This commit is contained in:
Geoffrey Frogeye 2025-01-23 20:16:44 +01:00
parent f3e7b29a98
commit 8fd6a0d2d8
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
2 changed files with 8 additions and 9 deletions
os

View file

@ -27,6 +27,7 @@ fi
info "Evaluating" info "Evaluating"
# Evaluating can take a lot of memory, and Nix doesn't free it until the program ends, # Evaluating can take a lot of memory, and Nix doesn't free it until the program ends,
# which can be limiting on memory-constrained devices. Hence the build step is separate. # which can be limiting on memory-constrained devices. Hence the build step is separate.
# Drawback: it will query info about missing paths twice
# nix eval doesn't use the eval cache, so we do a nix build --dry-run # nix eval doesn't use the eval cache, so we do a nix build --dry-run
# sudo so the eval cache is shared with nixos-rebuild # sudo so the eval cache is shared with nixos-rebuild
json=$(time sudo nix build "$self#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" --dry-run --json ) json=$(time sudo nix build "$self#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" --dry-run --json )

View file

@ -16,6 +16,11 @@ let
}; };
# MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key | base64 -w0 # MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key | base64 -w0
vivariumBuilders = [ vivariumBuilders = [
{
hostName = "ludwig.clowncar.frogeye.fr";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU41SXZhMzNXeGplN095cHVEUHBSakFNMTlvRUtEVDRiYlpUTm82V1FLZTAgZ2VvZmZyZXlAY3VyYWNhbwo=";
maxJobs = 4;
}
{ {
hostName = "abavorana.frogeye.fr"; hostName = "abavorana.frogeye.fr";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5iNzcrS01tRHI0MVhZdmZITXQvK3NHMkJCSEIzYUl4M045WDNVejhFaUogZ2VvZmZyZXlAY3VyYWNhbwo="; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5iNzcrS01tRHI0MVhZdmZITXQvK3NHMkJCSEIzYUl4M045WDNVejhFaUogZ2VvZmZyZXlAY3VyYWNhbwo=";
@ -27,16 +32,11 @@ let
]; ];
maxJobs = 8; maxJobs = 8;
} }
{
hostName = "ludwig.clowncar.frogeye.fr";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU41SXZhMzNXeGplN095cHVEUHBSakFNMTlvRUtEVDRiYlpUTm82V1FLZTAgZ2VvZmZyZXlAY3VyYWNhbwo=";
maxJobs = 4;
}
]; ];
# MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat # MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat
publicKeys = [ publicKeys = [
"abavorana.frogeye.fr:rcKZ9gwaIQLcst/vbhbF7meUQD5sveT2QQN4a+Zo1BM="
"ludwig.clowncar.frogeye.fr:jTlN0fCOLU49M3LQw5j/u++Gmwrsv3m9RGs0slSg6r0=" "ludwig.clowncar.frogeye.fr:jTlN0fCOLU49M3LQw5j/u++Gmwrsv3m9RGs0slSg6r0="
"abavorana.frogeye.fr:rcKZ9gwaIQLcst/vbhbF7meUQD5sveT2QQN4a+Zo1BM="
]; ];
in in
{ {
@ -50,14 +50,12 @@ in
lib.strings.concatLines ( lib.strings.concatLines (
builtins.map (builder: '' builtins.map (builder: ''
Host ${builder.hostName} Host ${builder.hostName}
ControlMaster auto
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist 60s
VerifyHostKeyDNS yes VerifyHostKeyDNS yes
UpdateHostKeys yes UpdateHostKeys yes
'') vivariumBuilders '') vivariumBuilders
# Check SSHFP records so hopefully no need to manually add SSH host keys, # Check SSHFP records so hopefully no need to manually add SSH host keys,
# yet add them to known_hosts should we not be using DNSSEC-validating DNS. # yet add them to known_hosts should we not be using DNSSEC-validating DNS.
# No persistent socket since sometimes it goes a weird state and have to remove them.
) )
) )
} > /root/.ssh/config } > /root/.ssh/config