Added nix builder config for tsuki and isvegg
- Also updated nix package name
This commit is contained in:
parent
01519d9e61
commit
bdc8817eef
|
@ -10,7 +10,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
package = unstable-pkgs.nixFlakes;
|
package = unstable-pkgs.nixVersions.stable;
|
||||||
distributedBuilds = config.networking.hostName != "Tsuki";
|
distributedBuilds = config.networking.hostName != "Tsuki";
|
||||||
binaryCaches = [
|
binaryCaches = [
|
||||||
"https://cache.nixos.org/"
|
"https://cache.nixos.org/"
|
||||||
|
@ -19,23 +19,40 @@ in {
|
||||||
extraOptions = ''
|
extraOptions = ''
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
builders-use-substitutes = true
|
builders-use-substitutes = true
|
||||||
|
allowed-uris = http:// https://
|
||||||
'';
|
'';
|
||||||
|
|
||||||
trustedUsers = [ "h7x4" ];
|
trustedUsers = [ "h7x4" "nix-builder" ];
|
||||||
|
|
||||||
buildMachines = [
|
buildMachines = [
|
||||||
{
|
{
|
||||||
hostName = "Tsuki";
|
# Login details configured in ssh module in nix-secrets
|
||||||
|
hostName = "nix-builder-tsukir";
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
maxJobs = 1;
|
speedFactor = 5;
|
||||||
speedFactor = 3;
|
maxJobs = 8;
|
||||||
supportedFeatures = [
|
supportedFeatures = [
|
||||||
"nixos-test"
|
"nixos-test"
|
||||||
"benchmark"
|
"benchmark"
|
||||||
"big-paralell"
|
"big-paralell"
|
||||||
"kvm"
|
|
||||||
];
|
];
|
||||||
mandatoryFeatures = [];
|
mandatoryFeatures = [];
|
||||||
|
sshUser = "nix-builder";
|
||||||
|
sshKey = secrets.keys.ssh.nixBuilders.tsuki.private;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# Login details configured in ssh module in nix-secrets
|
||||||
|
hostName = "nix-builder-isvegg";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
speedFactor = 7;
|
||||||
|
maxJobs = 16;
|
||||||
|
supportedFeatures = [
|
||||||
|
"benchmark"
|
||||||
|
"big-paralell"
|
||||||
|
];
|
||||||
|
mandatoryFeatures = [];
|
||||||
|
sshUser = secrets.ssh.users.pvv.normalUser;
|
||||||
|
sshKey = secrets.keys.ssh.nixBuilders.isvegg.private;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
# registry = {
|
# registry = {
|
||||||
|
@ -43,6 +60,23 @@ in {
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
programs.ssh = {
|
||||||
|
extraConfig = ''
|
||||||
|
Host nix-builder-isvegg
|
||||||
|
HostName isvegg.pvv.ntnu.no
|
||||||
|
|
||||||
|
Host nix-builder-tsukir
|
||||||
|
HostName nani.wtf
|
||||||
|
Port ${toString secrets.ports.ssh.home-in}
|
||||||
|
'';
|
||||||
|
knownHosts = {
|
||||||
|
tsukir = {
|
||||||
|
hostNames = [ "nani.wtf" "gingakei.loginto.me" ];
|
||||||
|
publicKeyFile = secrets.keys.ssh.nixBuilders.tsuki.public;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/Oslo";
|
time.timeZone = "Europe/Oslo";
|
||||||
|
|
||||||
console = {
|
console = {
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
{ secrets, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
@ -8,11 +9,11 @@
|
||||||
# ./services/gitlab
|
# ./services/gitlab
|
||||||
./services/grafana.nix
|
./services/grafana.nix
|
||||||
./services/hydra.nix
|
./services/hydra.nix
|
||||||
./services/jitsi.nix
|
# ./services/jitsi.nix
|
||||||
# ./services/keycloak.nix
|
# ./services/keycloak.nix
|
||||||
# ./services/libvirt.nix
|
# ./services/libvirt.nix
|
||||||
./services/matrix
|
./services/matrix
|
||||||
./services/nginx.nix
|
./services/nginx
|
||||||
# ./services/openldap.nix
|
# ./services/openldap.nix
|
||||||
# ./services/openvpn.nix
|
# ./services/openvpn.nix
|
||||||
./services/plex.nix
|
./services/plex.nix
|
||||||
|
@ -81,10 +82,22 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
groups.media = {};
|
users = {
|
||||||
users.media = {
|
media = {
|
||||||
isSystemUser = true;
|
description = "User responsible for owning all sorts of server media files";
|
||||||
group = "media";
|
isSystemUser = true;
|
||||||
|
group = "media";
|
||||||
|
};
|
||||||
|
nix-builder = {
|
||||||
|
description = "User for executing distributed builds via SSH";
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "nix-builder";
|
||||||
|
openssh.authorizedKeys.keyFiles = [ secrets.keys.ssh.nixBuilders.tsuki.public ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
groups = {
|
||||||
|
media = {};
|
||||||
|
nix-builder = {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue