From a4502806bf966d427af33094eb6950a145241009 Mon Sep 17 00:00:00 2001 From: Linnnus Date: Fri, 6 Dec 2024 12:28:30 +0100 Subject: muhammed: Add ahmed as remote x86_64-linux builder --- hosts/muhammed/configuration.nix | 2 +- hosts/muhammed/linux-builder/default.nix | 37 ----------------- hosts/muhammed/remote-builders/ahmed-builder.nix | 48 ++++++++++++++++++++++ hosts/muhammed/remote-builders/default.nix | 18 ++++++++ .../remote-builders/local-linux-builder.nix | 36 ++++++++++++++++ 5 files changed, 103 insertions(+), 38 deletions(-) delete mode 100644 hosts/muhammed/linux-builder/default.nix create mode 100644 hosts/muhammed/remote-builders/ahmed-builder.nix create mode 100644 hosts/muhammed/remote-builders/default.nix create mode 100644 hosts/muhammed/remote-builders/local-linux-builder.nix diff --git a/hosts/muhammed/configuration.nix b/hosts/muhammed/configuration.nix index dd9a737..2cf8c3f 100644 --- a/hosts/muhammed/configuration.nix +++ b/hosts/muhammed/configuration.nix @@ -7,7 +7,7 @@ }: { imports = [ ./home - ./linux-builder + ./remote-builders ./wraaath-sshfs ]; diff --git a/hosts/muhammed/linux-builder/default.nix b/hosts/muhammed/linux-builder/default.nix deleted file mode 100644 index efba173..0000000 --- a/hosts/muhammed/linux-builder/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Create a local Linux builder. This will allow us to build aarch64-linux -# targets directly on this machine. -# -# It also does some related stuff to make NixOS tests work. -{...}: { - nix.settings.trusted-users = ["linus"]; - - nix.linux-builder = { - enable = true; - - # Clearing the VM state upon startup should improve reliability at the cost - # of some startup speed. Will have to re-evaluate if this trade off is - # worth it at some point. - ephemeral = true; - - config = {pkgs, ...}: { - environment.systemPackages = with pkgs; [ - # cntr is used to jump into the sandbox of packages that use breakpointHook. - pkgs.cntr - - # Nix is used to debug and fetch other tools as needed. - pkgs.nix - ]; - - # Allow root login. This would normally be horrible but it's a local VM so who cares. - users.users.root.hashedPassword = "$y$j9T$TosKLKCZ.g9be.Wz5/qVJ.$YWvn4nAp8tn.xhHGBMOz748PHma6QGhN/WShilEbz8A"; - services.openssh.permitRootLogin = "yes"; - }; - }; - - # Add system-features to the nix daemon that are needed for NixOS tests - # Starting with Nix 2.19, this will be automatic - nix.settings.system-features = [ - "nixos-test" - "apple-virt" - ]; -} diff --git a/hosts/muhammed/remote-builders/ahmed-builder.nix b/hosts/muhammed/remote-builders/ahmed-builder.nix new file mode 100644 index 0000000..7b9bd99 --- /dev/null +++ b/hosts/muhammed/remote-builders/ahmed-builder.nix @@ -0,0 +1,48 @@ +# This file registers ahmed as a remote x86_64-linux builder. +# +# You can test that the remote builder is working with this command: +# +# nix build \ +# --max-jobs 0 \ +# --rebuild \ +# --expr 'derivation { name = "hello"; system = "x86_64-linux"; builder = "/bin/sh"; args = [ "-c" "echo hello >$out" ]; }' +# +# See: https://nixos.wiki/wiki/Distributed_build +# See: hosts/ahmed/remote-builder/default.nix +# FIXME: How to trust key ahead of time? +{metadata, ...}: let + inherit (metadata.hosts.ahmed) ipAddress; +in { + nix.buildMachines = [ + { + protocol = "ssh-ng"; + hostName = "ahmed-builder"; + + system = "x86_64-linux"; + maxJobs = 1; + speedFactor = 1; + supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; + mandatoryFeatures = []; + } + ]; + + environment.etc."ssh/ssh_config.d/100-ahmed-builder.conf".text = '' + Host ahmed-builder + User remotebuilder + Hostname ${ipAddress} + HostKeyAlias ahmed-builder + # This matches `users.users..authorizedKeys` on the server-side. + # HACK: We should use a purpose-specific key. + IdentityFile /Users/linus/.ssh/id_rsa + ''; + + # We have to trust ahmeds public key or the Nix daemon will fail to connect. + programs.ssh.knownHosts = { + ahmed-builder = { + hostNames = ["ahmed-builder"]; + # This is the public key of remotebuilder on the remote machine. + # It was obtained by manually connecting to remotebuilder@${ipAddress} and trusting the key. + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodiSwTcZcaZxqLyHjI2MGe1CpIBvIzzbjpXrwAyiYO"; + }; + }; +} diff --git a/hosts/muhammed/remote-builders/default.nix b/hosts/muhammed/remote-builders/default.nix new file mode 100644 index 0000000..50bda96 --- /dev/null +++ b/hosts/muhammed/remote-builders/default.nix @@ -0,0 +1,18 @@ +# Manages remote Nix builders. These are useful for building faster and for +# other architectures. +{...}: { + imports = [ + ./local-linux-builder.nix + ./ahmed-builder.nix + ]; + + # Enable using remote builders. + nix.distributedBuilds = true; + + # Optional, useful when the builder has a faster internet connection than + # yours. This may be the case since this host is a laptop and one of the + # remote builders isn't. + nix.extraOptions = '' + builders-use-substitutes = true + ''; +} diff --git a/hosts/muhammed/remote-builders/local-linux-builder.nix b/hosts/muhammed/remote-builders/local-linux-builder.nix new file mode 100644 index 0000000..dba2297 --- /dev/null +++ b/hosts/muhammed/remote-builders/local-linux-builder.nix @@ -0,0 +1,36 @@ +# Create a local Linux builder. This will allow us to build aarch64-linux +# targets directly on this machine. +{...}: { + # XXX: Why is this necessary? + nix.settings.trusted-users = ["linus"]; + + nix.linux-builder = { + enable = true; + + # Clearing the VM state upon startup should improve reliability at the cost + # of some startup speed. Will have to re-evaluate if this trade off is + # worth it at some point. + ephemeral = true; + + config = {pkgs, ...}: { + environment.systemPackages = with pkgs; [ + # cntr is used to jump into the sandbox of packages that use breakpointHook. + pkgs.cntr + + # Nix is used to debug and fetch other tools as needed. + pkgs.nix + ]; + + # Allow root login. This would normally be horrible but it's a local VM so who cares. + users.users.root.hashedPassword = "$y$j9T$TosKLKCZ.g9be.Wz5/qVJ.$YWvn4nAp8tn.xhHGBMOz748PHma6QGhN/WShilEbz8A"; + services.openssh.permitRootLogin = "yes"; + }; + }; + + # Add system-features to the nix daemon that are needed for NixOS tests + # Starting with Nix 2.19, this will be automatic + nix.settings.system-features = [ + "nixos-test" + "apple-virt" + ]; +} -- cgit v1.2.3