Set up offloading from laptop to servers

2 files changed, 62 insertions, 0 deletions

diff --git a/tw/channels.scm b/tw/channels.scm
index ff9cdfac..712e891c 100644
--- a/tw/channels.scm
+++ b/tw/channels.scm
@@ -30,6 +30,33 @@
  )
 "))
 
+;; Authorize other machines' Guix signing keys, for offloading.
+(define %tw-signing-keys
+  (list (plain-file "lud-signing-key.pub" "\
+(public-key
+ (ecc
+  (curve Ed25519)
+  (q #907985F2DEC4E15FAF29F4029FEADD266DD6563F7E9548160965C7E61EEDCA51#)
+  )
+ )
+")
+        (plain-file "vin-signing-key.pub" "\
+(public-key
+ (ecc
+  (curve Ed25519)
+  (q #752B01B2CC6E1730BFD8F2B4CF9B9D3D29A07B4B7763EACBD8DEEE9F46E96561#)
+  )
+ )
+")
+        (plain-file "lap-signing-key.pub" "\
+(public-key
+ (ecc
+  (curve Ed25519)
+  (q #DF75857BAD66DB4ED4F3DC6450C9E0923D3162435FDE281B536F40EA22FAD6CF#)
+  )
+ )
+")))
+
 (define-public %system-channel-services
   ;; The gaming channel (https://gitlab.com/guix-gaming-channels) is per-user only.
   (list (simple-service 'nonguix guix-service-type
@@ -37,5 +64,9 @@
            (authorized-keys (list %nonguix-signing-key))
            (substitute-urls '("https://substitutes.nonguix.org"))))
 
+        (simple-service 'offloading guix-service-type
+          (guix-extension
+           (authorized-keys %tw-signing-keys)))
+
         (extra-special-file "/etc/guix/channels.scm"
           (scheme-file "channels.scm" %system-channels))))
diff --git a/tw/system/lap.scm b/tw/system/lap.scm
index 1bcc0d78..4c63da44 100644
--- a/tw/system/lap.scm
+++ b/tw/system/lap.scm
@@ -367,6 +367,37 @@ support extra features (acr, pmu, gr).")
       (extra-special-file "/etc/NetworkManager/dispatcher.d/09-set-timezone"
         (program-file "set-timezone" set-timezone-script))
 
+      (extra-special-file "/etc/guix/machines.scm"
+        (scheme-file "machines.scm"
+          #~(let ((lud (build-machine
+                        (name "lud.twilken.net")
+                        (systems '("x64_64-linux"))
+                        (port '#$(assoc-ref %ssh-ports "lud.twilken.net"))
+                        (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqXbxv3a2bZyGjnEirVCMtRBeLKW/ha8ULSR9Xye4Z1")
+                        (user "timo")
+                        (private-key "/home/timo/.local/share/ssh-keys/id_rsa")
+                        (speed .5)))   ; 4 cores, 8 GB RAM
+                  (vin (build-machine
+                        (name "vin.twilken.net")
+                        (systems '("x64_64-linux"))
+                        (port '#$(assoc-ref %ssh-ports "vin.twilken.net"))
+                        (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEEpdfKxzoCwg53TKPF5YxgUwhGF+bELAyBGdxagQroJ")
+                        (user "timo")
+                        (private-key "/home/timo/.local/share/ssh-keys/id_rsa")
+                        (speed 1.))))  ; 8 cores, 16 GB RAM
+              (use-modules (ice-9 popen)
+                           (ice-9 textual-ports)
+                           (ice-9 regex))
+              (let* ((regexp (make-regexp "^GENERAL\\.CONNECTION:[[:space:]]+TLAN$" regexp/newline))
+                     (pipe (open-pipe* OPEN_READ #$(file-append network-manager "/bin/nmcli")
+                                       "device" "show" "wlp3s0"))
+                     (at-home? (regexp-exec regexp (get-string-all pipe))))
+                (close-pipe pipe)
+                ;; Only offload to vin when at home, as the network connection is too bad otherwise.
+                (if at-home?
+                    (list lud vin)
+                    (list lud))))))
+
       (modify-services (append %system-channel-services %desktop-services)
         (gdm-service-type
          config =>