Improve remote building
This commit is contained in:
parent
ff6870bcb7
commit
e776a3be17
13 changed files with 66 additions and 60 deletions
|
@ -74,6 +74,11 @@
|
|||
key = "aws/credentials";
|
||||
path = "/root/.aws/credentials";
|
||||
};
|
||||
sops.secrets."ssh/builder_id_ed25519" = {
|
||||
sopsFile = ../secrets/shared.yaml;
|
||||
owner = "root";
|
||||
key = "ssh/builder_id_ed25519";
|
||||
};
|
||||
networking.nameservers = ["fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49" "fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
|
||||
|
||||
# Archetype configuration
|
||||
|
|
|
@ -3,7 +3,6 @@ desktop: {pkgs, ...}: {
|
|||
(import ../programs/zsh.nix desktop)
|
||||
(import ../programs/helix desktop)
|
||||
../programs/tmux.nix
|
||||
../programs/ssh.nix
|
||||
../programs/taskwarrior.nix
|
||||
../programs/mail.nix
|
||||
];
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
imports =
|
||||
[
|
||||
(import ./base.nix desktop)
|
||||
../programs/ssh.nix
|
||||
../programs/gpg.nix
|
||||
../programs/git.nix
|
||||
../programs/direnv.nix
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{pkgs, ...}: {
|
||||
imports = [
|
||||
(import ./base.nix false)
|
||||
../programs/builders.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
./services/named-submissive.nix
|
||||
./services/shitalloverme.nix
|
||||
./services/chir.rs
|
||||
./users/remote-build.nix
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
./services/drone.nix
|
||||
./services/drone-runner-docker.nix
|
||||
./services/docker.nix
|
||||
./users/remote-build.nix
|
||||
];
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
@ -301,11 +302,4 @@
|
|||
max_parallel_workers = 12;
|
||||
max_parallel_maintenance_workers = 4;
|
||||
};
|
||||
|
||||
users.users.darkkirb.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpO0Lh7eOE/EBttb/XWZ6ISiJ0RkmBYfruq3U6linEz root@nixos-8gb-fsn1-1"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKB8oH1XbuGrKn/SeguXz96sw4AjJQQvZyAdpptotzOr root@thinkrac"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN/rVZJuwiO44LwOqimpH4zyGehYUMF2ZhYFXUCkupP hydra-queue-runner@nas"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLEmOYG4xipOh2YsWGbQtvoJXQzToQDotyCRFnHpVP5 root@instance-20221213-1915"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -81,6 +81,15 @@ in {
|
|||
speedFactor = 2;
|
||||
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
|
||||
}
|
||||
{
|
||||
hostName = "build-aarch64";
|
||||
systems = [
|
||||
"aarch64-linux"
|
||||
];
|
||||
maxJobs = 2;
|
||||
speedFactor = 10;
|
||||
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations"];
|
||||
}
|
||||
];
|
||||
distributedBuilds = true;
|
||||
};
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
./services/postgres.nix
|
||||
./services/drone-runner-docker.nix
|
||||
./users/remote-build.nix
|
||||
];
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"];
|
||||
|
@ -156,33 +157,6 @@
|
|||
"riscv64-linux"
|
||||
"wasm32-wasi"
|
||||
];
|
||||
nix.buildMachines = lib.mkForce [
|
||||
#{
|
||||
# hostName = "build-nas";
|
||||
# systems = [ "x86_64-linux" ];
|
||||
# maxJobs = 12;
|
||||
# speedFactor = 1;
|
||||
# supportedFeatures = [ "gccarch-znver1" "ca-derivations" ];
|
||||
#}
|
||||
{
|
||||
maxJobs = 16;
|
||||
speedFactor = 2;
|
||||
hostName = "localhost";
|
||||
systems = [
|
||||
"armv7l-linux"
|
||||
"aarch64-linux"
|
||||
"powerpc-linux"
|
||||
"powerpc64-linux"
|
||||
"powerpc64le-linux"
|
||||
"riscv32-linux"
|
||||
"riscv64-linux"
|
||||
"wasm32-wasi"
|
||||
"x86_64-linux"
|
||||
"i686-linux"
|
||||
];
|
||||
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
|
||||
}
|
||||
];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
nix.daemonCPUSchedPolicy = "idle";
|
||||
nix.daemonIOSchedClass = "idle";
|
||||
|
@ -196,14 +170,7 @@
|
|||
endpoint = "192.168.2.1:51820";
|
||||
}
|
||||
];
|
||||
# Build server stuff
|
||||
|
||||
users.users.darkkirb.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpO0Lh7eOE/EBttb/XWZ6ISiJ0RkmBYfruq3U6linEz root@nixos-8gb-fsn1-1"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKB8oH1XbuGrKn/SeguXz96sw4AjJQQvZyAdpptotzOr root@thinkrac"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN/rVZJuwiO44LwOqimpH4zyGehYUMF2ZhYFXUCkupP hydra-queue-runner@nas"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLEmOYG4xipOh2YsWGbQtvoJXQzToQDotyCRFnHpVP5 root@instance-20221213-1915"
|
||||
];
|
||||
nix.settings.system-features = [
|
||||
"kvm"
|
||||
"nixos-test"
|
||||
|
|
28
config/programs/builders.nix
Normal file
28
config/programs/builders.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
_: {
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
matchBlocks = {
|
||||
"build-nas" = {
|
||||
hostname = "nas.int.chir.rs";
|
||||
identitiesOnly = true;
|
||||
identityFile = "/run/secrets/builder_id_ed25519";
|
||||
port = 22;
|
||||
user = "remote-build";
|
||||
};
|
||||
"build-pc" = {
|
||||
hostname = "nutty-noon.int.chir.rs";
|
||||
identitiesOnly = true;
|
||||
identityFile = "/run/secrets/builder_id_ed25519";
|
||||
port = 22;
|
||||
user = "remote-build";
|
||||
};
|
||||
"build-aarch64" = {
|
||||
hostname = "instance-20221213-1915.int.chir.rs";
|
||||
identitiesOnly = true;
|
||||
identityFile = "/run/secrets/builder_id_ed25519";
|
||||
port = 22;
|
||||
user = "remote-build";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,21 +3,5 @@ _: {
|
|||
controlMaster = "auto";
|
||||
controlPersist = "10m";
|
||||
enable = true;
|
||||
matchBlocks = {
|
||||
"build-nas" = {
|
||||
hostname = "backup.int.chir.rs";
|
||||
identitiesOnly = true;
|
||||
identityFile = "~/.ssh/id_ed25519";
|
||||
port = 22;
|
||||
user = "darkkirb";
|
||||
};
|
||||
"build-pc" = {
|
||||
hostname = "nutty-noon.int.chir.rs";
|
||||
identitiesOnly = true;
|
||||
identityFile = "~/.ssh/id_ed25519";
|
||||
port = 22;
|
||||
user = "darkkirb";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
clean-cache = nix-packages.packages.${system}.clean-s3-cache;
|
||||
machines = pkgs.writeText "machines" ''
|
||||
localhost armv7l-linux,aarch64-linux,powerpc-linux,powerpc64-linux,powerpc64le-linux,riscv32-linux,riscv64-linux,wasm32-wasi,x86_64-linux,i686-linux - 12 1 kvm,nixos-test,big-parallel,benchmark,gccarch-znver1,gccarch-skylake,ca-derivations -
|
||||
ssh://build-aarch64 aarch64-linux - 2 10 nixos-test,benchmark,ca-derivations -
|
||||
'';
|
||||
in {
|
||||
imports = [
|
||||
|
@ -121,4 +122,5 @@ in {
|
|||
};
|
||||
};
|
||||
nix.settings.trusted-users = ["@hydra"];
|
||||
sops.secrets."ssh/builder_id_ed25519".owner = lib.mkForce "hydra";
|
||||
}
|
||||
|
|
13
config/users/remote-build.nix
Normal file
13
config/users/remote-build.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{config, ...}: {
|
||||
users.users.remote-build = {
|
||||
createHome = true;
|
||||
description = "Remote builder";
|
||||
group = "users";
|
||||
home = "/home/remote-build";
|
||||
isNormalUser = true;
|
||||
uid = 1002;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5Q/L2FyB3DIgdJRYnTGHW3naw5VQ9coOdwHYmv0aZ darkkirb@thinkrac"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,5 +1,7 @@
|
|||
aws:
|
||||
credentials: ENC[AES256_GCM,data:Y+SbRqf7VotqN9CDMa8SmwBx+nlODeQScr7nlH90qyoa+5GtdDlgvqtbHJ4yE7QoiOBsG/CZ4sBnpXadyUhM8Erq8M2q0CAvlrb3oqgtNAgrkiLueqPAC6kTVBhsDolgWdrkMA8FVifwwqBtns9M7Q==,iv:4XheIFj90luZWxErPppOdphbw7ZXlGbeieSUl97eHAA=,tag:CrCDqHOXTRezf47vsdVAdw==,type:str]
|
||||
ssh:
|
||||
builder_id_ed25519: ENC[AES256_GCM,data:SjNV5HtKVjQd+cwCPGGgT9bSFKhdwJxqGclCBfWAm4UzTco/ho3TZV9OX/BxI/W0ztzSlctFUecOi98qAdtWX737dlyVmQpkGcvbDIQWt6JqpWRGsLsJ1lhlmSOIS1jkASyGksCLaSou3FZ1+dQ2+BWyh9XjWpC7nCGvEHsGOn8cCSj3tlV8cloBZKzxpwEXkEUmpZpuJb0PZp8LL0okxLF553NxClS1zty0cmucRcR71ObevwiWvJmJNI9Un1D4FhSDYFHffoOtmyHixZnNRMI8gW7Cx1suHIsslrsI4YgmD+QxJrIkx96ajkPzIBPsMu5mO+h8y2epEJpRenbTMhgdQvnspsJ1PrWOzsHWMTI9EsjmiZZEsk6lRiVgnOQwf0Bc+Sf4uro6TcbgsIWJdwOthXWi7s72JHfGHqcP03eQyA8wZf21w4oTGh4L5aDtwb29fOLdSv1xf20PP5Qiy4iUdvCV7tdsLcEA0i3aUeJCkklk9cUoWELT+Vu6CqMxnLbSeKHnP452EkK52EZnpn1MNVtFczPWW+oj,iv:7KO7yFoHCttTpw6gDcZRA43qW6F1a8xqpa5VRYUerz4=,tag:OlCbnoS0vQO1Wyn6iWlYDw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -51,8 +53,8 @@ sops:
|
|||
ZFNubXhZdG1KVDB1d0FWOVVDS1ovOHcKO5m7BFeZzt+nBfaZJoH8Pkw6aeDExQrQ
|
||||
Gfp6KQ0oJOuquhZtMW0GpLuKnuQjjGEBaIbcZcR4OosKKlLYfOKabA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-12-14T15:34:33Z"
|
||||
mac: ENC[AES256_GCM,data:8Fnws66NKfdVl+0+63HZvgt+PTxTZ6L6y9sh2hFtWR8RNeDTmtfZXOrJhJjU8XRUogQovnv+qSn8hmMRQ4f0tw1+jEIjEMqGV9ex2YWhsryvuhKbXH11un7UYObCxiwhTbxq6aOQLJ+74V3a2YLWTnKBd3X383EV1QrH/quXOIg=,iv:8yIW+mCveO59Kb4dXxIUzMT2/PGfknDDBoxGBRQNaE8=,tag:4BJpIdEeMeNCvOEXmvsSPQ==,type:str]
|
||||
lastmodified: "2023-01-14T13:36:39Z"
|
||||
mac: ENC[AES256_GCM,data:tES+i3vMTywPJ6DnYw9sKdVvixmgLBJ27tjMSJvOdeMth4p3soQA6RicRzQCgBlMXC+dHXpCMmvvtQrzDpFudiG6+xUPW/cz77ARdgzOWLOSD8cgzOp5XBI3koFOq5pxK7v1GMv7IG01pFKEMVes8mGUQXvu+eXMx1ZPcQrQuxI=,iv:1DYSbBNR8l2VLTnst+Aw+nSLPOKc+jCpZ9ViPERbWq4=,tag:9+f2s9FSUajVqQXb0eziKg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-14T15:34:33Z"
|
||||
enc: |
|
||||
|
|
Loading…
Reference in a new issue