feat(oksys): add servivi as remote builder

devices/oksys/default.nix

@@ -8,6 +8,7 @@
     ./modules/blocky.nix
     ./modules/caddy.nix
     ./modules/headscale.nix
+    ./modules/remote-builder.nix
     ./modules/unbound.nix
   ];
 

devices/oksys/modules/remote-builder.nix

@@ -0,0 +1,36 @@
+{config, ...}: let
+  servivi = "100.64.0.7";
+in {
+  home-manager.users.root = {
+    home.file.".ssh/config".text = ''
+      Host ${servivi}
+        # Prevent using ssh-agent or another keyfile, useful for testing
+        IdentitiesOnly yes
+        IdentityFile ${config.sops.secrets.nixremote.path}
+
+        # The weakly privileged user on the remote builder – if not set, 'root' is used – which will hopefully fail
+        User nixremote
+    '';
+  };
+
+  programs.ssh.knownHosts = {
+    ${servivi}.publicKey = "servivi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkNW0H4Fl6NFgahlgGbSvglg1DrX4yl1ht9Lp+vHE2A";
+  };
+
+  nix.buildMachines = [
+    {
+      hostName = servivi;
+      system = "x86_64-linux";
+      protocol = "ssh-ng";
+      maxJobs = 1;
+      speedFactor = 2;
+      supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+      mandatoryFeatures = [];
+    }
+  ];
+  nix.distributedBuilds = true;
+  # optional, useful when the builder has a faster internet connection than yours
+  nix.extraOptions = ''
+    builders-use-substitutes = true
+  '';
+}

devices/servivi/modules/minecraft.nix

@@ -95,22 +95,24 @@
           jvmPackage = jre17;
           jvmOpts = "";
 
-          serverConfig = {
+          serverConfig =
-            server-port = 25569;
+            {
-            motd = "we do a little hunting of the vaults";
+              server-port = 25569;
+              motd = "we do a little hunting of the vaults";
 
-            extra-options = {
+              extra-options = {
-              difficulty = "hard";
+                difficulty = "hard";
-              enable-command-block = true;
+                enable-command-block = true;
-              entity-broadcast-range-percentage = 150;
+                entity-broadcast-range-percentage = 150;
-              level-type = "default";
+                level-type = "default";
-              max-players = 8;
+                max-players = 8;
-              spawn-protection = 0;
+                spawn-protection = 0;
-              sync-chunk-writes = true;
+                sync-chunk-writes = true;
-              use-native-transport = true;
+                use-native-transport = true;
-              view-distance = 10;
+                view-distance = 10;
-            };
+              };
-          } // defaults;
+            }
+            // defaults;
         };
       };
     };

flake.lock

@@ -898,11 +898,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1703868359,
+        "lastModified": 1703879060,
-        "narHash": "sha256-NH+jhF6H32MMWRhbkjFjoAtgf4iTL6GddbXv9atJycg=",
+        "narHash": "sha256-U0dvm3qwldDDnR1jYE7gNNW7XChYCZ6JyUCcSFFDpBs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "a2d1b337dff56fdcd367543c81b83fd3691cd1d2",
+        "rev": "4a8f8f5355cb9d3334d311cb25fc6ab641b501dc",
         "type": "github"
       },
       "original": {
@@ -961,11 +961,11 @@
         "sops-nix": "sops-nix"
       },
       "locked": {
-        "lastModified": 1703687968,
+        "lastModified": 1703883360,
-        "narHash": "sha256-wkdaj8F/uD8Rm3HmNcy7IVRguzWeCd4svuVPILIWbq4=",
+        "narHash": "sha256-+b5xlxvPtwEXPKBCSlJPgtEezSMwK66DUX51mosP+Fc=",
         "ref": "refs/heads/main",
-        "rev": "77c68ba0cbc6da18531dedfcf864038a6e4aaf9f",
+        "rev": "7a2e60d2a2abb9d71994e2f88fa593b28822877e",
-        "revCount": 19,
+        "revCount": 20,
         "type": "git",
         "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
       },

modules/greetd/default.nix

@@ -3,7 +3,8 @@
   pkgs,
   config,
   ...
-}: with lib; let
+}:
+with lib; let
   # Nix stuff
   isNvidia = config.hardware.nvidia.modesetting.enable;
   isTouchscreen = config.hardware.sensor.iio.enable;