From 4a5016ce074e5823acaab59e67f4c3064fe6812b Mon Sep 17 00:00:00 2001
From: Christoph Hollizeck <christoph.hollizeck@hey.com>
Date: Tue, 2 Dec 2025 01:34:55 +0100
Subject: [PATCH] hydra: include ssh config for future build machines

---
 modules/server/hydra.nix | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/modules/server/hydra.nix b/modules/server/hydra.nix
index a2d2a02..1660268 100644
--- a/modules/server/hydra.nix
+++ b/modules/server/hydra.nix
@@ -1,17 +1,25 @@
 {
   flake.modules.nixos.hydra =
-    { config, pkgs, ... }:
+    {
+      config,
+      lib,
+      pkgs,
+      ...
+    }:
     let
       httpPort = 2000;
 
+      generateHostEntry = machine: ''
+        Host ${machine.hostName}
+          IdentitiesOnly yes
+          IdentityFile ${machine.sshKey}
+          User remotebuild
+      '';
+
+      filteredMachines = lib.filter (machine: machine.hostName != "localhost") config.nix.buildMachines;
       remotebuild-ssh-config = pkgs.writeTextFile {
         name = "remotebuild-ssh-config";
-        text = ''
-          Host nixberry
-            IdentitiesOnly yes
-            IdentityFile ${config.sops.secrets."hydra/remotebuild/private-key".path}
-            User remotebuild
-        '';
+        text = lib.concatMapStringsSep "\n" generateHostEntry filteredMachines;
       };
     in
     {