diff options
| author | Linnnus <[email protected]> | 2025-03-27 19:29:17 +0000 |
|---|---|---|
| committer | Linnnus <[email protected]> | 2025-04-04 13:05:23 +0000 |
| commit | 1c7fcddb45ca5bd474bfc438986617c1d2696c67 (patch) | |
| tree | 063c0f278e8edf38b9eec7f40cc6be78ac22b47f /hosts | |
| parent | ff55b7f004704f2c43f02447ec57b680f2339a95 (diff) | |
ali: Add ahmed as remote builder
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/ali/configuration.nix | 1 | ||||
| -rw-r--r-- | hosts/ali/remote-builders/ahmed-builder.nix | 36 | ||||
| -rw-r--r-- | hosts/ali/remote-builders/default.nix | 10 |
3 files changed, 47 insertions, 0 deletions
diff --git a/hosts/ali/configuration.nix b/hosts/ali/configuration.nix index 373d637..e62f1a8 100644 --- a/hosts/ali/configuration.nix +++ b/hosts/ali/configuration.nix @@ -15,6 +15,7 @@ ./wireless-networking ./desktop-environment + ./remote-builders ]; # Should match containing folder. diff --git a/hosts/ali/remote-builders/ahmed-builder.nix b/hosts/ali/remote-builders/ahmed-builder.nix new file mode 100644 index 0000000..0da0fc5 --- /dev/null +++ b/hosts/ali/remote-builders/ahmed-builder.nix @@ -0,0 +1,36 @@ +# This module adds ahmed as a remote builder for ali. +# Note that ahmed is configured such that root@ali is allowed to connect to remotebuilder@ahmed. +# TODO: Dedublicate with hosts/muhammed/remote-builders/ahmed-builder.nix + +{metadata, ...}: { + nix.buildMachines = [ + { + protocol = "ssh-ng"; + hostName = "ahmed-builder"; + + system = "x86_64-linux"; + maxJobs = 1; + speedFactor = 1; + supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; + mandatoryFeatures = []; + } + ]; + + environment.etc."ssh/ssh_config.d/100-ahmed-builder.conf".text = '' + Host ahmed-builder + User remotebuilder + Hostname ${metadata.hosts.ahmed.ipv4Address} + HostKeyAlias ahmed-builder + # This matches `users.users.<builder>.authorizedKeys` on the server-side. + # HACK: We should use a purpose-specific key. + IdentityFile /Users/linus/.ssh/id_rsa + ''; + + # We have to trust ahmeds host key or the Nix daemon will fail to connect. + programs.ssh.knownHosts = { + ahmed-builder = { + hostNames = ["ahmed-builder"]; + publicKey = metadata.hosts.ahmed.sshKeys.root; + }; + }; +} diff --git a/hosts/ali/remote-builders/default.nix b/hosts/ali/remote-builders/default.nix new file mode 100644 index 0000000..d9e4e46 --- /dev/null +++ b/hosts/ali/remote-builders/default.nix @@ -0,0 +1,10 @@ +{ + imports = [ + ./ahmed-builder.nix + ]; + + # Our interactive user must be trusted in order to use remote builders. I + # guess this is because otherwise an untrusted user could use their own + # remote builder to replace arbitrary store files... + nix.settings.trusted-users = ["linus"]; +} |