darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

add remote building
All checks were successful
Hydra devShells.x86_64-linux.default Hydra build #23874 of nixos-config:pr618:devShells.x86_64-linux.default
Details
Hydra nixosConfigurations.container-default-aarch64-linux Hydra build #23917 of nixos-config:pr618:nixosConfigurations.container-default-aarch64-linux
Details
Hydra nixosConfigurations.container-default-x86_64-linux Hydra build #23919 of nixos-config:pr618:nixosConfigurations.container-default-x86_64-linux
Details
Hydra nixosConfigurations.container-default-riscv64-linux Hydra build #23918 of nixos-config:pr618:nixosConfigurations.container-default-riscv64-linux
Details
Hydra nixosConfigurations.pc-installer Hydra build #23922 of nixos-config:pr618:nixosConfigurations.pc-installer
Details
Hydra checks.x86_64-linux.containers-default Hydra build #23916 of nixos-config:pr618:checks.x86_64-linux.containers-default
Details
Hydra nixosConfigurations.not522 Hydra build #23920 of nixos-config:pr618:nixosConfigurations.not522
Details
Hydra nixosConfigurations.not522-installer Hydra build #23921 of nixos-config:pr618:nixosConfigurations.not522-installer
Details

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2024-11-06 10:09:17 +01:00
parent 4b5587a685
commit ee991e6c85
8 changed files with 226 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -28,3 +28,9 @@ creation_rules:
- *not522
- *base
- *pc-installer
- path_regex: programs/ssh/shared-keys.yaml$
key_groups:
- age:
- *root
- *darkkirb
- *base

109
modules/nix/build-server.nix Normal file
View file

@ -0,0 +1,109 @@
{
config,
lib,
...
}:
with lib; {
config = mkIf (!config.isInstaller) {
nix.distributedBuilds = true;
nix.buildMachines = mkMerge [
[
{
hostName = "build-aarch64";
systems = [
"aarch64-linux"
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 4;
speedFactor = 1;
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"];
}
]
[
{
hostName = "build-nas";
systems = [
"i686-linux"
"x86_64-linux"
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 12;
speedFactor = 1;
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-znver1"
"gccarch-skylake"
"ca-derivations"
];
}
]
[
{
hostName = "build-rainbow-resort";
systems = [
"i686-linux"
"x86_64-linux"
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 16;
speedFactor = 3;
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-skylake-avx512"
"gccarch-znver3"
"gccarch-znver2"
"gccarch-znver1"
"gccarch-skylake"
"ca-derivations"
];
}
]
(mkIf (config.networking.hostName != "not522") [
{
hostName = "build-riscv";
systems = [
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 4;
speedFactor = 2;
supportedFeatures = [
"nixos-test"
"big-parallel"
"benchmark"
"ca-derivations"
# There are many more combinations but i simply do not care lol
"gccarch-rv64gc_zba_zbb"
"gccarch-rv64gc_zba"
"gccarch-rv64gc_zbb"
"gccarch-rv64gc"
"gccarch-rv32gc_zba_zbb"
"gccarch-rv32gc_zba"
"gccarch-rv32gc_zbb"
"gccarch-rv32gc"
"native-riscv"
];
}
])
];
};
}

1
modules/nix/default.nix
View file

@ -8,6 +8,7 @@ with lib; {
./link-inputs.nix
./lix.nix
./autoupdater.nix
./build-server.nix
];
nix.settings = {
substituters = mkMerge [

1
programs/default.nix
View file

@ -2,6 +2,7 @@ _: {
imports = [
./shell
./editors
./ssh
];
home-manager.users.root.imports = [
./home-manager.nix

39
programs/ssh/builders.nix Normal file
View file

@ -0,0 +1,39 @@
{config, ...}: {
programs.ssh = {
enable = true;
matchBlocks = {
"build-nas" = {
hostname = "nas.int.chir.rs";
identitiesOnly = true;
identityFile = config.sops.secrets.".ssh/builder_id_ed25519".path;
port = 22;
user = "remote-build";
};
"build-rainbow-resort" = {
hostname = "rainbow-resort.int.chir.rs";
identitiesOnly = true;
identityFile = config.sops.secrets.".ssh/builder_id_ed25519".path;
port = 22;
user = "remote-build";
};
"build-aarch64" = {
hostname = "instance-20221213-1915.int.chir.rs";
identitiesOnly = true;
identityFile = config.sops.secrets.".ssh/builder_id_ed25519".path;
port = 22;
user = "remote-build";
};
"build-riscv" = {
hostname = "not522.tailbab65.ts.net";
identitiesOnly = true;
identityFile = config.sops.secrets.".ssh/builder_id_ed25519".path;
port = 22;
user = "remote-build";
};
};
};
sops.secrets.".ssh/builder_id_ed25519" = {
mode = "600";
sopsFile = ./shared-keys.yaml;
};
}

8
programs/ssh/default.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
home-manager.users.root.imports = [
./home-manager.nix
];
home-manager.users.darkkirb.imports = [
./home-manager.nix
];
}

21
programs/ssh/home-manager.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: {
imports = [
./builders.nix
];
programs.ssh = {
controlMaster = "auto";
controlPersist = "10m";
matchBlocks."*" = lib.hm.dag.entryAfter ["build-nas" "build-rainbow-resort" "build-aarch64" "build-riscv"] {
identityFile = config.sops.secrets.".ssh/id_ed25519_sk".path;
};
enable = true;
};
sops.secrets.".ssh/id_ed25519_sk" = {
mode = "600";
sopsFile = ./shared-keys.yaml;
};
}

41
programs/ssh/shared-keys.yaml Normal file
View file

@ -0,0 +1,41 @@
.ssh:
builder_id_ed25519: ENC[AES256_GCM,data:dpyWd1bm1Mf6uE5D5c2qurSKWfsrtSKf2ZY201jAEgOKJ4x7TXC31AmjSgxhjfxhf/8FVFWdHM+vtZ8tiyJYqnxmTX0SIesBdsF3CQr8MNufQA86aO74PJ8Iasbg8qY8xYm6eGCvRSdPU2VeUOA8HLdOtqJN9llq046REWztmxd3vtD6ZkpFMYVyuWHwZNlFCfS2cYAMH1n3mjVfZGmoiFW3ZeuwpXL5ObGOiktOiquGxARDuNKKd4PD1KrxB3en3dDWk++Chr4W3YBk6pNKYAS06Yt2A/YdFpMRhd+jx1BIAPB581V7DHfQ2WrOvvPrMD2xUhdNW1WLSk6QRDkysr0BYt1cvcv9YW0tjUrvdzwADzvW38tFYvdpQegTuJ659Sy+EoXk9XPp793/0AbDJJhxPomlL3UErQ+a8u2ZaO0FVB7qCvOl6cEC1Sw1RTkQgVN4/WZacEUWQImg8OB8hReZkK9sfFVA3DFjIiJRRow+I1Y32r4PB3fuTHFvKyaNhrtT6w6mop0aFsC21BtaHhupD9RSKxoX7CTR,iv:s6hq7lhhC+y/Ab/u5LP/Rf4+XzwQOWe2I4pmObq7a/Y=,tag:UDJPJBJ0K87RLe7/f0sNVg==,type:str]
id_ed25519_sk: ENC[AES256_GCM,data:vHNaGuhov/tqtyKsGXK3++Gl48k9VMdKycwSZavIWhYoyZkSnXsJeMFOWB/KYG9j/g/s4uW+tDWYZV+m1A+yuX5Uj1UcB72hBVJd6F8F/uunZW2bxRXFyI9xtcbiIi9mibWRiiemeU785gW576DCirJledCBWiEKvkEvyB4Vz0ihvxLzsrJyTXVn1PZTXRuszL70uBIgT8hUwgyE0RoGumqO8/6N8i3dPIXvF/WQ9Tx1JZnsNubDGXjzqSQQZAcmqHjmrxU29SwdSLIF20deP0LFpMJ+89X6WR03qlSFY3AY1ZYlYz70ZE6oMqY1QB9qCR28lGCRH4c2+spkQrNjArFHZAPsePe61rHuCNIvWxbiXouAFtU+jnYqSTE9eD/0QacN3lUSO4wV4TnkB13WSqOpz5asM/J9NDCFUD54R5D5gPaOei6ZP32H4lBX1Uzf/ntoCNf1bAriV3Ht/2WU40GIaSaHf2j0vaYg//cV6o5xtLsUDAUOWk3lFNb1zQtBNrmtR+2QexNqBDaEWNLHT8qIJ4OXD7HWUkuPNIB7w6uLmLrRCmP9R8zII2lbOJIAS0WaM5Th5HI=,iv:Iq+xakWRFTnoqeSxS3r1QdpyyvbHIFbavdhqWcf4hEM=,tag:4zFS141jqeSdJ71UFNsktw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1pcdyf483yl2r8wny30yxsp9yusgder6vra7yrf7qjqn5fjhcxeaq3342ew
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1OGN5azZvMFZlY0wxZ0xX
b2lGakZzY1FCdnhTZlU0RTB3aUVhUlROYTJJCnlZdDk1K28wTjBVR09rVlRLT3J3
WU1FeDJWRlNjb2lyMGpCVVlJYVhLNGcKLS0tIEt1VVlkY3FsYk1aeUcvaFlDS3Ju
SFVHWnpMdXlQcXdaNUtwOUh3Sjg1YUEKEiO3ohjqoNg5lu/2Yyg07HMuvo+qtsMR
2e0CBnuUT8g2kIsN8IYgY6sMX3yNvpuL0AmjiL+ncF/w38JFBzJmCw==
-----END AGE ENCRYPTED FILE-----
- recipient: age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UkcrcENqckkxcXJHcG0z
b0hzZ0JPWjg4RjREMENmeVRyUmJvNWc2WVhJCkVoM3lhb2VpUXUvNTR2K2pwUVVU
MzRrMm5XWTRSdXppcXdvWmlYWXNrcEEKLS0tIG92c3VOYkVvRG1Bd0Z6U2ZZRG14
dHQvc3JMU0JRUEFNWHVjQkNOYmdYQzAKSWERLI8m2IzLdmGCel7ca12JeOTBm5mg
qmjtjTTRRZc+decLAgpZd0CUza3hZcJjRWyKUXP4yeItCaAmOgJ7VQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWVZVRXoyVSsyMlVEU3NF
SHFMMGVVeHdMcUtvQ0ZNdHFzYlI4ZjdNL1hnCnFQK0pzaGovTHV0K1A3cUtEQVRE
N09hZ1BjUEtnbGdaWTJQSXJHMHZQaW8KLS0tIDlZc2RteFgycnhrMFdSR0RjOTBK
SEtJZWVEZ3dsbkUyM09JVnI1WnN6RXcK+odcorNYMvm21CWVDlO48ubj3X3nuhRh
m0giyDyxRRXFye7XptZayT64Vcx6wRXXMm3SOZL2BVwuLibZeIagrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-06T08:58:58Z"
mac: ENC[AES256_GCM,data:yzeJcuRDNbPebTJ4wwT4yiOuFMplSOf/XJcdw+g04S3ELj8tWwmQszv/gYJfCTI7kfeREbggyddF/2g4T7dzwCK2dWvGNRvGz96JFvYalWwI8a1ZSDk2DCS1ahKzcXisLG1WtVqVpr7i5ttkWGUjrgcRJrekLCCHGz228JnlUvE=,iv:EQs/TLqF8Hzah5YDZ2GqSrpr8FGkZgHt/Q/4bMlWe8U=,tag:AWsIaUAphZ2g95idHnhNSQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1