From 8bc6b2c6b6ac125e4b19b9ba350cdb1a02952707 Mon Sep 17 00:00:00 2001
From: Thiago Kenji Okada <thiagokokada@gmail.com>
Date: Wed, 20 Sep 2023 21:09:57 +0100
Subject: [PATCH] actions: add aarch64-linux remote builder

---
 .github/workflows/build-and-cache.yml | 13 +++++++++++++
 actions/build-and-cache.nix           |  9 ++++++++-
 actions/constants.nix                 |  1 +
 actions/steps.nix                     | 16 ++++++++++++++++
 actions/update-flakes.nix             |  4 ----
 5 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml
index db96a514..b279710e 100644
--- a/.github/workflows/build-and-cache.yml
+++ b/.github/workflows/build-and-cache.yml
@@ -13,10 +13,21 @@ jobs:
           root-reserve-mb: 512
           swap-size-mb: 1024
       - uses: actions/checkout@v4
+      - name: Tailscale
+        uses: tailscale/github-action@v2
+        with:
+          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
+          tags: tag:ci
+      - name: Setup SSH for Nix's remote builders
+        run: |
+          sudo mkdir -p /root/.ssh
+          printf 'Host *\n\tStrictHostKeyChecking accept-new' | sudo tee /root/.ssh/config
       - uses: cachix/install-nix-action@v22
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+            builders = ssh://zatsune-nixos-uk aarch64-linux
           nix_path: nixpkgs=channel:nixos-unstable
       - uses: cachix/cachix-action@v12
         with:
@@ -35,6 +46,8 @@ jobs:
           nix build --print-build-logs '.#nixosConfigurations.miku-nixos.config.system.build.toplevel'
           nix build --print-build-logs '.#nixosConfigurations.mirai-vps.config.system.build.toplevel'
           nix build --print-build-logs '.#nixosConfigurations.sankyuu-nixos.config.system.build.toplevel'
+      - name: 'Build NixOS configs for: zatsune-nixos'
+        run: nix build --print-build-logs '.#nixosConfigurations.zatsune-nixos.config.system.build.toplevel'
   build-macos:
     runs-on: macos-13
     steps:
diff --git a/actions/build-and-cache.nix b/actions/build-and-cache.nix
index 2cd464ce..7eff4b79 100644
--- a/actions/build-and-cache.nix
+++ b/actions/build-and-cache.nix
@@ -12,11 +12,18 @@ with constants;
       steps = with steps; [
         maximimizeBuildSpaceStep
         checkoutStep
-        (installNixActionStep { })
+        setupTailscale
+        setupSshForRemoteBuilder
+        (installNixActionStep {
+          extraNixConfig = ''
+            builders = ssh://zatsune-nixos-uk aarch64-linux
+          '';
+        })
         cachixActionStep
         setDefaultGitBranchStep
         (buildHomeManagerConfigurations { })
         (buildNixOSConfigurations { })
+        (buildNixOSConfigurations { hostnames = [ "zatsune-nixos" ]; })
       ];
     };
     build-macos = {
diff --git a/actions/constants.nix b/actions/constants.nix
index 997f63fc..fb4a4660 100644
--- a/actions/constants.nix
+++ b/actions/constants.nix
@@ -6,6 +6,7 @@
     maximize-build-space = "easimon/maximize-build-space@v7";
     create-pull-request = "peter-evans/create-pull-request@v5";
     command-output = "mathiasvr/command-output@v2.0.0";
+    tailscale = "tailscale/github-action@v2";
   };
   ubuntu.runs-on = "ubuntu-latest";
   macos.runs-on = "macos-13";
diff --git a/actions/steps.nix b/actions/steps.nix
index 9dee89e9..b79d6ef5 100644
--- a/actions/steps.nix
+++ b/actions/steps.nix
@@ -115,4 +115,20 @@ with constants;
       sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static
     '';
   };
+  setupSshForRemoteBuilder = {
+    name = "Setup SSH for Nix's remote builders";
+    run = ''
+      sudo mkdir -p /root/.ssh
+      printf 'Host *\n\tStrictHostKeyChecking accept-new' | sudo tee /root/.ssh/config
+    '';
+  };
+  setupTailscale = {
+    name = "Tailscale";
+    uses = actions.tailscale;
+    "with" = {
+      oauth-client-id = "\${{ secrets.TS_OAUTH_CLIENT_ID }}";
+      oauth-secret = "\${{ secrets.TS_OAUTH_SECRET }}";
+      tags = "tag:ci";
+    };
+  };
 }
diff --git a/actions/update-flakes.nix b/actions/update-flakes.nix
index 78b64308..df191ae8 100644
--- a/actions/update-flakes.nix
+++ b/actions/update-flakes.nix
@@ -1,7 +1,6 @@
 let
   steps = import ./steps.nix;
   constants = import ./constants.nix;
-  first = list: builtins.elemAt list 0;
 in
 with constants;
 {
@@ -19,12 +18,9 @@ with constants;
         (installNixActionStep { })
         setDefaultGitBranchStep
         cachixActionStep
-        # (buildNixOSConfigurations { hostnames = [ (first nixos.hostnames) ]; extraNixFlags = [ "-o /tmp/nixos_old" ]; })
         updateFlakeLockStep
         (buildHomeManagerConfigurations { })
         (buildNixOSConfigurations { })
-        # (buildNixOSConfigurations { hostnames = [ (first nixos.hostnames) ]; extraNixFlags = [ "-o /tmp/nixos_new" ]; })
-        # (diffNixOutputs "NixOS" "/tmp/nixos_old" "/tmp/nixos_new")
         (createPullRequestStep [ ])
       ];
     };