48 lines
970 B
Nix
48 lines
970 B
Nix
{
|
|
lib,
|
|
config,
|
|
namespace,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.${namespace}.services.remotebuild;
|
|
inherit (lib) mkIf mkEnableOption;
|
|
in
|
|
{
|
|
options.${namespace}.services.remotebuild = {
|
|
enable = mkEnableOption "Enable remotebuild";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
users.users.remotebuild = {
|
|
isNormalUser = true;
|
|
createHome = false;
|
|
group = "remotebuild";
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
|
|
];
|
|
};
|
|
|
|
users.groups.remotebuild = { };
|
|
|
|
nix = {
|
|
nrBuildUsers = 64;
|
|
settings = {
|
|
trusted-users = [ "remotebuild" ];
|
|
|
|
min-free = 10 * 1024 * 1024;
|
|
max-free = 200 * 1024 * 1024;
|
|
|
|
max-jobs = "auto";
|
|
cores = 0;
|
|
};
|
|
};
|
|
|
|
systemd.services.nix-daemon.serviceConfig = {
|
|
MemoryAccounting = true;
|
|
MemoryMax = "90%";
|
|
OOMScoreAdjust = 500;
|
|
};
|
|
};
|
|
}
|