Set up hydra as a remote build machine.

2026-01-11 16:38:56 -05:00
parent 24e03ed8f7
commit 776ed67675
11 changed files with 268 additions and 49 deletions
--- a/nix/configuration/roles/distributed_build/default.nix
+++ b/nix/configuration/roles/distributed_build/default.nix
@@ -25,6 +25,13 @@ let
      };
      description = "Additional config values for the buildMachines entry. For example, speedFactor.";
    };
+
+    substituter_url = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      example = "ssh-ng://remote-host";
+      description = "URL to use as a substituter.";
+    };
  };

  static_host_configs = {
@@ -37,7 +44,40 @@ let
        # "aarch64-linux"
      ];
    };
+    hydra = {
+      # Does not work, so we have to use root's authorized keys. Not sure why. My best guess is it is related to overriding the ssh target via the ssh config.
+      #
+      # From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
+      # publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUNJRk9tU0NWV25xVVFFL2RKd2R0STdRQ29LTHhBNHRmWnRSYStFSG9XV0wgcm9vdEBoeWRyYQo=";
+      # publicHostKey = "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFDNk1nNytKMys1d2c5QkJmLzkweWJhbnhJK3ZiSXRzY1ZoTzRRVFNMT1FJM1QxbWMrNUxTK2oxdDY4a20zVmx1c2k5WWh0UmNOVk1NbmZQT3Q3ejFyZ0Q4Y05iY3UzU0xCOTNGR2hvb1ZtUktyVEMyaVE4bkxZYVoyV1lrdnZ3UjJ6b24zTjRlTlFJdWUwR0EzTEtNKy82RDN5V3didjRYV2pFeWtpa1NoVFJUVUtMTjU4aUVVOVRmcnEzeE1Ib0EvYmJZMGIxK1QzUDRkQ05wb3BFcFczaVJaYkV0NUpvNS92VFBsVjc4L3I3bnV2eHlaVjU3dWhzYjhFQlFzYUdCYTIraEt6SUhFblBHWXlPUDVRRWVCZ1ZBUzh6bFg4aktaZnZuaDA0NmdFdFoyMWJWdHNBZHNXcnVYdXNEUVQyanJ2VjJOVTYvc2cyMzZPbFZvWVU4Z1JYRHZiTXhoclVSVWNsajM1RGlzTi9wMEd2clZOckVjSktZK245MS9UMG9qU0gvVTVlRzVPclhZRXQwVzIra0NsVDk0T2kxM2JjQkVDYmVUUXJKMjJRc1hKSnVEVkVzOWhsU2RLemZkMDVaaVc3MllHaHRCRWptL015UG1nSHhxYzNTKzEwc0VvT2FIazdtRjQ0M0o1MzZoWEVHZDhGWjROMnQ3MlF3V3RuUGoyNENYOG8wbmNJN2ZIYTRHTWsybi9EWU84MlNUTEJHeVBMTkxnK040NUcyYUhaSk1NWGprWlplMUVZS0dQQm5tcTFlVUdFMVd0ZkVRSEhCTHd3Y0dDdm15aWI1NTliQ0p5NWExS2pnSGNBYlk0WVRKOTlwMWtPT2lIcVlvTnArczlhSklPZU93aE5xbkkrOUxrWnYrbEhCdXRoM3A1anRRNzA3bEJMMmVBd1E9PSByb290QGh5ZHJhCg==";
+      systems = [
+        "i686-linux"
+        "x86_64-linux"
+        # "aarch64-linux"
+      ];
+
+      hostName = lib.mkForce "hydra?remote-store=local?root=/home/nixworker/persist/root";
+    };
  };
+  joined_configs =
+    lib.genAttrs
+      (builtins.filter (hostname: config.me.distributed_build.machines."${hostname}".enable) (
+        builtins.attrNames all_nixos_configs
+      ))
+      (
+        hostname:
+        (lib.mkMerge [
+          {
+            hostName = hostname;
+            sshUser = "nixworker";
+            sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
+            maxJobs = 1;
+            supportedFeatures = all_nixos_configs."${hostname}".config.me.optimizations.system_features;
+          }
+          static_host_configs."${hostname}"
+          config.me.distributed_build.machines."${hostname}".additional_config
+        ])
+      );
 in
 {
  imports = [ ];
@@ -58,9 +98,13 @@ in
      {
        nix.distributedBuilds = true;

-        # https://nix.dev/manual/nix/2.32/store/types/ssh-store.html
-        # nix.settings.substituters = lib.mkForce [ "ssh://hydra?compress=true&log-fd=2&max-connections=4" ];
+        # Using an ssh-based substituter slows down the build because querying the remote store for paths takes ages.
+        #
+        # nix.settings.substituters = lib.mkForce [
+        #   "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/home/nixworker/persist/root"
+        # ];
        # nix.settings.substitute = lib.mkForce true;
+
        # nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" ''
        #   set -euo pipefail
        #   IFS=$'\n\t'
@@ -87,6 +131,7 @@ in
                  sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
                  maxJobs = 1;
                  supportedFeatures = all_nixos_configs."${hostname}".config.me.optimizations.system_features;
+                  protocol = "ssh-ng";
                }
                static_host_configs."${hostname}"
                config.me.distributed_build.machines."${hostname}".additional_config
@@ -95,6 +140,12 @@ in
          ) (builtins.attrNames all_nixos_configs)
        );
      }
+      # {
+      #   nix.settings.substitute = lib.mkForce true;
+      #   nix.settings.substituters = lib.mkForce (
+      #     lib.mapAttrsToList (hostname: joined_config: "ssh-ng://${joined_config.hostName}") joined_configs
+      #   );
+      # }
    ]
  );
 }