diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix index ada07e5..1117112 100644 --- a/nix/configuration/configuration.nix +++ b/nix/configuration/configuration.nix @@ -41,6 +41,7 @@ ./roles/memtest86 ./roles/network ./roles/nix_index + ./roles/nix_worker ./roles/nvme ./roles/pcsx2 ./roles/python diff --git a/nix/configuration/hosts/hydra/default.nix b/nix/configuration/hosts/hydra/default.nix index fc8ad72..f330dc4 100644 --- a/nix/configuration/hosts/hydra/default.nix +++ b/nix/configuration/hosts/hydra/default.nix @@ -45,13 +45,9 @@ me.emacs_flavor = "plainmacs"; me.graphical = false; me.hydra.enable = false; + me.nix_worker.enable = true; me.vm_disk.enable = true; me.wireguard.activated = [ ]; me.wireguard.deactivated = [ ]; me.zsh.enable = true; - - # Trust this key so nix running as root can ssh into hydra. - users.users.talexander.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo" - ]; } diff --git a/nix/configuration/hosts/odo/distributed_build.nix b/nix/configuration/hosts/odo/distributed_build.nix index 533b59e..ee3403b 100644 --- a/nix/configuration/hosts/odo/distributed_build.nix +++ b/nix/configuration/hosts/odo/distributed_build.nix @@ -13,7 +13,7 @@ nix.buildMachines = [ { hostName = "hydra"; - sshUser = "talexander"; + sshUser = "nixworker"; systems = [ "x86_64-linux" # "aarch64-linux" @@ -25,14 +25,14 @@ "benchmark" "big-parallel" # "kvm" - "gccarch-znver4" "gccarch-x86-64-v3" "gccarch-x86-64-v4" + "gccarch-znver4" ]; } { hostName = "quark"; - sshUser = "talexander"; + sshUser = "nixworker"; systems = [ "x86_64-linux" # "aarch64-linux" @@ -44,9 +44,9 @@ "benchmark" "big-parallel" # "kvm" - "gccarch-znver4" "gccarch-x86-64-v3" "gccarch-x86-64-v4" + "gccarch-znver4" "gccarch-znver5" ]; } diff --git a/nix/configuration/hosts/quark/default.nix b/nix/configuration/hosts/quark/default.nix index 6baad8c..e235d50 100644 --- a/nix/configuration/hosts/quark/default.nix +++ b/nix/configuration/hosts/quark/default.nix @@ -58,6 +58,7 @@ me.lvfs.enable = true; me.media.enable = true; me.nix_index.enable = true; + me.nix_worker.enable = true; me.pcsx2.enable = true; me.python.enable = true; me.qemu.enable = true; diff --git a/nix/configuration/hosts/quark/distributed_build.nix b/nix/configuration/hosts/quark/distributed_build.nix index 6064fc0..9a3c31b 100644 --- a/nix/configuration/hosts/quark/distributed_build.nix +++ b/nix/configuration/hosts/quark/distributed_build.nix @@ -13,7 +13,7 @@ nix.buildMachines = [ { hostName = "hydra"; - sshUser = "talexander"; + sshUser = "nixworker"; systems = [ "x86_64-linux" # "aarch64-linux" @@ -25,9 +25,9 @@ "benchmark" "big-parallel" # "kvm" - "gccarch-znver4" "gccarch-x86-64-v3" "gccarch-x86-64-v4" + "gccarch-znver4" ]; } ]; diff --git a/nix/configuration/roles/nix_worker/default.nix b/nix/configuration/roles/nix_worker/default.nix new file mode 100644 index 0000000..9cc73c7 --- /dev/null +++ b/nix/configuration/roles/nix_worker/default.nix @@ -0,0 +1,57 @@ +# MANUAL: Remember to set up root's ssh config with any necessary values. For example: + +# Host foo +# HostName ns1.fizz.buzz +# Port 65122 +# User nixworker +# IdentitiesOnly yes +# IdentityFile /persist/manual/ssh/root/keys/id_ed25519 + +# Host * +# Compression yes + +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + nix_worker.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether this machine should be set up to function as a nix.buildMachines. This does not configure nix.buildMachines, but only does the necessary setup to get the machine ready/capable of being a nix.buildMachines."; + }; + }; + + config = lib.mkIf config.me.nix_worker.enable ( + lib.mkMerge [ + { + nix.settings.trusted-users = [ "nixworker" ]; + + users.users.nixworker = { + isNormalUser = true; + createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481 + group = "nixworker"; + # extraGroups = [ "wheel" ]; + # Generate with `mkpasswd -m scrypt` + hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; + openssh.authorizedKeys.keys = [ + # Normal keys: + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" + # Key for nix to connect: + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo" + ]; + }; + users.groups.nixworker = { }; + } + ] + ); +} diff --git a/nix/configuration/roles/ssh/files/ssh_config_root b/nix/configuration/roles/ssh/files/ssh_config_root index 2d66ca5..d5f3f8e 100644 --- a/nix/configuration/roles/ssh/files/ssh_config_root +++ b/nix/configuration/roles/ssh/files/ssh_config_root @@ -1,7 +1,14 @@ Host hydra HostName ns1.fizz.buzz Port 65122 - User talexander + User nixworker + IdentitiesOnly yes + IdentityFile /persist/manual/ssh/root/keys/id_ed25519 + +Host quark + HostName quark + Port 22 + User nixworker IdentitiesOnly yes IdentityFile /persist/manual/ssh/root/keys/id_ed25519