34 papercuts

CHANGELOG.md

@@ -1,3 +1,10 @@
+- Use Microsoft's Python VSCode extension for Python IDE functionality
+- Use `gitlens.remotes` to support `git.clan.lol`
+- Added signing key for `hermes-macos` and `hermes-linux-builder`
+- Changed `hermes-linux-builder` to use up to 50 GiB disk space
+- Removed `nix-generate-signing-key` service from `linux-builder`
+- Added assert guard for when `nix.linux-builder.maxJobs` defaults to `virtualisation.cores`
+- Use `nix.linux-builder.config.virtualisation.cores` to add more cores to `{chi,hermes}-linux-builder`
 - Use `scrcpy` over Tailscale on `hermes-macos`
 - Updated `nix-darwin`
 - Added `*.qcow2` to `gitignore` to prevent `jj` adding them to commits

hosts/aether/configuration.nix

@@ -15,8 +15,6 @@
   zramSwap.enable = true;
   zramSwap.memoryPercent = 250;
 
-  nix.settings.secret-key-files = [ "/etc/nix/key" ];
-
   users.users.builder = {
     openssh.authorizedKeys.keys =
       builtins.attrValues { inherit (keys.hosts) echo; };

hosts/chi/darwin-configuration.nix

@@ -1,4 +1,4 @@
-{ user, pkgs, lib, ... }:
+{ user, keys, pkgs, lib, ... }:
 
 {
   networking.knownNetworkServices = [ "Ethernet" "Wi-Fi" ];
@@ -27,5 +27,9 @@
     "/System/Applications/System Settings.app"
   ];
 
+  nix.linux-builder.config.users.users.builder.openssh.authorizedKeys.keys =
+    builtins.attrValues { inherit (keys.hosts) echo; };
+  nix.linux-builder.config.virtualisation.cores = 4;
+
   system.stateVersion = 5;
 }

hosts/echo/darwin-configuration.nix

@@ -5,8 +5,6 @@
 
   ids.gids.nixbld = 30000;
 
-  nix.settings.secret-key-files = [ "/etc/nix/key" ];
-
   nix.distributedBuilds = true;
 
   nix.buildMachines = [{

hosts/hermes/darwin-configuration.nix

@@ -32,5 +32,9 @@
     "/System/Applications/iPhone Mirroring.app"
   ];
 
+  nix.linux-builder.config.virtualisation.cores = 4;
+  nix.linux-builder.config.virtualisation.darwin-builder.diskSize = 50
+    * 1024; # 50 GiB
+
   system.stateVersion = 5;
 }

keys.nix

@@ -24,5 +24,9 @@
     chi-linux-builder =
       "chi-linux-builder-1:u0hwDFmxev8B65kKbSAjBP7nGR+it429j/UbsdZd3gs=";
     echo = "echo-1:B0HChd9IxG8P9V2NezeWCBsst8AdVTxesCiePZUaduc=";
+    hermes-macos =
+      "hermes-macos-1:H8qFV4OhrWSbfHsQV6R2VzE2t3N+3nzItt856oWG0Kc=";
+    hermes-linux-builder =
+      "hermes-linux-builder-1:tibNs5BpVb54V17EimjfobHDgut+y9cfHMD57vojLmo=";
   };
 }

modules/base.nix

@@ -48,6 +48,9 @@ let
 
       nix.settings.builders-use-substitutes = true;
 
+      nix.settings.secret-key-files =
+        lib.mkIf (keys.signing ? ${hostname}) [ "/etc/nix/key" ];
+
       home-manager.users.root.home.stateVersion = "24.05";
 
       # We don't use `programs.ssh.extraConfig` because the SSH module

modules/linux-builder.nix

@@ -1,39 +1,29 @@
 {
-  darwinModule = { inputs, user, host, keys, pkgs, ... }: {
-    nix.linux-builder.enable = true;
-    nix.linux-builder.config = { config, pkgs, lib, ... }: {
-      imports = [ (import ./cache.nix).nixosModule ];
+  darwinModule =
+    { inputs, user, host, keys, options, config, pkgs, lib, ... }: {
+      nix.linux-builder.enable = true;
+      nix.linux-builder.config = { config, pkgs, lib, ... }: {
+        imports = [ (import ./cache.nix).nixosModule ];
 
-      _module.args = { inherit keys; };
+        _module.args = { inherit keys; };
 
-      networking.hostName = "${host}-linux-builder";
+        networking.hostName = "${host}-linux-builder";
 
-      services.tailscale.enable = true;
+        services.tailscale.enable = true;
 
-      users.users.builder.openssh.authorizedKeys.keys =
-        builtins.attrValues { inherit (keys.hosts) echo; };
+        users.users.root.openssh.authorizedKeys.keys =
+          builtins.attrValues { inherit (keys.users) enzime; };
 
-      users.users.root.openssh.authorizedKeys.keys =
-        builtins.attrValues { inherit (keys.users) enzime; };
+        nix.settings.experimental-features = "nix-command flakes";
+        nix.settings.secret-key-files = [ "/etc/nix/key" ];
 
-      systemd.services.nix-generate-signing-key = {
-        wantedBy = [ "multi-user.target" ];
-        serviceConfig.Type = "oneshot";
-        path = [ pkgs.nix ];
-        script = ''
-          [[ -f /etc/nix/key ]] && exit
-          nix key generate-secret --key-name ${config.networking.hostName}-1 > /etc/nix/key
-          chmod 400 /etc/nix/key
-          nix key convert-secret-to-public < /etc/nix/key > /etc/nix/key.pub
-        '';
-      };
-
-      nix.settings.experimental-features = "nix-command flakes";
-      nix.settings.secret-key-files = [ "/etc/nix/key" ];
+        nix.settings.trusted-users = lib.mkForce [ "root" ];
 
-      nix.settings.trusted-users = lib.mkForce [ "root" ];
-
-      nixpkgs.overlays = [ inputs.nix-overlay.overlay ];
+        nixpkgs.overlays = [ inputs.nix-overlay.overlay ];
+      };
+      # Remove when this change is present in upstream nix-darwin
+      nix.linux-builder.maxJobs =
+        assert !options.nix.linux-builder.maxJobs ? defaultText;
+        config.nix.linux-builder.package.nixosConfig.virtualisation.cores;
     };
-  };
 }

modules/vscode.nix

@@ -39,6 +39,10 @@
         pkgs.vscode-extensions.jnoortheen.nix-ide
         pkgs.vscode-extensions.xadillax.viml
         pkgs.vscode-extensions.nefrob.vscode-just-syntax
+      ] ++ lib.optionals (hostPlatform.isx86_64 || hostPlatform.isDarwin) [
+        (pkgs.vscode-extensions.ms-python.python.override {
+          pythonUseFixed = true;
+        })
       ];
       programs.vscode.keybindings =
         let mod = if hostPlatform.isDarwin then "cmd" else "ctrl";
@@ -201,6 +205,11 @@
           # Don't use GitLens to edit git rebase commands
           "workbench.editorAssociations" = { "git-rebase-todo" = "default"; };
 
+          "gitlens.remotes" = [{
+            domain = "git.clan.lol";
+            type = "Gitea";
+          }];
+
           "editor.bracketPairColorization.enabled" = true;
           "editor.guides.bracketPairs" = true;
           "colorize.include" = [ "*" ];