First pass at enabling remote builds

flake.nix

@@ -44,6 +44,7 @@
               useUserPackages = true;
               users.tsv = import users/tsv/ritchie.nix;
               users.foxsoft = import users/foxsoft/home.nix;
+              users.root = import users/root/home.nix;
             };
           }
         ];

system/kernighan/kernighan.nix

@@ -7,7 +7,6 @@
       ../shared/shared-configuration.nix
       ./kernighan-hardware.nix
       ./services/nginx.nix
-      ./services/home_assistant.nix
     ];
 
   networking = {
@@ -39,4 +38,17 @@
     git
     vim
   ];
+
+  nix.buildMachines = [ {
+    hostName = "kernighan";
+    system = "x86_64-linux";
+    protocol = "ssh-ng";
+    maxJobs = 1;
+    speedFactor = 2;
+    supportedFeatures = [ "nixos-test" ];
+  } ];
+  nix.distributedBuilds = true;
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+  '';
 }

system/shared/shared-configuration.nix

@@ -19,7 +19,11 @@
 
   time.timeZone = "Europe/London";
 
-  users.groups.tmux.gid = 1000; # Used for tmux pairing
+  users.groups = {
+    tmux.gid = 1000; # Used for tmux pairing
+    nixremote = {};
+  };
+
   systemd.tmpfiles.rules = [
     "d /var/tmux_share 2770 tsv tmux"
   ];
@@ -37,12 +41,24 @@
     ];
   };
 
+  users.users.nixremote = {
+    createHome = true;
+    uid = null;
+    isNormalUser = true;
+    description = "For remote Nix builds";
+    openssh.authorizedKeys.keyFiles = [
+      ../../users/nixremote/authorized_keys
+    ];
+    homeMode = "500";
+    group = "nixremote";
+  };
+
   nix = {
     extraOptions = "experimental-features = nix-command flakes";
     package = pkgs.nixFlakes;
     settings = {
       auto-optimise-store = true;
-      trusted-users = [ "root" "tsv" ];
+      trusted-users = [ "root" "tsv" "nixremote" ];
     };
     gc = {
       automatic = true;

users/nixremote/authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBQw4hvjp+7VSlwmyYhh4fcnU8JWMlVrQNYmKezcyCm77Q5QN+e2gKb7A0RAitzdDYX1GL7v0bvHGUX9aUyVfGXe7XjF7u+3BNEqgod32TXRzOPMCdEeILy+0/JGhhPB4x3APN6CHK6m6IUX8JnrL1lBDaX0vdqTkVc3OiPmqF7pgeuyxcdnZuawFWyPUA9qc3riazkw0Is5yAysMC9UF/AreIRCDeI2ZBWthTNTXWYvmJaGftDYvUdlLHbxcxbj2VOHVOoG0H6B+l/loV3nhmbywKf61E9ImsDxncJ2fpDo6eKY+Ub/NLOceq4dKEZUju/ffnbL4a2tw5vhz6PbVn9RoXQhP4RCOCKMl+Nl86zmcJzGt+GcsSbjK/ZtygjKFAa38p+nYBMoC+NoxoHF0/xIJHfbDltJF1yN+2NBkK7BJH0dQ0jwx9rbcHDFjwqpvlqAIjlh1WG4oNEIVatr1kpm3z0ELL3k7+3AGx0XPsi60okRKp6mci7kUlhjrT178= root@kernighan

users/root/home.nix

@@ -0,0 +1,6 @@
+{ config, pkgs, ... }:
+
+{
+  home.stateVersion = "22.11";
+  home.file.".ssh/config".source = ./ssh/config;
+}

users/root/ssh/config

@@ -0,0 +1,7 @@
+Host ritchie
+  HostName 192.168.40.192
+  Port 2222
+  IdentitiesOnly yes
+  IdentityFile /root/.ssh/nixremote
+  User nixremote
+  StrictHostKeyChecking=accept-new

users/tsv/kitty/kitty.conf

@@ -1,4 +1,6 @@
 font_family      JetBrainsMonoNL NFM Light
+italic_font      Source Code Pro
+bold_italic_font Source Code Pro
 font_size 10.0
 include          gruvbox_dark_soft.conf
 background_opacity 0.9

users/tsv/packages.nix

@@ -3,6 +3,7 @@
 {
    home.packages = with pkgs; [
     aaxtomp3                              # For converting Audible files
+    alacritty
     anki
     audible-cli
     bitwarden

users/tsv/tmux.conf

@@ -7,8 +7,8 @@ bind-key C-o last-window
 set-option -g prefix C-o
 unbind-key C-b
 
-set -g default-terminal "tmux-256color"
-set -as terminal-features ",xterm-256color:RGB"
+set -g default-terminal "tmux"
+set -as terminal-features ",kitty:RGB"
 
 set -g history-limit 10000