Merge pull request #172 from booxter/nvws-as-builder

booxter · web-flow · commit 18cfd5425737 · 2026-02-23T22:57:26.000-05:00
Register nvws as builder for work profiles
diff --git a/README.md b/README.md
@@ -159,7 +159,7 @@ around `nixmoxer`).
 | --- | --- | --- | --- | --- |
 | `pi5` | NixOS (Raspberry Pi) | DHCP and network services for the lab. | [nixos/pi5/default.nix](nixos/pi5/default.nix) | [common](common), [nixos](nixos) |
 | `beast` | NixOS (x86_64-linux) | NAS storage + Jellyfin/Jellarr server. | [nixos/beast/default.nix](nixos/beast/default.nix) | [common](common), [nixos](nixos) |
-| `nvws` | Proxmox host | Work Proxmox node configuration. Single node. | [nixos/nvws/default.nix](nixos/nvws/default.nix) | [common](common), [nixos](nixos) |
+| `nvws` | Proxmox host | Work Proxmox node configuration. Single node. Also serves as a remote x86_64-linux builder for work machines. | [nixos/nvws/default.nix](nixos/nvws/default.nix) | [common](common), [nixos](nixos) |
 | `prx1-lab` | Proxmox host | Lab Proxmox node (cluster leader). | [nixos/prx1-lab/default.nix](nixos/prx1-lab/default.nix) | [common](common), [nixos](nixos) |
 | `prx2-lab` | Proxmox host | Lab Proxmox node (cluster member). | [nixos/prx2-lab/default.nix](nixos/prx2-lab/default.nix) | [common](common), [nixos](nixos) |
 | `prx3-lab` | Proxmox host | Lab Proxmox node (cluster member). | [nixos/prx3-lab/default.nix](nixos/prx3-lab/default.nix) | [common](common), [nixos](nixos) |
diff --git a/common/_mixins/personal-builders/default.nix b/common/_mixins/personal-builders/default.nix
diff --git a/common/_mixins/work-builders/default.nix b/common/_mixins/work-builders/default.nix
@@ -0,0 +1,44 @@
+{
+  lib,
+  config,
+  username,
+  hostname,
+  ...
+}:
+{
+  programs.ssh = {
+    knownHosts = {
+      "nvws.local" = {
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfcwsYERqU04xrr6LY0lcbkmlcFuThaURac/AlvP8mR";
+      };
+    };
+    extraConfig =
+      let
+        identityFile = "${config.users.users.${username}.home}/.ssh/id_ed25519";
+        user = "ihrachyshka";
+      in
+      ''
+        Host nvws.local
+          Hostname nvws.local
+          IdentityFile ${identityFile}
+          User ${user}
+      '';
+  };
+
+  nix.buildMachines = lib.optional (hostname != "nvws") {
+    hostName = "nvws.local";
+    system = "x86_64-linux";
+    protocol = "ssh-ng";
+    maxJobs = 4;
+    speedFactor = 100;
+    supportedFeatures = [
+      "nixos-test"
+      "benchmark"
+      "big-parallel"
+      "kvm"
+    ];
+  };
+
+  nix.settings.builders-use-substitutes = true;
+  nix.distributedBuilds = true;
+}
diff --git a/common/default.nix b/common/default.nix
@@ -8,6 +8,7 @@
 }:
 let
   canUseBuilders = !isWork && (hostname == "mair" || hostname == "mmini" || hostname == "frame");
+  canUseWorkBuilders = isWork && hostname != "nvws";
   workKeys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHt25mSiJLQjx2JECMuhTZEV6rlrOYk3CT2cUEdXAoYs ihrachyshka@ihrachyshka-mlt"
   ];
@@ -29,7 +30,10 @@ in
   ]
   ++ lib.optionals canUseBuilders [
     ./_mixins/community-builders
-    ./_mixins/remote-builders
+    ./_mixins/personal-builders
+  ]
+  ++ lib.optionals canUseWorkBuilders [
+    ./_mixins/work-builders
   ];
 
   options.host.isWork = lib.mkOption {
diff --git a/scripts/update-machines.sh b/scripts/update-machines.sh
@@ -26,32 +26,39 @@ SSH_HOST_OPTS=()
 
 resolve_ssh_host() {
   local host="$1"
-  local base_host
+  local base_host ssh_lookup_host
   local ssh_config proxy_jump proxy_cmd
   local resolved
   base_host="$(resolve_base_host "$host")"
   SSH_HOST_OPTS=()
+  ssh_lookup_host="$base_host"
 
-  ssh_config="$(ssh -G "$base_host" 2>/dev/null || true)"
+  # Work hosts are accessed over mDNS because corporate DNS policy blocks use
+  # of the LAN DNS server for these names.
+  if [[ "$MODE" == "work" && "$ssh_lookup_host" != *.* && ! "$ssh_lookup_host" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+    ssh_lookup_host="${ssh_lookup_host}.local"
+  fi
+
+  ssh_config="$(ssh -G "$ssh_lookup_host" 2>/dev/null || true)"
   proxy_jump="$(awk '$1=="proxyjump" {print $2; exit}' <<<"$ssh_config")"
   proxy_cmd="$(awk '$1=="proxycommand" {print $2; exit}' <<<"$ssh_config")"
   if [[ -n "$proxy_jump" && "$proxy_jump" != "none" ]]; then
-    printf '%s' "$base_host"
+    printf '%s' "$ssh_lookup_host"
     return
   fi
   if [[ -n "$proxy_cmd" && "$proxy_cmd" != "none" ]]; then
-    printf '%s' "$base_host"
+    printf '%s' "$ssh_lookup_host"
     return
   fi
 
-  resolved="$(dig +short +time=1 +tries=1 "@${LAN_DNS_SERVER}" "$base_host" A | head -n1)"
+  resolved="$(dig +short +time=1 +tries=1 "@${LAN_DNS_SERVER}" "$ssh_lookup_host" A | head -n1)"
   if [[ -n "$resolved" ]]; then
-    SSH_HOST_OPTS=(-o HostName="$resolved" -o HostKeyAlias="$base_host")
-    printf '%s' "$base_host"
+    SSH_HOST_OPTS=(-o HostName="$resolved" -o HostKeyAlias="$ssh_lookup_host")
+    printf '%s' "$ssh_lookup_host"
     return
   fi
 
-  printf '%s' "$base_host"
+  printf '%s' "$ssh_lookup_host"
 }
 
 ssh_base_opts=(
