summaryrefslogtreecommitdiff
path: root/modules/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos')
-rw-r--r--modules/nixos/traits/default.nix1
-rw-r--r--modules/nixos/traits/mac-builder.nix65
2 files changed, 66 insertions, 0 deletions
diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix
index 1bb92b2..b6febf3 100644
--- a/modules/nixos/traits/default.nix
+++ b/modules/nixos/traits/default.nix
@@ -6,6 +6,7 @@
./containers.nix
./home-manager.nix
./locale.nix
+ ./mac-builder.nix
./nvd-diff.nix
./nvidia.nix
./resolved.nix
diff --git a/modules/nixos/traits/mac-builder.nix b/modules/nixos/traits/mac-builder.nix
new file mode 100644
index 0000000..ebed4a7
--- /dev/null
+++ b/modules/nixos/traits/mac-builder.nix
@@ -0,0 +1,65 @@
+{
+ config,
+ lib,
+ secretsDir,
+ ...
+}:
+let
+ cfg = config.traits.mac-builder;
+in
+{
+ options.traits.mac-builder = {
+ enable = lib.mkEnableOption "macOS remote builders";
+ manageSecrets = lib.mkEnableOption "managing SSH keys for builders" // {
+ default = config.traits.secrets.enable;
+ defaultText = "traits.secrets.enable";
+ };
+ };
+
+ config = lib.mkIf cfg.enable (
+ lib.mkMerge [
+ {
+ nix = {
+ buildMachines = [
+ (lib.mkMerge [
+ {
+ hostName = "mini.scrumplex.net";
+ maxJobs = 8;
+ sshUser = "bob-the-builder";
+ supportedFeatures = [
+ "nixos-test"
+ "benchmark"
+ "big-parallel"
+ "apple-virt"
+ ];
+ systems = [
+ "aarch64-darwin"
+ "x86_64-darwin"
+ ];
+ }
+
+ (lib.mkIf cfg.manageSecrets {
+ sshKey = config.age.secrets.macstadium.path;
+ })
+ ])
+ ];
+
+ distributedBuilds = true;
+
+ settings = {
+ builders-use-substitutes = true;
+ };
+ };
+ }
+
+ (lib.mkIf cfg.manageSecrets {
+ age.secrets = {
+ macstadium = {
+ file = secretsDir + "/macstadium.age";
+ mode = "600";
+ };
+ };
+ })
+ ]
+ );
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 19:30:23 +0000