diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix index ada07e5..5a1b58f 100644 --- a/nix/configuration/configuration.nix +++ b/nix/configuration/configuration.nix @@ -16,6 +16,7 @@ ./roles/boot ./roles/chromecast ./roles/chromium + ./roles/distributed_build ./roles/docker ./roles/ecc ./roles/emacs @@ -41,6 +42,7 @@ ./roles/memtest86 ./roles/network ./roles/nix_index + ./roles/nix_worker ./roles/nvme ./roles/pcsx2 ./roles/python diff --git a/nix/configuration/hosts/hydra/default.nix b/nix/configuration/hosts/hydra/default.nix index fc8ad72..f330dc4 100644 --- a/nix/configuration/hosts/hydra/default.nix +++ b/nix/configuration/hosts/hydra/default.nix @@ -45,13 +45,9 @@ me.emacs_flavor = "plainmacs"; me.graphical = false; me.hydra.enable = false; + me.nix_worker.enable = true; me.vm_disk.enable = true; me.wireguard.activated = [ ]; me.wireguard.deactivated = [ ]; me.zsh.enable = true; - - # Trust this key so nix running as root can ssh into hydra. - users.users.talexander.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo" - ]; } diff --git a/nix/configuration/hosts/odo/distributed_build.nix b/nix/configuration/hosts/odo/distributed_build.nix index 533b59e..46dccfc 100644 --- a/nix/configuration/hosts/odo/distributed_build.nix +++ b/nix/configuration/hosts/odo/distributed_build.nix @@ -9,48 +9,19 @@ config = lib.mkMerge [ { - nix.distributedBuilds = true; - nix.buildMachines = [ - { - hostName = "hydra"; - sshUser = "talexander"; - systems = [ - "x86_64-linux" - # "aarch64-linux" - ]; - maxJobs = 1; + me.distributed_build.enable = true; + me.distributed_build.machines.hydra = { + enable = true; + additional_config = { speedFactor = 2; - supportedFeatures = [ - # "nixos-test" - "benchmark" - "big-parallel" - # "kvm" - "gccarch-znver4" - "gccarch-x86-64-v3" - "gccarch-x86-64-v4" - ]; - } - { - hostName = "quark"; - sshUser = "talexander"; - systems = [ - "x86_64-linux" - # "aarch64-linux" - ]; - maxJobs = 1; + }; + }; + me.distributed_build.machines.quark = { + enable = true; + additional_config = { speedFactor = 2; - supportedFeatures = [ - # "nixos-test" - "benchmark" - "big-parallel" - # "kvm" - "gccarch-znver4" - "gccarch-x86-64-v3" - "gccarch-x86-64-v4" - "gccarch-znver5" - ]; - } - ]; + }; + }; } ]; } diff --git a/nix/configuration/hosts/quark/default.nix b/nix/configuration/hosts/quark/default.nix index 6baad8c..e235d50 100644 --- a/nix/configuration/hosts/quark/default.nix +++ b/nix/configuration/hosts/quark/default.nix @@ -58,6 +58,7 @@ me.lvfs.enable = true; me.media.enable = true; me.nix_index.enable = true; + me.nix_worker.enable = true; me.pcsx2.enable = true; me.python.enable = true; me.qemu.enable = true; diff --git a/nix/configuration/hosts/quark/distributed_build.nix b/nix/configuration/hosts/quark/distributed_build.nix index 6064fc0..942c265 100644 --- a/nix/configuration/hosts/quark/distributed_build.nix +++ b/nix/configuration/hosts/quark/distributed_build.nix @@ -9,28 +9,13 @@ config = lib.mkMerge [ { - nix.distributedBuilds = true; - nix.buildMachines = [ - { - hostName = "hydra"; - sshUser = "talexander"; - systems = [ - "x86_64-linux" - # "aarch64-linux" - ]; - maxJobs = 1; + me.distributed_build.enable = true; + me.distributed_build.machines.hydra = { + enable = true; + additional_config = { speedFactor = 2; - supportedFeatures = [ - # "nixos-test" - "benchmark" - "big-parallel" - # "kvm" - "gccarch-znver4" - "gccarch-x86-64-v3" - "gccarch-x86-64-v4" - ]; - } - ]; + }; + }; } ]; } diff --git a/nix/configuration/roles/distributed_build/default.nix b/nix/configuration/roles/distributed_build/default.nix new file mode 100644 index 0000000..61914b1 --- /dev/null +++ b/nix/configuration/roles/distributed_build/default.nix @@ -0,0 +1,105 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + make_machine_config = name: { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to use the ${name} machine during distributed builds."; + }; + + additional_config = lib.mkOption { + type = lib.types.attrs; + default = { }; + example = lib.literalExpression { + speedFactor = 2; + }; + description = "Additional config values for the buildMachines entry. For example, speedFactor."; + }; + }; +in +{ + imports = [ ]; + + options.me = { + distributed_build.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether we want to use multiple machines to perform a nixos-rebuild."; + }; + + distributed_build.machines.hydra = make_machine_config "hydra"; + distributed_build.machines.quark = make_machine_config "quark"; + }; + + config = lib.mkIf config.me.distributed_build.enable ( + lib.mkMerge [ + { + nix.distributedBuilds = true; + } + (lib.mkIf config.me.distributed_build.machines.hydra.enable { + nix.buildMachines = [ + ( + { + hostName = "hydra"; + sshUser = "nixworker"; + # sshKey = ""; + # publicHostKey = ""; + systems = [ + "x86_64-linux" + # "aarch64-linux" + ]; + maxJobs = 1; + supportedFeatures = [ + # "nixos-test" + "benchmark" + "big-parallel" + # "kvm" + "gccarch-x86-64-v3" + "gccarch-x86-64-v4" + "gccarch-znver4" + ]; + } + // config.me.distributed_build.machines.hydra.additional_config + ) + ]; + }) + (lib.mkIf config.me.distributed_build.machines.quark.enable { + nix.buildMachines = [ + ( + { + hostName = "quark"; + sshUser = "nixworker"; + sshKey = "/persist/manual/ssh/root/keys/id_ed25519"; + # From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub + publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx0alplYlVYTkRkU3Y1enVGbjM3eFNMZUN3S2hPKzFMdWovM2FYNFJRTEEgcm9vdEBxdWFyawo="; + systems = [ + "x86_64-linux" + # "aarch64-linux" + ]; + maxJobs = 1; + supportedFeatures = [ + # "nixos-test" + "benchmark" + "big-parallel" + # "kvm" + "gccarch-x86-64-v3" + "gccarch-x86-64-v4" + "gccarch-znver4" + "gccarch-znver5" + ]; + } + // config.me.distributed_build.machines.quark.additional_config + ) + ]; + }) + ] + ); +} diff --git a/nix/configuration/roles/nix_worker/default.nix b/nix/configuration/roles/nix_worker/default.nix new file mode 100644 index 0000000..9cc73c7 --- /dev/null +++ b/nix/configuration/roles/nix_worker/default.nix @@ -0,0 +1,57 @@ +# MANUAL: Remember to set up root's ssh config with any necessary values. For example: + +# Host foo +# HostName ns1.fizz.buzz +# Port 65122 +# User nixworker +# IdentitiesOnly yes +# IdentityFile /persist/manual/ssh/root/keys/id_ed25519 + +# Host * +# Compression yes + +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + nix_worker.enable = lib.mkOption { + type = lib.types.bool; + default = false; + example = true; + description = "Whether this machine should be set up to function as a nix.buildMachines. This does not configure nix.buildMachines, but only does the necessary setup to get the machine ready/capable of being a nix.buildMachines."; + }; + }; + + config = lib.mkIf config.me.nix_worker.enable ( + lib.mkMerge [ + { + nix.settings.trusted-users = [ "nixworker" ]; + + users.users.nixworker = { + isNormalUser = true; + createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481 + group = "nixworker"; + # extraGroups = [ "wheel" ]; + # Generate with `mkpasswd -m scrypt` + hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; + openssh.authorizedKeys.keys = [ + # Normal keys: + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" + # Key for nix to connect: + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo" + ]; + }; + users.groups.nixworker = { }; + } + ] + ); +} diff --git a/nix/configuration/roles/ssh/files/ssh_config_root b/nix/configuration/roles/ssh/files/ssh_config_root index 2d66ca5..0d340b3 100644 --- a/nix/configuration/roles/ssh/files/ssh_config_root +++ b/nix/configuration/roles/ssh/files/ssh_config_root @@ -1,7 +1,7 @@ Host hydra HostName ns1.fizz.buzz Port 65122 - User talexander + User nixworker IdentitiesOnly yes IdentityFile /persist/manual/ssh/root/keys/id_ed25519