diff --git a/os/remote-builds/default.nix b/os/remote-builds/default.nix
index ac6575e..e8c5b63 100644
--- a/os/remote-builds/default.nix
+++ b/os/remote-builds/default.nix
@@ -1,5 +1,4 @@
{
- pkgs,
lib,
config,
...
@@ -8,62 +7,51 @@ let
vivariumBuilderDefault = {
systems = [
"x86_64-linux"
- "aarch64-linux"
];
protocol = "ssh-ng";
sshUser = "nixremote";
- # sshKey doesn't work
};
- # MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key | base64 -w0
+ # MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key
+ # TODO Proper configuration option instead of pile of defs and hacks
vivariumBuilders = [
{
- hostName = "ludwig.frogeye.fr";
- publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU41SXZhMzNXeGplN095cHVEUHBSakFNMTlvRUtEVDRiYlpUTm82V1FLZTAgZ2VvZmZyZXlAY3VyYWNhbwo=";
- maxJobs = 4;
- }
- {
- hostName = "abavorana.frogeye.fr";
- publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5iNzcrS01tRHI0MVhZdmZITXQvK3NHMkJCSEIzYUl4M045WDNVejhFaUogZ2VvZmZyZXlAY3VyYWNhbwo=";
+ hostName = "morton.frogeye.fr";
+ publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEetvIp4ZrP+ofXNDypnrLxdU034SBYg7fx9FxClDJA3";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
- maxJobs = 8;
+ maxJobs = 12; # 8 cores, 16 with hyperthreading, trying not to overload the thing
}
];
# MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat
publicKeys = [
"ludwig.frogeye.fr:jTlN0fCOLU49M3LQw5j/u++Gmwrsv3m9RGs0slSg6r0="
"abavorana.frogeye.fr:rcKZ9gwaIQLcst/vbhbF7meUQD5sveT2QQN4a+Zo1BM="
+ "morton.frogeye.fr:rSjbCZ4mgXkb+ENKI7sk/KIbftlQzCTQA7pWkdfS2r4="
];
in
{
config = {
- system.activationScripts.remote = {
- supportsDryActivation = true;
- text = ''
- mkdir -p /root/.ssh
- cat ${
- pkgs.writeText "root-ssh-config" (
- lib.strings.concatLines (
- builtins.map (builder: ''
- Host ${builder.hostName}
- VerifyHostKeyDNS yes
- UpdateHostKeys yes
- '') vivariumBuilders
- # Check SSHFP records so hopefully no need to manually add SSH host keys,
- # yet add them to known_hosts should we not be using DNSSEC-validating DNS.
- # No persistent socket since sometimes it goes a weird state and have to remove them.
- )
- )
- } > /root/.ssh/config
- '';
- };
+ programs.ssh.knownHosts = lib.trivial.pipe vivariumBuilders [
+ (builtins.map (builder: {
+ name = builder.hostName;
+ value.publicKey = builder.publicKey;
+ }))
+ builtins.listToAttrs
+ ];
+ # Currently using port 22 only because:
+ # - Morton has to use it for git
+ # - Hopefully allowed on some firewalls
+ # - Thought you couldn't set SSH config
+ # You might be able to set SSH config with porgrams.ssh, although I only tried creating a /root/.ssh/config file
+ # (which does not work, unless logged in as root. host keys from root are used regardless of the user, though)
nix = {
buildMachines = builtins.map (
- vivariumBuilder: vivariumBuilderDefault // vivariumBuilder
+ vivariumBuilder:
+ lib.attrsets.filterAttrs (k: v: k != "publicKey") (vivariumBuilderDefault // vivariumBuilder)
) vivariumBuilders;
distributedBuilds = true;
settings = {