common: move nix-builders to separate files

This commit is contained in:
Oystein Kristoffer Tveit 2024-06-29 14:02:04 +02:00
parent 6a2057f531
commit d470c2064c
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
4 changed files with 88 additions and 64 deletions

View File

@ -2,15 +2,15 @@
let let
inherit (config) machineVars; inherit (config) machineVars;
in { in {
imports = [
./nix-builders/bob.nix
./nix-builders/isvegg.nix
./nix-builders/tsuki.nix
];
sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml"; sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml";
sops.secrets = { sops.secrets = {
"ssh/nix-builders/tsuki/key" = { sopsFile = ./../../secrets/common.yaml; };
"ssh/nix-builders/tsuki/pub" = { sopsFile = ./../../secrets/common.yaml; };
"ssh/nix-builders/isvegg/key" = { sopsFile = ./../../secrets/common.yaml; };
"ssh/nix-builders/bob/key" = { sopsFile = ./../../secrets/common.yaml; };
# "ssh/nix-builders/isvegg/pub" = { };
"nix/access-tokens" = { sopsFile = ./../../secrets/common.yaml; }; "nix/access-tokens" = { sopsFile = ./../../secrets/common.yaml; };
"ssh/secret-config/global" = { "ssh/secret-config/global" = {
@ -39,49 +39,6 @@ in {
!include ${config.sops.secrets."nix/access-tokens".path} !include ${config.sops.secrets."nix/access-tokens".path}
''; '';
buildMachines = [
# {
# # Login details configured in ssh module in nix-secrets
# hostName = "nix-builder-tsukir";
# system = "x86_64-linux";
# speedFactor = 2;
# maxJobs = 8;
# supportedFeatures = [
# "nixos-test"
# "benchmark"
# "big-paralell"
# ];
# mandatoryFeatures = [ ];
# sshUser = "nix-ssh";
# sshKey = config.sops.secrets."ssh/nix-builders/tsuki/key".path;
# }
{
# Login details configured in ssh module in nix-secrets
hostName = "nix-builder-isvegg";
system = "x86_64-linux";
speedFactor = 1;
maxJobs = 8;
supportedFeatures = [ ];
mandatoryFeatures = [ ];
sshUser = secrets.ssh.users.pvv.normalUser;
sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path;
}
{
# Login details configured in ssh module in nix-secrets
hostName = "nix-builder-bob";
system = "x86_64-linux";
speedFactor = 5;
maxJobs = 24;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-paralell"
];
mandatoryFeatures = [ ];
# sshUser = secrets.ssh.users.pvv.normalUser;
# sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path;
}
];
registry = { registry = {
home.to = { home.to = {
type = "path"; type = "path";
@ -108,22 +65,8 @@ in {
programs.ssh = { programs.ssh = {
extraConfig = '' extraConfig = ''
Include ${config.sops.secrets."ssh/secret-config/global".path} Include ${config.sops.secrets."ssh/secret-config/global".path}
Host nix-builder-isvegg
HostName isvegg.pvv.ntnu.no
User oysteikt
IdentityFile ${config.sops.secrets."ssh/nix-builders/isvegg/key".path}
Host nix-builder-bob
HostName bob.pvv.ntnu.no
ProxyJump nix-builder-isvegg
User oysteikt
IdentityFile ${config.sops.secrets."ssh/nix-builders/bob/key".path}
Host nix-builder-tsukir
HostName gingakei.loginto.me
Port ${toString secrets.ports.ssh.home-in}
''; '';
knownHosts = { knownHosts = {
bob = { bob = {
hostNames = [ hostNames = [

View File

@ -0,0 +1,28 @@
{ config, ... }:
{
sops.secrets."ssh/nix-builders/bob/key" = { sopsFile = ./../../../secrets/common.yaml; };
nix.buildMachines = [{
# Login details configured in ssh module in nix-secrets
hostName = "nix-builder-bob";
system = "x86_64-linux";
speedFactor = 5;
maxJobs = 24;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-paralell"
];
mandatoryFeatures = [ ];
# sshUser = secrets.ssh.users.pvv.normalUser;
# sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path;
}];
programs.ssh.extraConfig = ''
Host nix-builder-bob
HostName bob.pvv.ntnu.no
ProxyJump nix-builder-isvegg
User oysteikt
IdentityFile ${config.sops.secrets."ssh/nix-builders/bob/key".path}
'';
}

View File

@ -0,0 +1,23 @@
{ config, secrets, ... }:
{
sops.secrets."ssh/nix-builders/isvegg/key" = { sopsFile = ./../../../secrets/common.yaml; };
nix.buildMachines = [{
# Login details configured in ssh module in nix-secrets
hostName = "nix-builder-isvegg";
system = "x86_64-linux";
speedFactor = 1;
maxJobs = 8;
supportedFeatures = [ ];
mandatoryFeatures = [ ];
sshUser = secrets.ssh.users.pvv.normalUser;
sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path;
}];
programs.ssh.extraConfig = ''
Host nix-builder-isvegg
HostName isvegg.pvv.ntnu.no
User oysteikt
IdentityFile ${config.sops.secrets."ssh/nix-builders/isvegg/key".path}
'';
}

View File

@ -0,0 +1,30 @@
{ config, secrets, ... }:
{
# TODO: install public key on tsuki declaratively
sops.secrets = {
"ssh/nix-builders/tsuki/key" = { sopsFile = ./../../../secrets/common.yaml; };
"ssh/nix-builders/tsuki/pub" = { sopsFile = ./../../../secrets/common.yaml; };
};
nix.buildMachines = [{
# Login details configured in ssh module in nix-secrets
hostName = "nix-builder-tsukir";
system = "x86_64-linux";
speedFactor = 2;
maxJobs = 8;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-paralell"
];
mandatoryFeatures = [ ];
sshUser = "nix-ssh";
sshKey = config.sops.secrets."ssh/nix-builders/tsuki/key".path;
}];
programs.ssh.extraConfig = ''
Host nix-builder-tsukir
HostName gingakei.loginto.me
Port ${toString secrets.ports.ssh.home-in}
'';
}