachines = buildMachines;
-      # required, otherwise remote buildMachines above aren't used
-      distributedBuilds = true;
-      # optional, useful when the builder has a faster internet connection than yours
-      settings = {
-        builders-use-substitutes = true;
-        trusted-users = ["remotebuild"];
-      };
-    };
-  };
-}

modules/shared.nix

@@ -10,7 +10,6 @@
     clan-core.clanModules.state-version
     clan-core.clanModules.static-hosts
     clan-core.clanModules.machine-id
-    ./remote_builders.nix
   ];
 
   networking.hosts."fd77:acc0:1d56:2265:499:9367:28e0:97d3" = ["moritz-remarkable"];