From 28ceff5e72d9ef63302bff28a9a255cb37ab259d Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Wed, 31 Jul 2024 21:35:42 +0200 Subject: [PATCH] remote builds: letsgooo --- hosts/brumlebasse/default.nix | 2 +- hosts/known-hosts.toml | 4 ++-- hosts/nord/default.nix | 2 +- hosts/sopp/default.nix | 2 +- profiles/remote-builders.nix | 12 ++++++------ 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/hosts/brumlebasse/default.nix b/hosts/brumlebasse/default.nix index d915967..6502cae 100644 --- a/hosts/brumlebasse/default.nix +++ b/hosts/brumlebasse/default.nix @@ -19,7 +19,7 @@ ../../profiles/shell.nix #../../profiles/domeneshop-dyndns - /* ../../profiles/remote-builders.nix */ + ../../profiles/remote-builders.nix ]; #services.domeneshop-updater.targets = [ config.networking.fqdn ]; diff --git a/hosts/known-hosts.toml b/hosts/known-hosts.toml index 5ba55ee..d2d03a7 100644 --- a/hosts/known-hosts.toml +++ b/hosts/known-hosts.toml @@ -89,13 +89,13 @@ ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIb ["eirin.pvv.ntnu.no"] maxJobs = 2 # 8 threads 16GB -speedFactor = 2 +speedFactor = 1 ssh.listenUser = "pederbs" ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=" ["demiurgen.pvv.ntnu.no"] maxJobs = 2 # 8 threads 16GB -speedFactor = 2 +speedFactor = 1 ssh.listenUser = "pederbs" ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=" diff --git a/hosts/nord/default.nix b/hosts/nord/default.nix index eed1ada..957bacf 100644 --- a/hosts/nord/default.nix +++ b/hosts/nord/default.nix @@ -37,7 +37,7 @@ ../../profiles/desktop/steam.nix ../../profiles/desktop/flatpak.nix - /* ../../profiles/remote-builders.nix */ + ../../profiles/remote-builders.nix #../../profiles/autossh-reverse-tunnels #../../profiles/domeneshop-dyndns # handled by noximilien ]; diff --git a/hosts/sopp/default.nix b/hosts/sopp/default.nix index 941adcf..f047ad8 100644 --- a/hosts/sopp/default.nix +++ b/hosts/sopp/default.nix @@ -48,7 +48,7 @@ ../../profiles/desktop/lutris.nix ../../profiles/desktop/flatpak.nix - /* ../../profiles/remote-builders.nix */ + ../../profiles/remote-builders.nix #../../profiles/autossh-reverse-tunnels #../../profiles/domeneshop-dyndns # handled by noximilien ]; diff --git a/profiles/remote-builders.nix b/profiles/remote-builders.nix index e91d096..a91b64d 100644 --- a/profiles/remote-builders.nix +++ b/profiles/remote-builders.nix @@ -5,7 +5,7 @@ # TODO: https://github.com/winterqt/darwin-build-box let - inherit (builtins) map fromTOML readFile elem attrNames; + inherit (builtins) map fromTOML readFile elem attrNames attrValues; inherit (lib) mkIf; hosts' = fromTOML (readFile ../hosts/known-hosts.toml); # TODO: eww @@ -18,7 +18,7 @@ let hostNames = attrNames hosts; thisHost = hosts.${config.networking.fqdn}; thisHostIsBuilder = thisHost.maxJobs > 0; - thisHostIsHopHost = builtins.elem config.networking.fqdn (lib.forEach hosts (host: host.ssh.proxyJump or null)); + thisHostIsHopHost = builtins.elem config.networking.fqdn (lib.forEach (attrValues hosts) (host: host.ssh.proxyJump or null)); thisHostIsConsumer = thisHost.ssh ? userPublicKey; mkRemoteConfig = fqdn: let @@ -55,15 +55,15 @@ let }) # in (mkIf ((thisHostIsBuilder || thisHostIsHopHost) && isConsumer) { - - nix.settings.allowed-users = [ thisHost.ssh.listenUser ]; - nix.settings.trusted-users = [ thisHost.ssh.listenUser ]; users.users.${thisHost.ssh.listenUser} = { isSystemUser = lib.mkDefault (!config.users.users.${thisHost.ssh.listenUser}.isNormalUser); openssh.authorizedKeys.keys = [ host.ssh.userPublicKey ]; group = lib.mkOptionDefault "nogroup"; }; - + }) + (mkIf (thisHostIsBuilder && isConsumer) { + nix.settings.allowed-users = [ thisHost.ssh.listenUser ]; + nix.settings.trusted-users = [ thisHost.ssh.listenUser ]; }) ]);