talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'nix_worker' into nix

Browse Source
This commit is contained in:
Tom Alexander 2025-05-04 16:40:24 -04:00
commit 4d754355b7
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
8 changed files with 184 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nix/configuration/configuration.nix
View File

@ -16,6 +16,7 @@
./roles/boot ./roles/boot
./roles/chromecast ./roles/chromecast
./roles/chromium ./roles/chromium
./roles/distributed_build
./roles/docker ./roles/docker
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
@ -41,6 +42,7 @@
./roles/memtest86 ./roles/memtest86
./roles/network ./roles/network
./roles/nix_index ./roles/nix_index
./roles/nix_worker
./roles/nvme ./roles/nvme
./roles/pcsx2 ./roles/pcsx2
./roles/python ./roles/python

6
nix/configuration/hosts/hydra/default.nix
View File

@ -45,13 +45,9 @@
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";
me.graphical = false; me.graphical = false;
me.hydra.enable = false; me.hydra.enable = false;
me.nix_worker.enable = true;
me.vm_disk.enable = true; me.vm_disk.enable = true;
me.wireguard.activated = [ ]; me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ]; me.wireguard.deactivated = [ ];
me.zsh.enable = true; me.zsh.enable = true;
# Trust this key so nix running as root can ssh into hydra.
users.users.talexander.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
];
} }

51
nix/configuration/hosts/odo/distributed_build.nix
View File

@ -9,48 +9,19 @@
config = lib.mkMerge [ config = lib.mkMerge [
{ {
nix.distributedBuilds = true; me.distributed_build.enable = true;
nix.buildMachines = [ me.distributed_build.machines.hydra = {
{ enable = true;
hostName = "hydra"; additional_config = {
sshUser = "talexander";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
speedFactor = 2; speedFactor = 2;
supportedFeatures = [ };
# "nixos-test" };
"benchmark" me.distributed_build.machines.quark = {
"big-parallel" enable = true;
# "kvm" additional_config = {
"gccarch-znver4"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
];
}
{
hostName = "quark";
sshUser = "talexander";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
speedFactor = 2; speedFactor = 2;
supportedFeatures = [ };
# "nixos-test" };
"benchmark"
"big-parallel"
# "kvm"
"gccarch-znver4"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver5"
];
}
];
} }
]; ];
} }

1
nix/configuration/hosts/quark/default.nix
View File

@ -58,6 +58,7 @@
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_worker.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;

27
nix/configuration/hosts/quark/distributed_build.nix
View File

@ -9,28 +9,13 @@
config = lib.mkMerge [ config = lib.mkMerge [
{ {
nix.distributedBuilds = true; me.distributed_build.enable = true;
nix.buildMachines = [ me.distributed_build.machines.hydra = {
{ enable = true;
hostName = "hydra"; additional_config = {
sshUser = "talexander";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
speedFactor = 2; speedFactor = 2;
supportedFeatures = [ };
# "nixos-test" };
"benchmark"
"big-parallel"
# "kvm"
"gccarch-znver4"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
];
}
];
} }
]; ];
} }

105
nix/configuration/roles/distributed_build/default.nix Normal file
View File

@ -0,0 +1,105 @@
{
config,
lib,
pkgs,
...
}:
let
make_machine_config = name: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use the ${name} machine during distributed builds.";
};
additional_config = lib.mkOption {
type = lib.types.attrs;
default = { };
example = lib.literalExpression {
speedFactor = 2;
};
description = "Additional config values for the buildMachines entry. For example, speedFactor.";
};
};
in
{
imports = [ ];
options.me = {
distributed_build.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use multiple machines to perform a nixos-rebuild.";
};
distributed_build.machines.hydra = make_machine_config "hydra";
distributed_build.machines.quark = make_machine_config "quark";
};
config = lib.mkIf config.me.distributed_build.enable (
lib.mkMerge [
{
nix.distributedBuilds = true;
}
(lib.mkIf config.me.distributed_build.machines.hydra.enable {
nix.buildMachines = [
(
{
hostName = "hydra";
sshUser = "nixworker";
# sshKey = "";
# publicHostKey = "";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver4"
];
}
// config.me.distributed_build.machines.hydra.additional_config
)
];
})
(lib.mkIf config.me.distributed_build.machines.quark.enable {
nix.buildMachines = [
(
{
hostName = "quark";
sshUser = "nixworker";
sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx0alplYlVYTkRkU3Y1enVGbjM3eFNMZUN3S2hPKzFMdWovM2FYNFJRTEEgcm9vdEBxdWFyawo=";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver4"
"gccarch-znver5"
];
}
// config.me.distributed_build.machines.quark.additional_config
)
];
})
]
);
}

57
nix/configuration/roles/nix_worker/default.nix Normal file
View File

@ -0,0 +1,57 @@
# MANUAL: Remember to set up root's ssh config with any necessary values. For example:
# Host foo
# HostName ns1.fizz.buzz
# Port 65122
# User nixworker
# IdentitiesOnly yes
# IdentityFile /persist/manual/ssh/root/keys/id_ed25519
# Host *
# Compression yes
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
nix_worker.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether this machine should be set up to function as a nix.buildMachines. This does not configure nix.buildMachines, but only does the necessary setup to get the machine ready/capable of being a nix.buildMachines.";
};
};
config = lib.mkIf config.me.nix_worker.enable (
lib.mkMerge [
{
nix.settings.trusted-users = [ "nixworker" ];
users.users.nixworker = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "nixworker";
# extraGroups = [ "wheel" ];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
# Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
];
};
users.groups.nixworker = { };
}
]
);
}

2
nix/configuration/roles/ssh/files/ssh_config_root
View File

@ -1,7 +1,7 @@
Host hydra Host hydra
HostName ns1.fizz.buzz HostName ns1.fizz.buzz
Port 65122 Port 65122
User talexander User nixworker
IdentitiesOnly yes IdentitiesOnly yes
IdentityFile /persist/manual/ssh/root/keys/id_ed25519 IdentityFile /persist/manual/ssh/root/keys/id_ed25519