From fa025a7a65690b68e206f5905dee0e8d15b676e9 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sat, 15 Oct 2022 16:04:40 +0200
Subject: [PATCH] hosts/hydra-*: enable distributed builds

---
 hosts/hydra-1/configuration.nix | 12 ++++++++++--
 hosts/hydra-2/configuration.nix |  6 ++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix
index 0d7c19a..5f94303 100644
--- a/hosts/hydra-1/configuration.nix
+++ b/hosts/hydra-1/configuration.nix
@@ -21,8 +21,16 @@
   networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; };
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
-  # Allow Hydra to fetch remote URLs in restricted mode
-  nix.settings.allowed-uris = "http:// https://";
+  nix = {
+    settings.allowed-uris = "http:// https://";
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "hydra-2.net.clerie.de";
+        system = "x86_64-linux";
+      }
+    ];
+  };
 
   services.hydra = {
     enable = true;
diff --git a/hosts/hydra-2/configuration.nix b/hosts/hydra-2/configuration.nix
index cc6d3f4..1c708ca 100644
--- a/hosts/hydra-2/configuration.nix
+++ b/hosts/hydra-2/configuration.nix
@@ -24,6 +24,12 @@
   # Allow Hydra to fetch remote URLs in restricted mode
   nix.settings.allowed-uris = "http:// https://";
 
+  services.openssh.permitRootLogin = "yes";
+
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    ''command="nix-store --serve --write" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1''
+  ];
+
   clerie.monitoring = {
     enable = true;
     id = "211";