common: move nix-builders to separate files
This commit is contained in:
parent
6a2057f531
commit
d470c2064c
@ -2,15 +2,15 @@
|
||||
let
|
||||
inherit (config) machineVars;
|
||||
in {
|
||||
imports = [
|
||||
./nix-builders/bob.nix
|
||||
./nix-builders/isvegg.nix
|
||||
./nix-builders/tsuki.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml";
|
||||
|
||||
sops.secrets = {
|
||||
"ssh/nix-builders/tsuki/key" = { sopsFile = ./../../secrets/common.yaml; };
|
||||
"ssh/nix-builders/tsuki/pub" = { sopsFile = ./../../secrets/common.yaml; };
|
||||
"ssh/nix-builders/isvegg/key" = { sopsFile = ./../../secrets/common.yaml; };
|
||||
"ssh/nix-builders/bob/key" = { sopsFile = ./../../secrets/common.yaml; };
|
||||
# "ssh/nix-builders/isvegg/pub" = { };
|
||||
|
||||
"nix/access-tokens" = { sopsFile = ./../../secrets/common.yaml; };
|
||||
|
||||
"ssh/secret-config/global" = {
|
||||
@ -39,49 +39,6 @@ in {
|
||||
!include ${config.sops.secrets."nix/access-tokens".path}
|
||||
'';
|
||||
|
||||
buildMachines = [
|
||||
# {
|
||||
# # Login details configured in ssh module in nix-secrets
|
||||
# hostName = "nix-builder-tsukir";
|
||||
# system = "x86_64-linux";
|
||||
# speedFactor = 2;
|
||||
# maxJobs = 8;
|
||||
# supportedFeatures = [
|
||||
# "nixos-test"
|
||||
# "benchmark"
|
||||
# "big-paralell"
|
||||
# ];
|
||||
# mandatoryFeatures = [ ];
|
||||
# sshUser = "nix-ssh";
|
||||
# sshKey = config.sops.secrets."ssh/nix-builders/tsuki/key".path;
|
||||
# }
|
||||
{
|
||||
# Login details configured in ssh module in nix-secrets
|
||||
hostName = "nix-builder-isvegg";
|
||||
system = "x86_64-linux";
|
||||
speedFactor = 1;
|
||||
maxJobs = 8;
|
||||
supportedFeatures = [ ];
|
||||
mandatoryFeatures = [ ];
|
||||
sshUser = secrets.ssh.users.pvv.normalUser;
|
||||
sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path;
|
||||
}
|
||||
{
|
||||
# Login details configured in ssh module in nix-secrets
|
||||
hostName = "nix-builder-bob";
|
||||
system = "x86_64-linux";
|
||||
speedFactor = 5;
|
||||
maxJobs = 24;
|
||||
supportedFeatures = [
|
||||
"nixos-test"
|
||||
"benchmark"
|
||||
"big-paralell"
|
||||
];
|
||||
mandatoryFeatures = [ ];
|
||||
# sshUser = secrets.ssh.users.pvv.normalUser;
|
||||
# sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path;
|
||||
}
|
||||
];
|
||||
registry = {
|
||||
home.to = {
|
||||
type = "path";
|
||||
@ -108,22 +65,8 @@ in {
|
||||
programs.ssh = {
|
||||
extraConfig = ''
|
||||
Include ${config.sops.secrets."ssh/secret-config/global".path}
|
||||
|
||||
Host nix-builder-isvegg
|
||||
HostName isvegg.pvv.ntnu.no
|
||||
User oysteikt
|
||||
IdentityFile ${config.sops.secrets."ssh/nix-builders/isvegg/key".path}
|
||||
|
||||
Host nix-builder-bob
|
||||
HostName bob.pvv.ntnu.no
|
||||
ProxyJump nix-builder-isvegg
|
||||
User oysteikt
|
||||
IdentityFile ${config.sops.secrets."ssh/nix-builders/bob/key".path}
|
||||
|
||||
Host nix-builder-tsukir
|
||||
HostName gingakei.loginto.me
|
||||
Port ${toString secrets.ports.ssh.home-in}
|
||||
'';
|
||||
|
||||
knownHosts = {
|
||||
bob = {
|
||||
hostNames = [
|
||||
|
28
hosts/common/nix-builders/bob.nix
Normal file
28
hosts/common/nix-builders/bob.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ config, ... }:
|
||||
{
|
||||
sops.secrets."ssh/nix-builders/bob/key" = { sopsFile = ./../../../secrets/common.yaml; };
|
||||
|
||||
nix.buildMachines = [{
|
||||
# Login details configured in ssh module in nix-secrets
|
||||
hostName = "nix-builder-bob";
|
||||
system = "x86_64-linux";
|
||||
speedFactor = 5;
|
||||
maxJobs = 24;
|
||||
supportedFeatures = [
|
||||
"nixos-test"
|
||||
"benchmark"
|
||||
"big-paralell"
|
||||
];
|
||||
mandatoryFeatures = [ ];
|
||||
# sshUser = secrets.ssh.users.pvv.normalUser;
|
||||
# sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path;
|
||||
}];
|
||||
|
||||
programs.ssh.extraConfig = ''
|
||||
Host nix-builder-bob
|
||||
HostName bob.pvv.ntnu.no
|
||||
ProxyJump nix-builder-isvegg
|
||||
User oysteikt
|
||||
IdentityFile ${config.sops.secrets."ssh/nix-builders/bob/key".path}
|
||||
'';
|
||||
}
|
23
hosts/common/nix-builders/isvegg.nix
Normal file
23
hosts/common/nix-builders/isvegg.nix
Normal file
@ -0,0 +1,23 @@
|
||||
{ config, secrets, ... }:
|
||||
{
|
||||
sops.secrets."ssh/nix-builders/isvegg/key" = { sopsFile = ./../../../secrets/common.yaml; };
|
||||
|
||||
nix.buildMachines = [{
|
||||
# Login details configured in ssh module in nix-secrets
|
||||
hostName = "nix-builder-isvegg";
|
||||
system = "x86_64-linux";
|
||||
speedFactor = 1;
|
||||
maxJobs = 8;
|
||||
supportedFeatures = [ ];
|
||||
mandatoryFeatures = [ ];
|
||||
sshUser = secrets.ssh.users.pvv.normalUser;
|
||||
sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path;
|
||||
}];
|
||||
|
||||
programs.ssh.extraConfig = ''
|
||||
Host nix-builder-isvegg
|
||||
HostName isvegg.pvv.ntnu.no
|
||||
User oysteikt
|
||||
IdentityFile ${config.sops.secrets."ssh/nix-builders/isvegg/key".path}
|
||||
'';
|
||||
}
|
30
hosts/common/nix-builders/tsuki.nix
Normal file
30
hosts/common/nix-builders/tsuki.nix
Normal file
@ -0,0 +1,30 @@
|
||||
{ config, secrets, ... }:
|
||||
{
|
||||
# TODO: install public key on tsuki declaratively
|
||||
sops.secrets = {
|
||||
"ssh/nix-builders/tsuki/key" = { sopsFile = ./../../../secrets/common.yaml; };
|
||||
"ssh/nix-builders/tsuki/pub" = { sopsFile = ./../../../secrets/common.yaml; };
|
||||
};
|
||||
|
||||
nix.buildMachines = [{
|
||||
# Login details configured in ssh module in nix-secrets
|
||||
hostName = "nix-builder-tsukir";
|
||||
system = "x86_64-linux";
|
||||
speedFactor = 2;
|
||||
maxJobs = 8;
|
||||
supportedFeatures = [
|
||||
"nixos-test"
|
||||
"benchmark"
|
||||
"big-paralell"
|
||||
];
|
||||
mandatoryFeatures = [ ];
|
||||
sshUser = "nix-ssh";
|
||||
sshKey = config.sops.secrets."ssh/nix-builders/tsuki/key".path;
|
||||
}];
|
||||
|
||||
programs.ssh.extraConfig = ''
|
||||
Host nix-builder-tsukir
|
||||
HostName gingakei.loginto.me
|
||||
Port ${toString secrets.ports.ssh.home-in}
|
||||
'';
|
||||
}
|
Loading…
Reference in New Issue
Block a user