Added nix builder config for tsuki and isvegg

- Also updated nix package name
2022-10-13 23:58:48 +02:00 · 2022-10-13 23:58:48 +02:00 · bdc8817eef
parent 01519d9e61
commit bdc8817eef
2 changed files with 59 additions and 12 deletions
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -10,7 +10,7 @@ in {
  };

  nix = {
-    package = unstable-pkgs.nixFlakes;
+    package = unstable-pkgs.nixVersions.stable;
    distributedBuilds = config.networking.hostName != "Tsuki";
    binaryCaches = [
      "https://cache.nixos.org/"
@ -19,23 +19,40 @@ in {
    extraOptions = ''
      experimental-features = nix-command flakes
      builders-use-substitutes = true
+      allowed-uris = http:// https://
    '';

-    trustedUsers = [ "h7x4" ];
+    trustedUsers = [ "h7x4" "nix-builder" ];

    buildMachines = [
      {
-        hostName = "Tsuki";
+        # Login details configured in ssh module in nix-secrets
+        hostName = "nix-builder-tsukir";
        system = "x86_64-linux";
-        maxJobs = 1;
-        speedFactor = 3;
+        speedFactor = 5;
+        maxJobs = 8;
        supportedFeatures = [
          "nixos-test"
          "benchmark"
          "big-paralell"
-          "kvm"
        ];
        mandatoryFeatures = [];
+        sshUser = "nix-builder";
+        sshKey = secrets.keys.ssh.nixBuilders.tsuki.private;
+      }
+      {
+        # Login details configured in ssh module in nix-secrets
+        hostName = "nix-builder-isvegg";
+        system = "x86_64-linux";
+        speedFactor = 7;
+        maxJobs = 16;
+        supportedFeatures = [
+          "benchmark"
+          "big-paralell"
+        ];
+        mandatoryFeatures = [];
+        sshUser = secrets.ssh.users.pvv.normalUser;
+        sshKey = secrets.keys.ssh.nixBuilders.isvegg.private;
      }
    ];
    # registry = {
@ -43,6 +60,23 @@ in {
    # };
  };

+  programs.ssh = {
+    extraConfig = ''
+      Host nix-builder-isvegg
+        HostName isvegg.pvv.ntnu.no
+
+      Host nix-builder-tsukir
+        HostName nani.wtf
+        Port ${toString secrets.ports.ssh.home-in}
+    '';
+    knownHosts = {
+      tsukir = {
+        hostNames = [ "nani.wtf" "gingakei.loginto.me" ];
+        publicKeyFile = secrets.keys.ssh.nixBuilders.tsuki.public;
+      };
+    };
+  };
+
  time.timeZone = "Europe/Oslo";

  console = {
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@ -1,3 +1,4 @@
+{ secrets, ... }:
 {
  imports = [
    ./hardware-configuration.nix
@ -8,11 +9,11 @@
    # ./services/gitlab
    ./services/grafana.nix
    ./services/hydra.nix
-    ./services/jitsi.nix
+    # ./services/jitsi.nix
    # ./services/keycloak.nix
    # ./services/libvirt.nix
    ./services/matrix
-    ./services/nginx.nix
+    ./services/nginx
    # ./services/openldap.nix
    # ./services/openvpn.nix
    ./services/plex.nix
@ -81,10 +82,22 @@
  };

  users = {
-    groups.media = {};
-    users.media = {
-      isSystemUser = true;
-      group = "media";
+    users = {
+      media = {
+        description = "User responsible for owning all sorts of server media files";
+        isSystemUser = true;
+        group = "media";
+      };
+      nix-builder = {
+        description = "User for executing distributed builds via SSH";
+        isSystemUser = true;
+        group = "nix-builder";
+        openssh.authorizedKeys.keyFiles = [ secrets.keys.ssh.nixBuilders.tsuki.public ];
+      };
+    };
+    groups = {
+      media = {};
+      nix-builder = {};
    };
  };