Add a nix_worker role for nix builders.
This commit is contained in:
parent
7f4c41bb32
commit
4a303d17d8
@ -41,6 +41,7 @@
|
||||
./roles/memtest86
|
||||
./roles/network
|
||||
./roles/nix_index
|
||||
./roles/nix_worker
|
||||
./roles/nvme
|
||||
./roles/pcsx2
|
||||
./roles/python
|
||||
|
@ -45,13 +45,9 @@
|
||||
me.emacs_flavor = "plainmacs";
|
||||
me.graphical = false;
|
||||
me.hydra.enable = false;
|
||||
me.nix_worker.enable = true;
|
||||
me.vm_disk.enable = true;
|
||||
me.wireguard.activated = [ ];
|
||||
me.wireguard.deactivated = [ ];
|
||||
me.zsh.enable = true;
|
||||
|
||||
# Trust this key so nix running as root can ssh into hydra.
|
||||
users.users.talexander.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
|
||||
];
|
||||
}
|
||||
|
@ -13,7 +13,7 @@
|
||||
nix.buildMachines = [
|
||||
{
|
||||
hostName = "hydra";
|
||||
sshUser = "talexander";
|
||||
sshUser = "nixworker";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
# "aarch64-linux"
|
||||
@ -25,14 +25,14 @@
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
# "kvm"
|
||||
"gccarch-znver4"
|
||||
"gccarch-x86-64-v3"
|
||||
"gccarch-x86-64-v4"
|
||||
"gccarch-znver4"
|
||||
];
|
||||
}
|
||||
{
|
||||
hostName = "quark";
|
||||
sshUser = "talexander";
|
||||
sshUser = "nixworker";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
# "aarch64-linux"
|
||||
@ -44,9 +44,9 @@
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
# "kvm"
|
||||
"gccarch-znver4"
|
||||
"gccarch-x86-64-v3"
|
||||
"gccarch-x86-64-v4"
|
||||
"gccarch-znver4"
|
||||
"gccarch-znver5"
|
||||
];
|
||||
}
|
||||
|
@ -58,6 +58,7 @@
|
||||
me.lvfs.enable = true;
|
||||
me.media.enable = true;
|
||||
me.nix_index.enable = true;
|
||||
me.nix_worker.enable = true;
|
||||
me.pcsx2.enable = true;
|
||||
me.python.enable = true;
|
||||
me.qemu.enable = true;
|
||||
|
@ -13,7 +13,7 @@
|
||||
nix.buildMachines = [
|
||||
{
|
||||
hostName = "hydra";
|
||||
sshUser = "talexander";
|
||||
sshUser = "nixworker";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
# "aarch64-linux"
|
||||
@ -25,9 +25,9 @@
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
# "kvm"
|
||||
"gccarch-znver4"
|
||||
"gccarch-x86-64-v3"
|
||||
"gccarch-x86-64-v4"
|
||||
"gccarch-znver4"
|
||||
];
|
||||
}
|
||||
];
|
||||
|
57
nix/configuration/roles/nix_worker/default.nix
Normal file
57
nix/configuration/roles/nix_worker/default.nix
Normal file
@ -0,0 +1,57 @@
|
||||
# MANUAL: Remember to set up root's ssh config with any necessary values. For example:
|
||||
|
||||
# Host foo
|
||||
# HostName ns1.fizz.buzz
|
||||
# Port 65122
|
||||
# User nixworker
|
||||
# IdentitiesOnly yes
|
||||
# IdentityFile /persist/manual/ssh/root/keys/id_ed25519
|
||||
|
||||
# Host *
|
||||
# Compression yes
|
||||
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
options.me = {
|
||||
nix_worker.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = "Whether this machine should be set up to function as a nix.buildMachines. This does not configure nix.buildMachines, but only does the necessary setup to get the machine ready/capable of being a nix.buildMachines.";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf config.me.nix_worker.enable (
|
||||
lib.mkMerge [
|
||||
{
|
||||
nix.settings.trusted-users = [ "nixworker" ];
|
||||
|
||||
users.users.nixworker = {
|
||||
isNormalUser = true;
|
||||
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
|
||||
group = "nixworker";
|
||||
# extraGroups = [ "wheel" ];
|
||||
# Generate with `mkpasswd -m scrypt`
|
||||
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
|
||||
openssh.authorizedKeys.keys = [
|
||||
# Normal keys:
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
|
||||
# Key for nix to connect:
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
|
||||
];
|
||||
};
|
||||
users.groups.nixworker = { };
|
||||
}
|
||||
]
|
||||
);
|
||||
}
|
@ -1,7 +1,14 @@
|
||||
Host hydra
|
||||
HostName ns1.fizz.buzz
|
||||
Port 65122
|
||||
User talexander
|
||||
User nixworker
|
||||
IdentitiesOnly yes
|
||||
IdentityFile /persist/manual/ssh/root/keys/id_ed25519
|
||||
|
||||
Host quark
|
||||
HostName quark
|
||||
Port 22
|
||||
User nixworker
|
||||
IdentitiesOnly yes
|
||||
IdentityFile /persist/manual/ssh/root/keys/id_ed25519
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user