From c629518866824d88311f08e1c1113e3eb0f794c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20B=C3=B6hme?= <mail@moritzboeh.me>
Date: Mon, 28 Aug 2023 20:09:39 +0200
Subject: [PATCH] feat: add builder

---
 modules/profiles/personal.nix |  19 +++++++++++++++++++
 secrets/nordvpn.age           | Bin 906 -> 0 bytes
 secrets/secrets.nix           |  12 ++++++------
 secrets/spotifyd.age          |  17 -----------------
 secrets/ssh-builder.age       |  10 ++++++++++
 5 files changed, 35 insertions(+), 23 deletions(-)
 delete mode 100644 secrets/nordvpn.age
 delete mode 100644 secrets/spotifyd.age
 create mode 100644 secrets/ssh-builder.age

diff --git a/modules/profiles/personal.nix b/modules/profiles/personal.nix
index bfea3e2..dbb2944 100644
--- a/modules/profiles/personal.nix
+++ b/modules/profiles/personal.nix
@@ -69,5 +69,24 @@ in
           };
         };
       };
+      nix.buildMachines = [{
+        hostName = "builder";
+        systems = [ "aarch64-linux" "x86_64-linux" ];
+        protocol = "ssh-ng";
+        maxJobs = 1;
+        speedFactor = 1;
+        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+        mandatoryFeatures = [ ];
+      }];
+      nix.distributedBuilds = true;
+      # optional, useful when the builder has a faster internet connection than yours
+      nix.extraOptions = ''
+        builders-use-substitutes = true
+      '';
+      age.secrets."ssh-builder" = {
+        file = ../../secrets/ssh-builder.age;
+        owner = "0";
+        path = "/root/.ssh/config";
+      };
     };
 }
diff --git a/secrets/nordvpn.age b/secrets/nordvpn.age
deleted file mode 100644
index 4f0074eeae020738feed80ef911cf772bde4f2a0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 906
zcmZ9_JCEB0003abXsHsXBJmn9g_gnOY{zz-a8-rlIDW*j6FZI{W%29$iXX9ajuR&6
zf&{vis{{fuAysX~gpd#&Di8x*ka!H8p(;XGmM&FW#G3C9e0Jcs{LC#k#VX3P{k#m|
z8U<RHz^V#czSkxQv<K4h(ejW2iFvl5j~bE*gb+#;jUGmM#N%qQlyg=lXi1j|lykCS
zk^o4fN=T1_)UlVKjj#7dOafCqb+!`NO5fITw(_BVw6>dMcbh8aAPvBQ5UwYEexc1q
zxn9SiN4m~LkZsY1AYMvx`-tYYF{ktw2|!5*Zp@?<*_O0WO>n2{<ZUzSIq?>1x*erK
zFm<uvlRTq#w>8@l%>Z0g`a)nQDu#(Q65~08I<sa)jSpogBecAn$-L$dEiOb5AixDr
z68L=1NwY3)`f@#QrbQ9D?aC-ZnbO5{ICT**61uyaWqPC)fR#WERD8mS0maB%taiF}
z=)qegK+#E?;N7twOPD_H5A*<V6<rx-hOf^1Ym0;85i6@w+c8H3nx*)Rm}_2*4EQy<
zad$Vn>dnn5$QrdE&NeV>Z~974pVAq=3^aMYfSiRg(McYW4J#L!PK*Fv*-Mx~2g8O{
zlGV;c8o7oEC8!Z-@QU+=h}H3$hz?Vl+1)&yccxPi*R^0-TCQM*1`Z?cbe<(z8AMrb
zr3^DJQk`=SS9YDN3DEVtDx?d`<3>~|(0+}LH7Qlhs9**<Q}wf@XXaVSF3I)(+kqI5
z_xG_@Q2KV|gYUczuGBX+=M?}h$QWp~T3{Hk6@_g(M&ofh&dw<rM~7XOM3cHtl9f5!
zVlaD@FIfr!9{+mw_J^k*eDtdM6?*f<Z$7`?`}@c5K5Knq@4e?wZ~t}cc<+V9o(&QI
zJUm|B`u2}MZ=S%5?(^x@dv~wDbmr={JImj<|DJyOMfByhgA0$|JuZwJ2Nd?&lheD8
zF2!H}^vwJBl?#fO{Z^fy`4`W9f9C1SA3vPGb>o%G*6SxfKNnoN^58OicJ#C@J{zB0
JeDjwd{sX2#HuV4i

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 09e13f4..7c7267c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -12,16 +12,16 @@ let
   hosts-work = [ nixos-work scadspc25 ];
   hosts = hosts-personal ++ hosts-work;
 
+  personal = [ moritz ] ++ hosts-personal;
   all = users ++ hosts;
 in
 {
   "github.age".publicKeys = all;
-  "nordvpn.age".publicKeys = all;
-  "spotifyd.age".publicKeys = all;
-  "ssh-home.age".publicKeys = all;
-  "uni-vpn.age".publicKeys = all;
-  "wireguard-preshared-key.age".publicKeys = all;
-  "wireguard-private-key.age".publicKeys = all;
+  "ssh-home.age".publicKeys = personal;
+  "ssh-builder.age".publicKeys = personal;
+  "uni-vpn.age".publicKeys = personal;
+  "wireguard-preshared-key.age".publicKeys = personal;
+  "wireguard-private-key.age".publicKeys = personal;
   "webis.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ];
   "webis-ssh.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ];
 }
diff --git a/secrets/spotifyd.age b/secrets/spotifyd.age
deleted file mode 100644
index f564d39..0000000
--- a/secrets/spotifyd.age
+++ /dev/null
@@ -1,17 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 CjuqfA /YCi+4iCBCJc2+n5DfEi6yFqYiC6WKyKqMQTC3dxYTM
-TXnSGexVJPzsxV3GBoxujBPy4sYFK7tTzpgZd+tL7PY
--> ssh-ed25519 QRYDmg 7ol/1aYbVuD1peL4kMHFifxtfj1LJPQ7ByMgmoIiLG0
-LJyz1aoBxOnxcy/x9yXCcMDG1CM8XSGTIvklShHsLr8
--> ssh-ed25519 wG6LYg LvuMCPIaXP8gDriTDVIXak2dLUTDgyA+ADnsFDEtpX4
-PSsM5NsSVhsV1xtZPs3VZbJopfkDQg7Gxjkrnf+I5VI
--> ssh-ed25519 ZYd7Zg jt4zPtq1gv/SQ8Zqy2kFQZTUHo57d3BcBOusafU5TwE
-FCifF8kUwHqlvokMMhJ/A2zCutshBg9K22gZPeYyK5s
--> ssh-ed25519 as9VYQ 2w+TXKZGnMQ5nRqVPfDiXAjGPLjMQcDzuZ42tXD81zE
-GHVNnPD1QrRfjlxymtkIvW/fSH8280ye4ojag/RrL6Y
--> ssh-ed25519 dWIbQQ vFV8rbuDIUhVuWlp1zLKbSZkxWwBpjLGAHZ7TZmlpxA
-2qq8R8eGQHMAtTAKJxv7ouXwbw9h9LnoipQ+dtq0bOk
--> eLqn-grease
-s21qb67X34dXu+DeHZV4IA9mvegTyQSulJuWZXUyGmlxQT4N7pDAjAgrlrsT8zI
---- ogDMsipm47a5cDUlzX1zPmeakFaqXecpvYfPILf5PGA
-ªï;èæŠ(+\"ßÐ`qnC:Î6†Vîì‹„t0½ë\2×oô¨¦Ù<œ*œ?J\ ÎTÏ¢ÐÕVÛ_Ç
\ No newline at end of file
diff --git a/secrets/ssh-builder.age b/secrets/ssh-builder.age
new file mode 100644
index 0000000..ba15122
--- /dev/null
+++ b/secrets/ssh-builder.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 wG6LYg 5umyOPP+KaUaQckEZYnh+nyX2RIMDp/KtJraFuATQBM
+qsS9JiY0qxR7IMwpH2x1VWF5A5/wrAkbeOzuMcf1fS0
+-> ssh-ed25519 ZYd7Zg L9EJulnOPk7fEcmrWU8mVRbEN80dHCji1n4bnwGJigk
+KTnk+Ku96gJ7Tj2egXyqX6UIuytHTuMFM1ygDXoIDxg
+-> XQ.ai[-grease a ) r]>2~U
+7CDc3c+1EZaEB15RE8JMzmdbr2WmQeP2ivIh4qgYTnKImHxJaJEhgScd0EzyEXVP
+NZxuP+0
+--- CE/X6hjRUWT1ya1ySIjFBnLdmPkVbL4ugDwYv9XGYoo
+Úô½çµß‰¦¥×3Ïÿ8ìež:Im…èúÔF?U¨~Ù83ÍÉÜóÝðµôìNCzAÅãõúû°õM]0¥²fšð´ku˜›¯†FL§lš<åÀSXCÅÛhEh Î¥GKFÈ<+çÒoŒ_ÝÐIP´ùça<vJSxzŸÇyà£–_\ÿ8p‰¥æ0‘v
\ No newline at end of file