diff --git a/hosts/common/default.nix b/hosts/common/default.nix index d911421..cf479f1 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -2,15 +2,15 @@ let inherit (config) machineVars; in { + imports = [ + ./nix-builders/bob.nix + ./nix-builders/isvegg.nix + ./nix-builders/tsuki.nix + ]; + sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml"; sops.secrets = { - "ssh/nix-builders/tsuki/key" = { sopsFile = ./../../secrets/common.yaml; }; - "ssh/nix-builders/tsuki/pub" = { sopsFile = ./../../secrets/common.yaml; }; - "ssh/nix-builders/isvegg/key" = { sopsFile = ./../../secrets/common.yaml; }; - "ssh/nix-builders/bob/key" = { sopsFile = ./../../secrets/common.yaml; }; - # "ssh/nix-builders/isvegg/pub" = { }; - "nix/access-tokens" = { sopsFile = ./../../secrets/common.yaml; }; "ssh/secret-config/global" = { @@ -39,49 +39,6 @@ in { !include ${config.sops.secrets."nix/access-tokens".path} ''; - buildMachines = [ - # { - # # Login details configured in ssh module in nix-secrets - # hostName = "nix-builder-tsukir"; - # system = "x86_64-linux"; - # speedFactor = 2; - # maxJobs = 8; - # supportedFeatures = [ - # "nixos-test" - # "benchmark" - # "big-paralell" - # ]; - # mandatoryFeatures = [ ]; - # sshUser = "nix-ssh"; - # sshKey = config.sops.secrets."ssh/nix-builders/tsuki/key".path; - # } - { - # Login details configured in ssh module in nix-secrets - hostName = "nix-builder-isvegg"; - system = "x86_64-linux"; - speedFactor = 1; - maxJobs = 8; - supportedFeatures = [ ]; - mandatoryFeatures = [ ]; - sshUser = secrets.ssh.users.pvv.normalUser; - sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path; - } - { - # Login details configured in ssh module in nix-secrets - hostName = "nix-builder-bob"; - system = "x86_64-linux"; - speedFactor = 5; - maxJobs = 24; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-paralell" - ]; - mandatoryFeatures = [ ]; - # sshUser = secrets.ssh.users.pvv.normalUser; - # sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path; - } - ]; registry = { home.to = { type = "path"; @@ -108,22 +65,8 @@ in { programs.ssh = { extraConfig = '' Include ${config.sops.secrets."ssh/secret-config/global".path} - - Host nix-builder-isvegg - HostName isvegg.pvv.ntnu.no - User oysteikt - IdentityFile ${config.sops.secrets."ssh/nix-builders/isvegg/key".path} - - Host nix-builder-bob - HostName bob.pvv.ntnu.no - ProxyJump nix-builder-isvegg - User oysteikt - IdentityFile ${config.sops.secrets."ssh/nix-builders/bob/key".path} - - Host nix-builder-tsukir - HostName gingakei.loginto.me - Port ${toString secrets.ports.ssh.home-in} ''; + knownHosts = { bob = { hostNames = [ diff --git a/hosts/common/nix-builders/bob.nix b/hosts/common/nix-builders/bob.nix new file mode 100644 index 0000000..b9de4a1 --- /dev/null +++ b/hosts/common/nix-builders/bob.nix @@ -0,0 +1,28 @@ +{ config, ... }: +{ + sops.secrets."ssh/nix-builders/bob/key" = { sopsFile = ./../../../secrets/common.yaml; }; + + nix.buildMachines = [{ + # Login details configured in ssh module in nix-secrets + hostName = "nix-builder-bob"; + system = "x86_64-linux"; + speedFactor = 5; + maxJobs = 24; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-paralell" + ]; + mandatoryFeatures = [ ]; + # sshUser = secrets.ssh.users.pvv.normalUser; + # sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path; + }]; + + programs.ssh.extraConfig = '' + Host nix-builder-bob + HostName bob.pvv.ntnu.no + ProxyJump nix-builder-isvegg + User oysteikt + IdentityFile ${config.sops.secrets."ssh/nix-builders/bob/key".path} + ''; +} \ No newline at end of file diff --git a/hosts/common/nix-builders/isvegg.nix b/hosts/common/nix-builders/isvegg.nix new file mode 100644 index 0000000..f04df30 --- /dev/null +++ b/hosts/common/nix-builders/isvegg.nix @@ -0,0 +1,23 @@ +{ config, secrets, ... }: +{ + sops.secrets."ssh/nix-builders/isvegg/key" = { sopsFile = ./../../../secrets/common.yaml; }; + + nix.buildMachines = [{ + # Login details configured in ssh module in nix-secrets + hostName = "nix-builder-isvegg"; + system = "x86_64-linux"; + speedFactor = 1; + maxJobs = 8; + supportedFeatures = [ ]; + mandatoryFeatures = [ ]; + sshUser = secrets.ssh.users.pvv.normalUser; + sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path; + }]; + + programs.ssh.extraConfig = '' + Host nix-builder-isvegg + HostName isvegg.pvv.ntnu.no + User oysteikt + IdentityFile ${config.sops.secrets."ssh/nix-builders/isvegg/key".path} + ''; +} \ No newline at end of file diff --git a/hosts/common/nix-builders/tsuki.nix b/hosts/common/nix-builders/tsuki.nix new file mode 100644 index 0000000..1d3dacb --- /dev/null +++ b/hosts/common/nix-builders/tsuki.nix @@ -0,0 +1,30 @@ +{ config, secrets, ... }: +{ + # TODO: install public key on tsuki declaratively + sops.secrets = { + "ssh/nix-builders/tsuki/key" = { sopsFile = ./../../../secrets/common.yaml; }; + "ssh/nix-builders/tsuki/pub" = { sopsFile = ./../../../secrets/common.yaml; }; + }; + + nix.buildMachines = [{ + # Login details configured in ssh module in nix-secrets + hostName = "nix-builder-tsukir"; + system = "x86_64-linux"; + speedFactor = 2; + maxJobs = 8; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-paralell" + ]; + mandatoryFeatures = [ ]; + sshUser = "nix-ssh"; + sshKey = config.sops.secrets."ssh/nix-builders/tsuki/key".path; + }]; + + programs.ssh.extraConfig = '' + Host nix-builder-tsukir + HostName gingakei.loginto.me + Port ${toString secrets.ports.ssh.home-in} + ''; +} \ No newline at end of file