Set up loki as remote builder
This commit is contained in:
parent
19421432b8
commit
793b6d06d2
10 changed files with 67 additions and 12 deletions
|
@ -11,7 +11,7 @@
|
||||||
drone.enable = true;
|
drone.enable = true;
|
||||||
nix-common = {
|
nix-common = {
|
||||||
enable = true;
|
enable = true;
|
||||||
disable-cache = true;
|
remote-builders = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
gitea.enable = true;
|
gitea.enable = true;
|
||||||
nix-common = {
|
nix-common = {
|
||||||
enable = true;
|
enable = true;
|
||||||
disable-cache = true;
|
remote-builders = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -3,12 +3,15 @@ let
|
||||||
pkgs = import nixpkgs { system = "x86_64-linux"; };
|
pkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ./hardware-configuration.nix ../../users/erwin ../../users/root ];
|
imports = [ ./hardware-configuration.nix ../../users/erwin ../../users/root ../../users/builder ];
|
||||||
|
|
||||||
eboskma = {
|
eboskma = {
|
||||||
users.erwin = {
|
users = {
|
||||||
|
erwin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
home-manager = true;
|
home-manager = true;
|
||||||
|
};
|
||||||
|
builder.enable = true;
|
||||||
};
|
};
|
||||||
# backscrub.enable = true;
|
# backscrub.enable = true;
|
||||||
base = {
|
base = {
|
||||||
|
@ -44,10 +47,6 @@ in
|
||||||
};
|
};
|
||||||
nix-common = {
|
nix-common = {
|
||||||
enable = true;
|
enable = true;
|
||||||
disable-cache = true;
|
|
||||||
};
|
|
||||||
nix-serve = {
|
|
||||||
enable = false;
|
|
||||||
};
|
};
|
||||||
tablet.enable = false;
|
tablet.enable = false;
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
docker.enable = true;
|
docker.enable = true;
|
||||||
nix-common = {
|
nix-common = {
|
||||||
enable = true;
|
enable = true;
|
||||||
disable-cache = true;
|
remote-builders = true;
|
||||||
};
|
};
|
||||||
nginx-proxy-manager.enable = true;
|
nginx-proxy-manager.enable = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -9,9 +9,14 @@ in
|
||||||
{
|
{
|
||||||
options.eboskma.nix-common = {
|
options.eboskma.nix-common = {
|
||||||
enable = mkEnableOption "activate nix-common";
|
enable = mkEnableOption "activate nix-common";
|
||||||
disable-cache = mkEnableOption "no not use binary cache";
|
remote-builders = mkEnableOption "enable remote builders";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(mkRemovedOptionModule ["eboskma" "nix-common" "disable-cache" ]
|
||||||
|
"The option `disable-cache` is no longer used")
|
||||||
|
];
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
|
@ -23,18 +28,30 @@ in
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
buildMachines = mkIf cfg.remote-builders [
|
||||||
|
{
|
||||||
|
hostName = "loki";
|
||||||
|
systems = [ "x86_64-linux" ];
|
||||||
|
maxJobs = 8;
|
||||||
|
speedFactor = 2;
|
||||||
|
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
distributedBuilds = cfg.remote-builders;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
allowed-users = [ "root" ];
|
allowed-users = [ "root" ];
|
||||||
|
trusted-users = [ "root" ];
|
||||||
substituters = [
|
substituters = [
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
"https://marcus7070.cachix.org"
|
"https://marcus7070.cachix.org"
|
||||||
] ++ lib.optionals (! cfg.disable-cache) [ "http://loki.datarift.nl" ];
|
];
|
||||||
|
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
"marcus7070.cachix.org-1:JawxHSgnYsgNYJmNqZwvLjI4NcOwrcEZDToWlT3WwXw="
|
"marcus7070.cachix.org-1:JawxHSgnYsgNYJmNqZwvLjI4NcOwrcEZDToWlT3WwXw="
|
||||||
] ++ lib.optionals (! cfg.disable-cache) [ "loki.datarift.nl:Mk+g9h52oCWtCi6b6KxRkntrD+HZVhwNT8muUQtgKoA=" ];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
gc = {
|
gc = {
|
||||||
|
@ -43,5 +60,14 @@ in
|
||||||
options = "--delete-older-than=30d";
|
options = "--delete-older-than=30d";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
programs.ssh.extraConfig = mkIf cfg.remote-builders ''
|
||||||
|
Host loki
|
||||||
|
HostName 10.0.0.4
|
||||||
|
Port 22
|
||||||
|
User builder
|
||||||
|
IdentitiesOnly yes
|
||||||
|
IdentityFile /root/.ssh/id_builder
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,6 +13,8 @@ in
|
||||||
bindAddress = "127.0.0.1";
|
bindAddress = "127.0.0.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [ "C /run/cache-priv-key.pem 400 nix-serve root - ${config.services.nix-serve.secretKeyFile}" ];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
|
|
25
users/builder/default.nix
Normal file
25
users/builder/default.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ pkgs, config, lib, ...}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.eboskma.users.builder;
|
||||||
|
authorizedKeys = builtins.map (key: (builtins.readFile (./keys/${key})))
|
||||||
|
(builtins.attrNames (builtins.readDir ./keys));
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.eboskma.users.builder = { enable = mkEnableOption "builder"; };
|
||||||
|
|
||||||
|
config = mkIf (cfg.enable) {
|
||||||
|
users.users.builder = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "builder";
|
||||||
|
useDefaultShell = true;
|
||||||
|
home = "/var/lib/builder";
|
||||||
|
createHome = true;
|
||||||
|
openssh.authorizedKeys.keys = authorizedKeys;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.builder = {};
|
||||||
|
|
||||||
|
nix.settings.trusted-users = [ "builder" ];
|
||||||
|
};
|
||||||
|
}
|
1
users/builder/keys/drone
Normal file
1
users/builder/keys/drone
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKt96oN09JnlyHzGbKpxjqmfzfU5okhCBpC0CT0pkSUC root@drone
|
1
users/builder/keys/gitea
Normal file
1
users/builder/keys/gitea
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCDXelodQB8FgCJWqYgpOZKISN2RJw0IumQr98fy/m5 root@gitea
|
1
users/builder/keys/proxy
Normal file
1
users/builder/keys/proxy
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTrtuCcGH+gkfdVvD+BcpPTbmirXW7XieI6qNtBD7mJ root@proxy
|
Loading…
Reference in a new issue