dotfiles/os/remote-builds/default.nix

77 lines
2.1 KiB
Nix
Raw Normal View History

2024-12-15 00:29:51 +01:00
{
pkgs,
lib,
config,
...
}:
2024-04-10 01:05:38 +02:00
let
2024-05-06 22:25:35 +02:00
vivariumBuilderDefault = {
2024-12-15 00:29:51 +01:00
systems = [
"x86_64-linux"
"aarch64-linux"
];
2024-05-06 22:25:35 +02:00
protocol = "ssh-ng";
sshUser = "nixremote";
# sshKey doesn't work
};
# MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key | base64 -w0
2024-05-06 22:25:35 +02:00
vivariumBuilders = [
{
hostName = "abavorana.frogeye.fr";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5iNzcrS01tRHI0MVhZdmZITXQvK3NHMkJCSEIzYUl4M045WDNVejhFaUogZ2VvZmZyZXlAY3VyYWNhbwo=";
2024-12-15 00:29:51 +01:00
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
maxJobs = 8;
2024-05-06 22:25:35 +02:00
}
{
hostName = "ludwig.clowncar.frogeye.fr";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU41SXZhMzNXeGplN095cHVEUHBSakFNMTlvRUtEVDRiYlpUTm82V1FLZTAgZ2VvZmZyZXlAY3VyYWNhbwo=";
maxJobs = 4;
2024-05-06 22:25:35 +02:00
}
];
# MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat
2024-04-10 01:05:38 +02:00
publicKeys = [
"abavorana.frogeye.fr:rcKZ9gwaIQLcst/vbhbF7meUQD5sveT2QQN4a+Zo1BM="
"ludwig.clowncar.frogeye.fr:jTlN0fCOLU49M3LQw5j/u++Gmwrsv3m9RGs0slSg6r0="
];
in
{
config = {
2024-06-26 02:16:50 +02:00
system.activationScripts.remote = {
2024-05-06 22:25:35 +02:00
supportsDryActivation = true;
text = ''
mkdir -p /root/.ssh
2024-12-15 00:29:51 +01:00
cat ${
pkgs.writeText "root-ssh-config" (
lib.strings.concatLines (
builtins.map (builder: ''
Host ${builder.hostName}
ControlMaster auto
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist 60s
'') vivariumBuilders
)
)
} > /root/.ssh/config
2024-05-06 22:25:35 +02:00
'';
};
nix = {
2024-12-15 00:29:51 +01:00
buildMachines = builtins.map (
vivariumBuilder: vivariumBuilderDefault // vivariumBuilder
) vivariumBuilders;
distributedBuilds = false;
2024-05-06 22:25:35 +02:00
settings = {
builders-use-substitutes = true;
trusted-public-keys = publicKeys;
2024-12-15 00:29:51 +01:00
trusted-substituters = builtins.map (
builder: "${builder.protocol}://${builder.sshUser}@${builder.hostName}"
) config.nix.buildMachines;
2024-05-06 22:25:35 +02:00
};
2024-04-10 01:05:38 +02:00
};
};
}