remote builds: letsgooo
This commit is contained in:
parent
592fec9763
commit
28ceff5e72
@ -19,7 +19,7 @@
|
||||
../../profiles/shell.nix
|
||||
|
||||
#../../profiles/domeneshop-dyndns
|
||||
/* ../../profiles/remote-builders.nix */
|
||||
../../profiles/remote-builders.nix
|
||||
];
|
||||
#services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
||||
|
||||
|
@ -89,13 +89,13 @@ ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIb
|
||||
|
||||
["eirin.pvv.ntnu.no"]
|
||||
maxJobs = 2 # 8 threads 16GB
|
||||
speedFactor = 2
|
||||
speedFactor = 1
|
||||
ssh.listenUser = "pederbs"
|
||||
ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk="
|
||||
|
||||
["demiurgen.pvv.ntnu.no"]
|
||||
maxJobs = 2 # 8 threads 16GB
|
||||
speedFactor = 2
|
||||
speedFactor = 1
|
||||
ssh.listenUser = "pederbs"
|
||||
ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM="
|
||||
|
||||
|
@ -37,7 +37,7 @@
|
||||
../../profiles/desktop/steam.nix
|
||||
../../profiles/desktop/flatpak.nix
|
||||
|
||||
/* ../../profiles/remote-builders.nix */
|
||||
../../profiles/remote-builders.nix
|
||||
#../../profiles/autossh-reverse-tunnels
|
||||
#../../profiles/domeneshop-dyndns # handled by noximilien
|
||||
];
|
||||
|
@ -48,7 +48,7 @@
|
||||
../../profiles/desktop/lutris.nix
|
||||
../../profiles/desktop/flatpak.nix
|
||||
|
||||
/* ../../profiles/remote-builders.nix */
|
||||
../../profiles/remote-builders.nix
|
||||
#../../profiles/autossh-reverse-tunnels
|
||||
#../../profiles/domeneshop-dyndns # handled by noximilien
|
||||
];
|
||||
|
@ -5,7 +5,7 @@
|
||||
# TODO: https://github.com/winterqt/darwin-build-box
|
||||
|
||||
let
|
||||
inherit (builtins) map fromTOML readFile elem attrNames;
|
||||
inherit (builtins) map fromTOML readFile elem attrNames attrValues;
|
||||
inherit (lib) mkIf;
|
||||
|
||||
hosts' = fromTOML (readFile ../hosts/known-hosts.toml); # TODO: eww
|
||||
@ -18,7 +18,7 @@ let
|
||||
hostNames = attrNames hosts;
|
||||
thisHost = hosts.${config.networking.fqdn};
|
||||
thisHostIsBuilder = thisHost.maxJobs > 0;
|
||||
thisHostIsHopHost = builtins.elem config.networking.fqdn (lib.forEach hosts (host: host.ssh.proxyJump or null));
|
||||
thisHostIsHopHost = builtins.elem config.networking.fqdn (lib.forEach (attrValues hosts) (host: host.ssh.proxyJump or null));
|
||||
thisHostIsConsumer = thisHost.ssh ? userPublicKey;
|
||||
|
||||
mkRemoteConfig = fqdn: let
|
||||
@ -55,15 +55,15 @@ let
|
||||
})
|
||||
# in
|
||||
(mkIf ((thisHostIsBuilder || thisHostIsHopHost) && isConsumer) {
|
||||
|
||||
nix.settings.allowed-users = [ thisHost.ssh.listenUser ];
|
||||
nix.settings.trusted-users = [ thisHost.ssh.listenUser ];
|
||||
users.users.${thisHost.ssh.listenUser} = {
|
||||
isSystemUser = lib.mkDefault (!config.users.users.${thisHost.ssh.listenUser}.isNormalUser);
|
||||
openssh.authorizedKeys.keys = [ host.ssh.userPublicKey ];
|
||||
group = lib.mkOptionDefault "nogroup";
|
||||
};
|
||||
|
||||
})
|
||||
(mkIf (thisHostIsBuilder && isConsumer) {
|
||||
nix.settings.allowed-users = [ thisHost.ssh.listenUser ];
|
||||
nix.settings.trusted-users = [ thisHost.ssh.listenUser ];
|
||||
})
|
||||
]);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user