deployment: implement build offloading from aisaka to rakan

* deployment/keys.scm (aisaka-guix): define signing key of Guix daemon in aisaka. * deployment/systems/aisaka.scm (rakan-machine, guix-offload-rakan, offload-rakan): define the offload target. * deployment/systems/aisaka.scm (system): add the offload configuration to the list of services. * deployment/systems/rakan.scm (guix-offload-authorizations): change the authorized signing key to aisaka's. * deployment/users.scm (openssh-configuration): add the public SSH key of marek@aisaka.
author: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-11-20 19:28:30 +0100
committer: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-11-20 21:49:51 +0100
commit: dbbfb5911e3e69e264a8e4ea86db49392f9cbb8f (patch)
tree: 04f0c97172394ccf3654488768bea626306e7945 /deployment
parent: 7bcd3d05415e4d21bf87557bd70d56607287a380 (diff)
3 files changed, 33 insertions, 3 deletions
diff --git a/deployment/keys.scm b/deployment/keys.scm
index ec67b00..85e2e64 100644
--- a/deployment/keys.scm
+++ b/deployment/keys.scm
@@ -4,16 +4,23 @@
 (define-module (deployment keys)
   #:use-module (guix gexp))
 
+(define-public aisaka-guix
+  (mixed-text-file "aisaka-signing-key.pub"
+                   "(public-key\n"
+                   "  (ecc\n"
+                   "    (curve Ed25519)\n"
+                   "    (q #983CD313090D2699AD26AE5CB589A29F24A32E247A41EB4F4A22D196DFCD9D3C#)))"))
+
 (define-public mcdowell-guix
   (mixed-text-file "mcdowell-signing-key.pub"
                    "(public-key\n"
                    "  (ecc\n"
                    "    (curve Ed25519)\n"
-                   "      (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)))"))
+                   "    (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)))"))
 
 (define-public rakan-guix
   (mixed-text-file "rakan-signing-key.pub"
                    "(public-key\n"
                    "  (ecc\n"
                    "    (curve Ed25519)\n"
-                   "      (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)))"))
+                   "    (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)))"))
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 6f82f9c..aa099c4 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -2,10 +2,13 @@
 ;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
 
 (define-module (deployment systems aisaka)
+  #:use-module (guix gexp)
+  #:use-module ((deployment keys)             #:prefix deployment:keys:)
   #:use-module ((gnu bootloader)              #:prefix gnu:bootloader:)
   #:use-module ((gnu bootloader grub)         #:prefix gnu:bootloader:grub:)
   #:use-module ((gnu packages tls)            #:prefix gnu:packages:tls:)
   #:use-module ((gnu services)                #:prefix gnu:services:)
+  #:use-module ((gnu services base)           #:prefix gnu:services:base:)
   #:use-module ((gnu services dns)            #:prefix gnu:services:dns:)
   #:use-module ((gnu services version-control) #:prefix gnu:services:version-control:)
   #:use-module ((gnu services web)            #:prefix gnu:services:web:)
@@ -352,6 +355,25 @@
        (listen (list "192.168.10.2:443 ssl"))
        (server-name (list "radicale.marekpasnikowski.pl"))))))))
 
+(define rakan-machine
+  #~(build-machine
+    (name        "rakan")
+    (systems     (list "x86_64-linux"
+                       "i686-linux"))
+    (user        "marek")
+    (host-key    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ root@rakan")
+    (private-key "/home/marek/.ssh/id_ed25519")))
+
+(define guix-offload-rakan
+  (gnu:services:base:guix-extension
+    (authorized-keys (list deployment:keys:rakan-guix))
+    (build-machines  (list rakan-machine))))
+
+(define offload-rakan
+  (gnu:services:simple-service 'offload-rakan
+                               gnu:services:base:guix-service-type
+                               guix-offload-rakan))
+
 (define (openssh)
   (use-modules (gnu services ssh))
   ((@ (gnu services) service)
@@ -405,6 +427,7 @@
               (gitolite)
               (sovereign:systems:guix-home-service (list users:id1000:name/home-environment))
               (nginx-izumi)
+              offload-rakan
               (openssh)
               (radicale)))
 
diff --git a/deployment/systems/rakan.scm b/deployment/systems/rakan.scm
index 0f03d65..6d2f244 100644
--- a/deployment/systems/rakan.scm
+++ b/deployment/systems/rakan.scm
@@ -64,7 +64,7 @@
 
 (define guix-offload-authorizations
   (gnu:services:base:guix-extension
-    (authorized-keys (list deployment:keys:mcdowell-guix))))
+    (authorized-keys (list deployment:keys:aisaka-guix))))
 
 (define guix-publish-configuration
   (gnu:services:base:guix-publish-configuration
author	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-11-20 19:28:30 +0100
committer	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-11-20 21:49:51 +0100
commit	dbbfb5911e3e69e264a8e4ea86db49392f9cbb8f (patch)
tree	04f0c97172394ccf3654488768bea626306e7945 /deployment
parent	7bcd3d05415e4d21bf87557bd70d56607287a380 (diff)