Merge branch 'nix_worker' into nix

2025-05-04 16:40:24 -04:00 · 2025-05-04 16:40:24 -04:00 · 4d754355b7
commit 4d754355b7
parent 7f4c41bb32 902c6e1127
8 changed files with 184 additions and 67 deletions
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@ -16,6 +16,7 @@
    ./roles/boot
    ./roles/chromecast
    ./roles/chromium
+    ./roles/distributed_build
    ./roles/docker
    ./roles/ecc
    ./roles/emacs
@ -41,6 +42,7 @@
    ./roles/memtest86
    ./roles/network
    ./roles/nix_index
+    ./roles/nix_worker
    ./roles/nvme
    ./roles/pcsx2
    ./roles/python
--- a/nix/configuration/hosts/hydra/default.nix
+++ b/nix/configuration/hosts/hydra/default.nix
@ -45,13 +45,9 @@
  me.emacs_flavor = "plainmacs";
  me.graphical = false;
  me.hydra.enable = false;
+  me.nix_worker.enable = true;
  me.vm_disk.enable = true;
  me.wireguard.activated = [ ];
  me.wireguard.deactivated = [ ];
  me.zsh.enable = true;
-
-  # Trust this key so nix running as root can ssh into hydra.
-  users.users.talexander.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
-  ];
 }
--- a/nix/configuration/hosts/odo/distributed_build.nix
+++ b/nix/configuration/hosts/odo/distributed_build.nix
@ -9,48 +9,19 @@

  config = lib.mkMerge [
    {
-      nix.distributedBuilds = true;
-      nix.buildMachines = [
-        {
-          hostName = "hydra";
-          sshUser = "talexander";
-          systems = [
-            "x86_64-linux"
-            # "aarch64-linux"
-          ];
-          maxJobs = 1;
+      me.distributed_build.enable = true;
+      me.distributed_build.machines.hydra = {
+        enable = true;
+        additional_config = {
          speedFactor = 2;
-          supportedFeatures = [
-            # "nixos-test"
-            "benchmark"
-            "big-parallel"
-            # "kvm"
-            "gccarch-znver4"
-            "gccarch-x86-64-v3"
-            "gccarch-x86-64-v4"
-          ];
-        }
-        {
-          hostName = "quark";
-          sshUser = "talexander";
-          systems = [
-            "x86_64-linux"
-            # "aarch64-linux"
-          ];
-          maxJobs = 1;
+        };
+      };
+      me.distributed_build.machines.quark = {
+        enable = true;
+        additional_config = {
          speedFactor = 2;
-          supportedFeatures = [
-            # "nixos-test"
-            "benchmark"
-            "big-parallel"
-            # "kvm"
-            "gccarch-znver4"
-            "gccarch-x86-64-v3"
-            "gccarch-x86-64-v4"
-            "gccarch-znver5"
-          ];
-        }
-      ];
+        };
+      };
    }
  ];
 }
--- a/nix/configuration/hosts/quark/default.nix
+++ b/nix/configuration/hosts/quark/default.nix
@ -58,6 +58,7 @@
  me.lvfs.enable = true;
  me.media.enable = true;
  me.nix_index.enable = true;
+  me.nix_worker.enable = true;
  me.pcsx2.enable = true;
  me.python.enable = true;
  me.qemu.enable = true;
--- a/nix/configuration/hosts/quark/distributed_build.nix
+++ b/nix/configuration/hosts/quark/distributed_build.nix
@ -9,28 +9,13 @@

  config = lib.mkMerge [
    {
-      nix.distributedBuilds = true;
-      nix.buildMachines = [
-        {
-          hostName = "hydra";
-          sshUser = "talexander";
-          systems = [
-            "x86_64-linux"
-            # "aarch64-linux"
-          ];
-          maxJobs = 1;
+      me.distributed_build.enable = true;
+      me.distributed_build.machines.hydra = {
+        enable = true;
+        additional_config = {
          speedFactor = 2;
-          supportedFeatures = [
-            # "nixos-test"
-            "benchmark"
-            "big-parallel"
-            # "kvm"
-            "gccarch-znver4"
-            "gccarch-x86-64-v3"
-            "gccarch-x86-64-v4"
-          ];
-        }
-      ];
+        };
+      };
    }
  ];
 }
--- a/nix/configuration/roles/distributed_build/default.nix
+++ b/nix/configuration/roles/distributed_build/default.nix
@ -0,0 +1,105 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  make_machine_config = name: {
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to use the ${name} machine during distributed builds.";
+    };
+
+    additional_config = lib.mkOption {
+      type = lib.types.attrs;
+      default = { };
+      example = lib.literalExpression {
+        speedFactor = 2;
+      };
+      description = "Additional config values for the buildMachines entry. For example, speedFactor.";
+    };
+  };
+in
+{
+  imports = [ ];
+
+  options.me = {
+    distributed_build.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to use multiple machines to perform a nixos-rebuild.";
+    };
+
+    distributed_build.machines.hydra = make_machine_config "hydra";
+    distributed_build.machines.quark = make_machine_config "quark";
+  };
+
+  config = lib.mkIf config.me.distributed_build.enable (
+    lib.mkMerge [
+      {
+        nix.distributedBuilds = true;
+      }
+      (lib.mkIf config.me.distributed_build.machines.hydra.enable {
+        nix.buildMachines = [
+          (
+            {
+              hostName = "hydra";
+              sshUser = "nixworker";
+              # sshKey = "";
+              # publicHostKey = "";
+              systems = [
+                "x86_64-linux"
+                # "aarch64-linux"
+              ];
+              maxJobs = 1;
+              supportedFeatures = [
+                # "nixos-test"
+                "benchmark"
+                "big-parallel"
+                # "kvm"
+                "gccarch-x86-64-v3"
+                "gccarch-x86-64-v4"
+                "gccarch-znver4"
+              ];
+            }
+            // config.me.distributed_build.machines.hydra.additional_config
+          )
+        ];
+      })
+      (lib.mkIf config.me.distributed_build.machines.quark.enable {
+        nix.buildMachines = [
+          (
+            {
+              hostName = "quark";
+              sshUser = "nixworker";
+              sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
+              # From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
+              publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx0alplYlVYTkRkU3Y1enVGbjM3eFNMZUN3S2hPKzFMdWovM2FYNFJRTEEgcm9vdEBxdWFyawo=";
+              systems = [
+                "x86_64-linux"
+                # "aarch64-linux"
+              ];
+              maxJobs = 1;
+              supportedFeatures = [
+                # "nixos-test"
+                "benchmark"
+                "big-parallel"
+                # "kvm"
+                "gccarch-x86-64-v3"
+                "gccarch-x86-64-v4"
+                "gccarch-znver4"
+                "gccarch-znver5"
+              ];
+            }
+            // config.me.distributed_build.machines.quark.additional_config
+          )
+        ];
+      })
+    ]
+  );
+}
--- a/nix/configuration/roles/nix_worker/default.nix
+++ b/nix/configuration/roles/nix_worker/default.nix
@ -0,0 +1,57 @@
+# MANUAL: Remember to set up root's ssh config with any necessary values. For example:
+
+# Host foo
+#   HostName ns1.fizz.buzz
+#   Port 65122
+#   User nixworker
+#   IdentitiesOnly yes
+#   IdentityFile /persist/manual/ssh/root/keys/id_ed25519
+
+# Host *
+#   Compression yes
+
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    nix_worker.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether this machine should be set up to function as a nix.buildMachines. This does not configure nix.buildMachines, but only does the necessary setup to get the machine ready/capable of being a nix.buildMachines.";
+    };
+  };
+
+  config = lib.mkIf config.me.nix_worker.enable (
+    lib.mkMerge [
+      {
+        nix.settings.trusted-users = [ "nixworker" ];
+
+        users.users.nixworker = {
+          isNormalUser = true;
+          createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
+          group = "nixworker";
+          # extraGroups = [ "wheel" ];
+          # Generate with `mkpasswd -m scrypt`
+          hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
+          openssh.authorizedKeys.keys = [
+            # Normal keys:
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
+            "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
+            "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
+            # Key for nix to connect:
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
+          ];
+        };
+        users.groups.nixworker = { };
+      }
+    ]
+  );
+}
--- a/nix/configuration/roles/ssh/files/ssh_config_root
+++ b/nix/configuration/roles/ssh/files/ssh_config_root
@ -1,7 +1,7 @@
 Host hydra
  HostName ns1.fizz.buzz
  Port 65122
-  User talexander
+  User nixworker
  IdentitiesOnly yes
  IdentityFile /persist/manual/ssh/root/keys/id_ed25519