From e702cdfb18793bc5c709f340ae62553867291485 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Tue, 27 Feb 2024 22:56:09 +0200 Subject: [PATCH] add remote builder to vno1-oh2 --- data.nix | 2 + hosts/fra1-a/configuration.nix | 2 +- hosts/fwminex/configuration.nix | 24 +++--- hosts/vno1-oh2/configuration.nix | 9 +++ modules/services/remote-builder/default.nix | 81 ++++++++++++++------- 5 files changed, 77 insertions(+), 41 deletions(-) diff --git a/data.nix b/data.nix index db70260..a808460 100644 --- a/data.nix +++ b/data.nix @@ -80,6 +80,8 @@ rec { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlWSZ/H6DR5i5aCrlrEQLVF9MXNvls/pjlLPLaav3f+"; jakstIP = "100.89.176.6"; vno1IP = "192.168.189.10"; + supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-armv8-a"]; + system = "aarch64-linux"; }; "mxp10.motiejus.jakst" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIy9IR7Jq3hRZ5JgwfmeCgSKFrdgujnZt79uxDPVi3tu"; diff --git a/hosts/fra1-a/configuration.nix b/hosts/fra1-a/configuration.nix index 59dd765..06c1fcc 100644 --- a/hosts/fra1-a/configuration.nix +++ b/hosts/fra1-a/configuration.nix @@ -70,7 +70,7 @@ sshguard.enable = true; tailscale.enable = true; - remote-builder = { + remote-builder.server = { enable = true; uidgid = myData.uidgid.remote-builder; sshAllowSubnet = myData.subnets.tailscale.sshPattern; diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index b5f44cc..25f23f8 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -115,6 +115,15 @@ in { user = "motiejus"; group = "users"; }; + + remote-builder.client = let + host = myData.hosts."fra1-a.servers.jakst"; + in { + enable = true; + inherit (host) system supportedFeatures; + hostName = host.jakstIP; + sshKey = "/etc/ssh/ssh_host_ed25519_key"; + }; }; }; @@ -168,21 +177,6 @@ in { virtualisation.virtualbox.host.enable = true; users.extraGroups.vboxusers.members = ["motiejus"]; - nix = { - buildMachines = [ - { - hostName = myData.hosts."fra1-a.servers.jakst".jakstIP; - system = "aarch64-linux"; - protocol = "ssh-ng"; - sshUser = "remote-builder"; - sshKey = "/etc/ssh/ssh_host_ed25519_key"; - supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-armv8-a"]; - } - ]; - distributedBuilds = true; - extraOptions = ''builders-use-substitutes = true''; - }; - networking = { hostId = "3a54afcd"; hostName = "fwminex"; diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 4c1a744..be936b2 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -247,6 +247,15 @@ startAt = "*-*-* *:00/5:00"; }; }; + + remote-builder.client = let + host = myData.hosts."fra1-a.servers.jakst"; + in { + enable = true; + inherit (host) system supportedFeatures; + hostName = host.jakstIP; + sshKey = "/etc/ssh/ssh_host_ed25519_key"; + }; }; }; diff --git a/modules/services/remote-builder/default.nix b/modules/services/remote-builder/default.nix index 91ecdfd..b4ceeeb 100644 --- a/modules/services/remote-builder/default.nix +++ b/modules/services/remote-builder/default.nix @@ -2,32 +2,63 @@ config, lib, ... -}: let - cfg = config.mj.services.remote-builder; -in { +}: { options.mj.services.remote-builder = with lib.types; { - enable = lib.mkEnableOption "Enable remote builder"; - uidgid = lib.mkOption {type = int;}; - sshAllowSubnet = lib.mkOption {type = str;}; - publicKeys = lib.mkOption {type = listOf str;}; + server = { + enable = lib.mkEnableOption "Enable remote builder server"; + uidgid = lib.mkOption {type = int;}; + sshAllowSubnet = lib.mkOption {type = str;}; + publicKeys = lib.mkOption {type = listOf str;}; + }; + client = { + enable = lib.mkEnableOption "Enable remote builder client"; + system = lib.mkOption {type = enum ["aarch64-linux" "x86_64-linux"];}; + hostName = lib.mkOption {type = str;}; + sshKey = lib.mkOption {type = path;}; + }; }; - config = lib.mkIf cfg.enable { - users.users.remote-builder = { - description = "Remote Builder"; - home = "/var/lib/remote-builder"; - shell = "/bin/sh"; - group = "remote-builder"; - isSystemUser = true; - createHome = true; - uid = cfg.uidgid; - openssh.authorizedKeys.keys = - map ( - k: "from=\"${cfg.sshAllowSubnet}\" ${k}" - ) - cfg.publicKeys; - }; - users.groups.remote-builder.gid = cfg.uidgid; - nix.settings.trusted-users = ["remote-builder"]; - }; + config = lib.mkMerge [ + ( + let + cfg = config.mj.services.remote-builder.server; + in + lib.mkIf cfg.enable { + users.users.remote-builder = { + description = "Remote Builder"; + home = "/var/lib/remote-builder"; + shell = "/bin/sh"; + group = "remote-builder"; + isSystemUser = true; + createHome = true; + uid = cfg.uidgid; + openssh.authorizedKeys.keys = + map ( + k: "from=\"${cfg.sshAllowSubnet}\" ${k}" + ) + cfg.publicKeys; + }; + users.groups.remote-builder.gid = cfg.uidgid; + nix.settings.trusted-users = ["remote-builder"]; + } + ) + ( + let + cfg = config.mj.services.remote-builder.client; + in + lib.mkIf cfg.enable { + nix = { + buildMachines = [ + { + inherit (cfg) hostName system sshKey supportedFeatures; + protocol = "ssh-ng"; + sshUser = "remote-builder"; + } + ]; + distributedBuilds = true; + extraOptions = ''builders-use-substitutes = true''; + }; + } + ) + ]; }