From dbbfb5911e3e69e264a8e4ea86db49392f9cbb8f Mon Sep 17 00:00:00 2001
From: Marek Paśnikowski <marek@marekpasnikowski.pl>
Date: Thu, 20 Nov 2025 19:28:30 +0100
Subject: deployment: implement build offloading from aisaka to rakan

* deployment/keys.scm (aisaka-guix):
  define signing key of Guix daemon in aisaka.

* deployment/systems/aisaka.scm (rakan-machine, guix-offload-rakan, offload-rakan):
  define the offload target.

* deployment/systems/aisaka.scm (system):
  add the offload configuration to the list of services.

* deployment/systems/rakan.scm (guix-offload-authorizations):
  change the authorized signing key to aisaka's.

* deployment/users.scm (openssh-configuration):
  add the public SSH key of marek@aisaka.
---
 deployment/systems/aisaka.scm | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'deployment/systems/aisaka.scm')

diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 6f82f9c..aa099c4 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -2,10 +2,13 @@
 ;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
 
 (define-module (deployment systems aisaka)
+  #:use-module (guix gexp)
+  #:use-module ((deployment keys)             #:prefix deployment:keys:)
   #:use-module ((gnu bootloader)              #:prefix gnu:bootloader:)
   #:use-module ((gnu bootloader grub)         #:prefix gnu:bootloader:grub:)
   #:use-module ((gnu packages tls)            #:prefix gnu:packages:tls:)
   #:use-module ((gnu services)                #:prefix gnu:services:)
+  #:use-module ((gnu services base)           #:prefix gnu:services:base:)
   #:use-module ((gnu services dns)            #:prefix gnu:services:dns:)
   #:use-module ((gnu services version-control) #:prefix gnu:services:version-control:)
   #:use-module ((gnu services web)            #:prefix gnu:services:web:)
@@ -352,6 +355,25 @@
        (listen (list "192.168.10.2:443 ssl"))
        (server-name (list "radicale.marekpasnikowski.pl"))))))))
 
+(define rakan-machine
+  #~(build-machine
+    (name        "rakan")
+    (systems     (list "x86_64-linux"
+                       "i686-linux"))
+    (user        "marek")
+    (host-key    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ root@rakan")
+    (private-key "/home/marek/.ssh/id_ed25519")))
+
+(define guix-offload-rakan
+  (gnu:services:base:guix-extension
+    (authorized-keys (list deployment:keys:rakan-guix))
+    (build-machines  (list rakan-machine))))
+
+(define offload-rakan
+  (gnu:services:simple-service 'offload-rakan
+                               gnu:services:base:guix-service-type
+                               guix-offload-rakan))
+
 (define (openssh)
   (use-modules (gnu services ssh))
   ((@ (gnu services) service)
@@ -405,6 +427,7 @@
               (gitolite)
               (sovereign:systems:guix-home-service (list users:id1000:name/home-environment))
               (nginx-izumi)
+              offload-rakan
               (openssh)
               (radicale)))
 
-- 
cgit v1.2.3