pederbs/config
pederbs
/
config
2
1
Fork 0
Code Issues Pull Requests Releases Activity

remote builds: letsgooo

This commit is contained in:
Peder Bergebakken Sundt 2024-07-31 21:35:42 +02:00
parent 592fec9763
commit 28ceff5e72
5 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/brumlebasse/default.nix
View File

@ -19,7 +19,7 @@
../../profiles/shell.nix ../../profiles/shell.nix
#../../profiles/domeneshop-dyndns #../../profiles/domeneshop-dyndns
/* ../../profiles/remote-builders.nix */ ../../profiles/remote-builders.nix
]; ];
#services.domeneshop-updater.targets = [ config.networking.fqdn ]; #services.domeneshop-updater.targets = [ config.networking.fqdn ];

4
hosts/known-hosts.toml
View File

@ -89,13 +89,13 @@ ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIb
["eirin.pvv.ntnu.no"] ["eirin.pvv.ntnu.no"]
maxJobs = 2 # 8 threads 16GB maxJobs = 2 # 8 threads 16GB
speedFactor = 2 speedFactor = 1
ssh.listenUser = "pederbs" ssh.listenUser = "pederbs"
ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=" ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk="
["demiurgen.pvv.ntnu.no"] ["demiurgen.pvv.ntnu.no"]
maxJobs = 2 # 8 threads 16GB maxJobs = 2 # 8 threads 16GB
speedFactor = 2 speedFactor = 1
ssh.listenUser = "pederbs" ssh.listenUser = "pederbs"
ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=" ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM="

2
hosts/nord/default.nix
View File

@ -37,7 +37,7 @@
../../profiles/desktop/steam.nix ../../profiles/desktop/steam.nix
../../profiles/desktop/flatpak.nix ../../profiles/desktop/flatpak.nix
/* ../../profiles/remote-builders.nix */ ../../profiles/remote-builders.nix
#../../profiles/autossh-reverse-tunnels #../../profiles/autossh-reverse-tunnels
#../../profiles/domeneshop-dyndns # handled by noximilien #../../profiles/domeneshop-dyndns # handled by noximilien
]; ];

2
hosts/sopp/default.nix
View File

@ -48,7 +48,7 @@
../../profiles/desktop/lutris.nix ../../profiles/desktop/lutris.nix
../../profiles/desktop/flatpak.nix ../../profiles/desktop/flatpak.nix
/* ../../profiles/remote-builders.nix */ ../../profiles/remote-builders.nix
#../../profiles/autossh-reverse-tunnels #../../profiles/autossh-reverse-tunnels
#../../profiles/domeneshop-dyndns # handled by noximilien #../../profiles/domeneshop-dyndns # handled by noximilien
]; ];

12
profiles/remote-builders.nix
View File

@ -5,7 +5,7 @@
# TODO: https://github.com/winterqt/darwin-build-box # TODO: https://github.com/winterqt/darwin-build-box
let let
inherit (builtins) map fromTOML readFile elem attrNames; inherit (builtins) map fromTOML readFile elem attrNames attrValues;
inherit (lib) mkIf; inherit (lib) mkIf;
hosts' = fromTOML (readFile ../hosts/known-hosts.toml); # TODO: eww hosts' = fromTOML (readFile ../hosts/known-hosts.toml); # TODO: eww
@ -18,7 +18,7 @@ let
hostNames = attrNames hosts; hostNames = attrNames hosts;
thisHost = hosts.${config.networking.fqdn}; thisHost = hosts.${config.networking.fqdn};
thisHostIsBuilder = thisHost.maxJobs > 0; thisHostIsBuilder = thisHost.maxJobs > 0;
thisHostIsHopHost = builtins.elem config.networking.fqdn (lib.forEach hosts (host: host.ssh.proxyJump or null)); thisHostIsHopHost = builtins.elem config.networking.fqdn (lib.forEach (attrValues hosts) (host: host.ssh.proxyJump or null));
thisHostIsConsumer = thisHost.ssh ? userPublicKey; thisHostIsConsumer = thisHost.ssh ? userPublicKey;
mkRemoteConfig = fqdn: let mkRemoteConfig = fqdn: let
@ -55,15 +55,15 @@ let
}) })
# in # in
(mkIf ((thisHostIsBuilder || thisHostIsHopHost) && isConsumer) { (mkIf ((thisHostIsBuilder || thisHostIsHopHost) && isConsumer) {
nix.settings.allowed-users = [ thisHost.ssh.listenUser ];
nix.settings.trusted-users = [ thisHost.ssh.listenUser ];
users.users.${thisHost.ssh.listenUser} = { users.users.${thisHost.ssh.listenUser} = {
isSystemUser = lib.mkDefault (!config.users.users.${thisHost.ssh.listenUser}.isNormalUser); isSystemUser = lib.mkDefault (!config.users.users.${thisHost.ssh.listenUser}.isNormalUser);
openssh.authorizedKeys.keys = [ host.ssh.userPublicKey ]; openssh.authorizedKeys.keys = [ host.ssh.userPublicKey ];
group = lib.mkOptionDefault "nogroup"; group = lib.mkOptionDefault "nogroup";
}; };
})
(mkIf (thisHostIsBuilder && isConsumer) {
nix.settings.allowed-users = [ thisHost.ssh.listenUser ];
nix.settings.trusted-users = [ thisHost.ssh.listenUser ];
}) })
]); ]);