From 0e8b73f9e2d29117669a8528f40e6327123a30e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vili=20Sinerv=C3=A4?= <vili.m.sinerva@gmail.com>
Date: Mon, 14 Jul 2025 01:38:37 +0300
Subject: [PATCH] Change everything to use SSH cach + remote builder

---
 hosts/x86_64-linux/forgejo.nix        |  8 +++++++-
 hosts/x86_64-linux/gaming.nix         |  8 +++++++-
 hosts/x86_64-linux/helium.nix         |  5 ++++-
 hosts/x86_64-linux/idacloud.nix       | 16 +++++++++++-----
 hosts/x86_64-linux/lithium.nix        |  5 ++++-
 hosts/x86_64-linux/nextcloud.nix      | 12 +++++++++---
 hosts/x86_64-linux/siit-dc.nix        |  8 +++++++-
 hosts/x86_64-linux/syncthing.nix      |  8 +++++++-
 hosts/x86_64-linux/vaultwarden.nix    |  8 +++++++-
 hosts/x86_64-linux/zfs-backup.nix     |  8 +++++++-
 modules/services/nix-cache-server.nix | 10 ++++++++++
 11 files changed, 80 insertions(+), 16 deletions(-)

diff --git a/hosts/x86_64-linux/forgejo.nix b/hosts/x86_64-linux/forgejo.nix
index 57a8fbf..8c9ae10 100644
--- a/hosts/x86_64-linux/forgejo.nix
+++ b/hosts/x86_64-linux/forgejo.nix
@@ -7,7 +7,13 @@
       impermanence.enable = true;
       vm.enable = true;
     };
-    services.forgejo.enable = true;
+    services = {
+      forgejo.enable = true;
+      nixCacheClient = {
+        enable = true;
+        disableLocalBuilds = true;
+      };
+    };
   };
   networking.hostId = "b5b67528";
   system.stateVersion = "25.05";
diff --git a/hosts/x86_64-linux/gaming.nix b/hosts/x86_64-linux/gaming.nix
index eaa15fc..0b1aff9 100644
--- a/hosts/x86_64-linux/gaming.nix
+++ b/hosts/x86_64-linux/gaming.nix
@@ -10,7 +10,13 @@
     hardware.nvidia.enable = true;
     roles.desktop.enable = true;
     programs.i3.enable = true;
-    services.gamingServer.enable = true;
+    services = {
+      gamingServer.enable = true;
+      nixCacheClient = {
+        enable = true;
+        disableLocalBuilds = true;
+      };
+    };
   };
   networking.hostId = "48434cbd";
   system.stateVersion = "25.05";
diff --git a/hosts/x86_64-linux/helium.nix b/hosts/x86_64-linux/helium.nix
index 22fb7c6..7d464e4 100644
--- a/hosts/x86_64-linux/helium.nix
+++ b/hosts/x86_64-linux/helium.nix
@@ -20,7 +20,10 @@
     };
     hardware.amdLaptop.enable = true;
     platform.hibernate.enable = true;
-    services.syncthing.enable = true;
+    services = {
+      syncthing.enable = true;
+      nixCacheClient.enable = true;
+    };
   };
   system.stateVersion = "23.11";
 
diff --git a/hosts/x86_64-linux/idacloud.nix b/hosts/x86_64-linux/idacloud.nix
index 402deb3..7126e43 100644
--- a/hosts/x86_64-linux/idacloud.nix
+++ b/hosts/x86_64-linux/idacloud.nix
@@ -7,12 +7,18 @@
       impermanence.enable = true;
       vm.enable = true;
     };
-    services.nextcloud = {
-      enable = true;
-      domain = "idacloud.sinerva.eu";
-      collabora = {
+    services = {
+      nextcloud = {
         enable = true;
-        domain = "idacollab.sinerva.eu";
+        domain = "idacloud.sinerva.eu";
+        collabora = {
+          enable = true;
+          domain = "idacollab.sinerva.eu";
+        };
+      };
+      nixCacheClient = {
+        enable = true;
+        disableLocalBuilds = true;
       };
     };
     networking.idacloudWg.enable = true;
diff --git a/hosts/x86_64-linux/lithium.nix b/hosts/x86_64-linux/lithium.nix
index 6ab8481..eb14944 100644
--- a/hosts/x86_64-linux/lithium.nix
+++ b/hosts/x86_64-linux/lithium.nix
@@ -20,7 +20,10 @@
     };
     hardware.intelLaptop.enable = true;
     platform.hibernate.enable = true;
-    services.syncthing.enable = true;
+    services = {
+      syncthing.enable = true;
+      nixCacheClient.enable = true;
+    };
   };
   system.stateVersion = "24.05";
 
diff --git a/hosts/x86_64-linux/nextcloud.nix b/hosts/x86_64-linux/nextcloud.nix
index e9cd89d..21ea5ec 100644
--- a/hosts/x86_64-linux/nextcloud.nix
+++ b/hosts/x86_64-linux/nextcloud.nix
@@ -7,9 +7,15 @@
       impermanence.enable = true;
       vm.enable = true;
     };
-    services.nextcloud = {
-      enable = true;
-      domain = "nextcloud.vsinerva.fi";
+    services = {
+      nextcloud = {
+        enable = true;
+        domain = "nextcloud.vsinerva.fi";
+      };
+      nixCacheClient = {
+        enable = true;
+        disableLocalBuilds = true;
+      };
     };
   };
   networking.hostId = "ba0aeb92";
diff --git a/hosts/x86_64-linux/siit-dc.nix b/hosts/x86_64-linux/siit-dc.nix
index 961d4ff..c94fcb0 100644
--- a/hosts/x86_64-linux/siit-dc.nix
+++ b/hosts/x86_64-linux/siit-dc.nix
@@ -12,7 +12,13 @@
       impermanence.enable = true;
       vm.enable = true;
     };
-    services.siit.enable = true;
+    services = {
+      siit.enable = true;
+      nixCacheClient = {
+        enable = true;
+        disableLocalBuilds = true;
+      };
+    };
   };
   networking.hostId = "f1636fe0";
   system.stateVersion = "25.05";
diff --git a/hosts/x86_64-linux/syncthing.nix b/hosts/x86_64-linux/syncthing.nix
index e81de6f..a339e0c 100644
--- a/hosts/x86_64-linux/syncthing.nix
+++ b/hosts/x86_64-linux/syncthing.nix
@@ -3,7 +3,13 @@
   custom = {
     platform.vm.enable = true;
     users.vili.enable = true;
-    services.syncthing.enable = true;
+    services = {
+      syncthing.enable = true;
+      nixCacheClient = {
+        enable = true;
+        disableLocalBuilds = true;
+      };
+    };
   };
   system.stateVersion = "22.11";
 
diff --git a/hosts/x86_64-linux/vaultwarden.nix b/hosts/x86_64-linux/vaultwarden.nix
index db0234b..b8f559e 100644
--- a/hosts/x86_64-linux/vaultwarden.nix
+++ b/hosts/x86_64-linux/vaultwarden.nix
@@ -7,7 +7,13 @@
       impermanence.enable = true;
       vm.enable = true;
     };
-    services.vaultwarden.enable = true;
+    services = {
+      vaultwarden.enable = true;
+      nixCacheClient = {
+        enable = true;
+        disableLocalBuilds = true;
+      };
+    };
   };
   networking.hostId = "2842298f";
   system.stateVersion = "25.05";
diff --git a/hosts/x86_64-linux/zfs-backup.nix b/hosts/x86_64-linux/zfs-backup.nix
index 98e861e..6b56ad9 100644
--- a/hosts/x86_64-linux/zfs-backup.nix
+++ b/hosts/x86_64-linux/zfs-backup.nix
@@ -7,7 +7,13 @@
       impermanence.enable = true;
       vm.enable = true;
     };
-    services.zfsBackupServer.enable = true;
+    services = {
+      zfsBackupServer.enable = true;
+      nixCacheClient = {
+        enable = true;
+        disableLocalBuilds = true;
+      };
+    };
   };
   networking.hostId = "353bc8fd";
   system.stateVersion = "25.05";
diff --git a/modules/services/nix-cache-server.nix b/modules/services/nix-cache-server.nix
index 6fc26db..8ac1988 100644
--- a/modules/services/nix-cache-server.nix
+++ b/modules/services/nix-cache-server.nix
@@ -18,6 +18,16 @@ in
         write = true;
         keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNhPvGogPY/O6kIqrpbz0EcK4L5QQShvD+vuyk7FxFd root@cert-store"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG74oN4MnrCm/rm1WyYy7M7Lv1qMRgcy3sDCgj6YN2zE root@forgejo"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5HaiVVOfb8l19aVGG1CTkZ25G439Llg4aieZdKFzSq root@gaming"
+          # TODO Helium
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbOwFM599I7trhizhUe1ZpnXf8q4Uz3zgAnMCwwCf0K root@idacloud"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRtE6KCyD6BFfzff9cuD2ZhEdPKEgp+WGsD0s81736J root@lithium"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvVPRMrYsacSWyVSFFydgIB9vSiu5gKs7Pn+jipTGpV root@nextcloud"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCp67Rr03FH0DGhl6d2w/otBNaC5sI1y6rt5Gfi2tP6 root@siit-dc"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8s/x8NcdOHPVcTSuVj+X9/J+qbuZEB792YaOG0CUzD root@syncthing"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII10aYyPOgpd+WAtgSyomH3sE6Cq54GftVm5xeC8KKlz root@vaultwarden"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWGvIc4sq+WzPqT2y003zga3StMgj7F8vwTjNkZ//d8 root@zfs-backup"
         ];
       };
     };