From 545d968d20f871e33c8a08a2d644190635196bc5 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 13 Apr 2023 18:10:52 +0200
Subject: [PATCH] `rock5b` as remote builder

---
 modules/nix/default.nix | 13 +++++++++++++
 modules/ssh/default.nix |  7 ++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index 6b77135..408c470 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -38,5 +38,18 @@
       dates = "weekly";
       options = "--delete-older-than 30d";
     };
+
+    buildMachines = [
+      {
+        hostName = "rock5b.fleet";
+        system = "aarch64-linux";
+        maxJobs = 6;
+        speedFactor = 2;
+        supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
+        mandatoryFeatures = [];
+        sshKey = "/etc/ssh/ssh_host_ed25519_key";
+      }
+    ];
+    distributedBuilds = true;
   };
 }
diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix
index ddde73c..76e0048 100644
--- a/modules/ssh/default.nix
+++ b/modules/ssh/default.nix
@@ -1,10 +1,15 @@
 {fleetFlake, ...}: {
   services = {
     sshd.enable = true;
+
     fail2ban = {
       enable = true;
       maxretry = 10;
+      ignoreIP = [
+        "88.198.49.106"
+        "10.100.0.1/24"
+      ];
     };
   };
-  users.users.root.openssh.authorizedKeys.keys = builtins.attrValues (import "${fleetFlake}/lib").keys.users;
+  users.users.root.openssh.authorizedKeys.keys = builtins.attrValues (with (import "${fleetFlake}/lib"); keys.users // keys.hosts);
 }