From c5dec72a2014a6d6af45a30bfc036a08820519f4 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Mon, 18 Nov 2024 14:05:32 -0500
Subject: [PATCH] use pureintent as remote builder

---
 configurations/nixos/vixen/default.nix    |  1 +
 modules/nixos/linux/distributed-build.nix | 20 +++++++++++++++++---
 modules/nixos/shared/primary-as-admin.nix |  6 +++++-
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/configurations/nixos/vixen/default.nix b/configurations/nixos/vixen/default.nix
index d7d0f39..b2a2efa 100644
--- a/configurations/nixos/vixen/default.nix
+++ b/configurations/nixos/vixen/default.nix
@@ -9,6 +9,7 @@ in
     self.nixosModules.default
     inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen4
     ./configuration.nix
+    (self + /modules/nixos/linux/distributed-build.nix)
     (self + /modules/nixos/linux/gui/hyprland)
     (self + /modules/nixos/linux/gui/gnome.nix)
     (self + /modules/nixos/linux/gui/desktopish/fonts.nix)
diff --git a/modules/nixos/linux/distributed-build.nix b/modules/nixos/linux/distributed-build.nix
index fdf884a..781e9cd 100644
--- a/modules/nixos/linux/distributed-build.nix
+++ b/modules/nixos/linux/distributed-build.nix
@@ -1,15 +1,29 @@
 # https://nixos.wiki/wiki/Distributed_build
+{ flake, ... }:
+let
+  buildHost = "pureintent";
+  user = flake.config.me.username;
+in
 {
-  services.openssh.settings.PermitRootLogin = "prohibit-password";
+  home-manager.users."root" = {
+    programs.ssh.matchBlocks = {
+      ${buildHost} = {
+        inherit user;
+        identityFile = "/etc/ssh/ssh_host_ed25519_key";
+      };
+    };
+  };
+  # services.openssh.settings.PermitRootLogin = "prohibit-password";
   nix.buildMachines = [
     {
-      hostName = "thick";
+      hostName = buildHost;
       system = "x86_64-linux";
+      protocol = "ssh-ng";
       # if the builder supports building for multiple architectures, 
       # replace the previous line by, e.g.,
       # systems = ["x86_64-linux" "aarch64-linux"];
       maxJobs = 16;
-      speedFactor = 3;
+      speedFactor = 1;
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       mandatoryFeatures = [ ];
     }
diff --git a/modules/nixos/shared/primary-as-admin.nix b/modules/nixos/shared/primary-as-admin.nix
index 15942d4..3e3f7a0 100644
--- a/modules/nixos/shared/primary-as-admin.nix
+++ b/modules/nixos/shared/primary-as-admin.nix
@@ -6,7 +6,11 @@
   users.users =
     let
       me = flake.config.me;
-      myKeys = [ me.sshKey ];
+      myKeys = [
+        me.sshKey
+        # vixen host key (see distributed-build.nix)
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImY2zbqe3HlPF62gSgUrJI7xY3n3NEBwRi/MkDrVjp5"
+      ];
     in
     {
       root.openssh.authorizedKeys.keys = myKeys;