From c602b45922f93d46d2e17df8fabe33bd4a1ded28 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Fri, 11 Oct 2024 14:24:31 +0200 Subject: [PATCH] remote-builders -> known-hosts, add aliases --- flake.nix | 2 +- hosts/bjarte/configuration.nix | 2 +- hosts/bolle/configuration.nix | 2 +- hosts/brumlebasse/configuration.nix | 2 +- hosts/eple/configuration.nix | 2 +- hosts/garp/configuration.nix | 2 +- hosts/hasselknippe/configuration.nix | 2 +- hosts/known-hosts.toml | 10 ++++ hosts/nord/configuration.nix | 2 +- hosts/noximilien/configuration.nix | 2 +- hosts/sopp/configuration.nix | 2 +- .../{remote-builders.nix => known-hosts.nix} | 55 ++++++++++++------- 12 files changed, 55 insertions(+), 30 deletions(-) rename profiles/{remote-builders.nix => known-hosts.nix} (67%) diff --git a/flake.nix b/flake.nix index 1508ab2..692572a 100644 --- a/flake.nix +++ b/flake.nix @@ -272,7 +272,7 @@ p1005 = ./hardware/printer/hp-laserjet-p1005.nix; au = ./profiles/auto-upgrade.nix; ts = ./profiles/tailscale.nix; - #rb = ./profiles/remote-builders.nix; # TODO + #rb = ./profiles/known-hosts.nix; # TODO nixld = ./profiles/nix-ld.nix; dns64 = { config, ... }: { networking.nameservers = [ "2001:700:1:11::2:51" ]; # dns64.uninett.no diff --git a/hosts/bjarte/configuration.nix b/hosts/bjarte/configuration.nix index 9c8a4c5..65d6be6 100644 --- a/hosts/bjarte/configuration.nix +++ b/hosts/bjarte/configuration.nix @@ -35,7 +35,7 @@ ../../profiles/desktop/flatpak.nix ../../profiles/desktop/waydroid.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix #../../profiles/autossh-reverse-tunnels ]; diff --git a/hosts/bolle/configuration.nix b/hosts/bolle/configuration.nix index 04a01c3..f53113a 100644 --- a/hosts/bolle/configuration.nix +++ b/hosts/bolle/configuration.nix @@ -22,7 +22,7 @@ ../../profiles/shell.nix ../../profiles/domeneshop-dyndns.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix #../../profiles/autossh-reverse-tunnels ]; services.domeneshop-updater.targets = [ config.networking.fqdn ]; diff --git a/hosts/brumlebasse/configuration.nix b/hosts/brumlebasse/configuration.nix index 9e2df5c..faff1b7 100644 --- a/hosts/brumlebasse/configuration.nix +++ b/hosts/brumlebasse/configuration.nix @@ -19,7 +19,7 @@ ../../profiles/shell.nix #../../profiles/domeneshop-dyndns.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix ]; #services.domeneshop-updater.targets = [ config.networking.fqdn ]; diff --git a/hosts/eple/configuration.nix b/hosts/eple/configuration.nix index 5801328..4cd1f18 100644 --- a/hosts/eple/configuration.nix +++ b/hosts/eple/configuration.nix @@ -19,7 +19,7 @@ ../../profiles/shell.nix ../../profiles/domeneshop-dyndns.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix #../../profiles/autossh-reverse-tunnels ]; services.domeneshop-updater.targets = [ config.networking.fqdn ]; diff --git a/hosts/garp/configuration.nix b/hosts/garp/configuration.nix index dbd147e..b878f44 100644 --- a/hosts/garp/configuration.nix +++ b/hosts/garp/configuration.nix @@ -46,7 +46,7 @@ #../../profiles/desktop/sound/pipewire.nix ../../profiles/domeneshop-dyndns.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix ]; services.domeneshop-updater.targets = [ config.networking.fqdn ]; diff --git a/hosts/hasselknippe/configuration.nix b/hosts/hasselknippe/configuration.nix index e8d2a4b..78ab956 100644 --- a/hosts/hasselknippe/configuration.nix +++ b/hosts/hasselknippe/configuration.nix @@ -33,7 +33,7 @@ #../../profiles/desktop/lutris.nix #../../profiles/desktop/flatpak.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix ]; networking.firewall.allowedTCPPorts = [ 57621 ]; # spotify local discovery diff --git a/hosts/known-hosts.toml b/hosts/known-hosts.toml index 29552a4..4026e2c 100644 --- a/hosts/known-hosts.toml +++ b/hosts/known-hosts.toml @@ -1,6 +1,7 @@ # primarily used for remote builders, but also configures known public keys #["host.name"] +# aliases = ["other.host.name"] # https://search.nixos.org/options?query=nix.buildMachine # buildMachine.systems # buildMachine.maxJobs @@ -14,6 +15,8 @@ # ssh.userPublicKey # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub # ssh.proxyJump # optional hostname # ssh.userPrivateKey # optional IdentityFile to use +# ssh.connectTimeout + # buildMachine.supportedFeatures: # - "kvm" - has hypervisor @@ -22,6 +25,7 @@ # - "big-parallel" - is beefy, for stuff like llvm [__default__] +aliases = [] buildMachine.systems = ["x86_64-linux", "i686-linux"] buildMachine.maxJobs = 0 # not a builder buildMachine.speedFactor = 1 @@ -31,6 +35,7 @@ buildMachine.protocol = "ssh" # "ssh-ng" ssh.listenUser = "pbsds" # TODO: change # ssh.listenUser = "nixbld-remote" ssh.listenPort = 22 +ssh.connectTimeout = 3 # in general: # headless: one job per 4 threads and 8GB RAM @@ -45,6 +50,7 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeOB/57N1fQPVorIUlkk ssh.proxyJump = "isvegg.pvv.ntnu.no" ["eple.pbsds.net"] # r9 290x +aliases = [ "eple.tail9aac63.ts.net" ] buildMachine.maxJobs = 3 # 12 threads 32GB buildMachine.speedFactor = 3 # i7-5820K buildMachine.supportedFeatures = ["kvm", "big-parallel", "nixos-test"] @@ -60,12 +66,14 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7P ssh.proxyJump = "isvegg.pvv.ntnu.no" ["noximilien.pbsds.net"] +aliases = [ "noximilien.tail9aac63.ts.net" ] # buildMachine.maxJobs = 1 # 8 threads 8GB buildMachine.speedFactor = 1 # i7-3770S ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4" ssh.userPublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien" ["sopp.pbsds.net"] # gtx 1080 +aliases = [ "sopp.tail9aac63.ts.net" ] # buildMachine.maxJobs = 2 # 8 threads 32GB buildMachine.speedFactor = 2 # i7-4790K buildMachine.supportedFeatures = ["kvm", "nixos-test", "cuda"] @@ -74,6 +82,7 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GC ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp" ["nord.pbsds.net"] # rx 580 +aliases = [ "nord.tail9aac63.ts.net" ] # buildMachine.maxJobs = 1 # 4 threads 32GB buildMachine.speedFactor = 1 # i5-2500 buildMachine.supportedFeatures = ["kvm", "nixos-test"] @@ -88,6 +97,7 @@ ssh.listenUser = "pbsds" ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we" ["bjarte.pbsds.net"] +aliases = [ "bjarte.tail9aac63.ts.net" ] ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4v1+FbiEa6Mohpf3/Una5ahKeKSG9yZ9iU5TC7ddL5 root@bjarte" ["brumlebasse.pbsds.net"] diff --git a/hosts/nord/configuration.nix b/hosts/nord/configuration.nix index ade72fc..9b09e3d 100644 --- a/hosts/nord/configuration.nix +++ b/hosts/nord/configuration.nix @@ -40,7 +40,7 @@ ../../profiles/desktop/steam.nix ../../profiles/desktop/flatpak.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix #../../profiles/autossh-reverse-tunnels #../../profiles/domeneshop-dyndns.nix # handled by noximilien ]; diff --git a/hosts/noximilien/configuration.nix b/hosts/noximilien/configuration.nix index 8c343c0..7abac23 100644 --- a/hosts/noximilien/configuration.nix +++ b/hosts/noximilien/configuration.nix @@ -90,7 +90,7 @@ #../../profiles/code-remote # TODO: move into web? services? ../../profiles/domeneshop-dyndns.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix ../../profiles/autossh-reverse-tunnels #../../profiles/xrdp ]; diff --git a/hosts/sopp/configuration.nix b/hosts/sopp/configuration.nix index 84900d2..4d20902 100644 --- a/hosts/sopp/configuration.nix +++ b/hosts/sopp/configuration.nix @@ -49,7 +49,7 @@ ../../profiles/desktop/lutris.nix ../../profiles/desktop/flatpak.nix - ../../profiles/remote-builders.nix + ../../profiles/known-hosts.nix #../../profiles/autossh-reverse-tunnels #../../profiles/domeneshop-dyndns.nix # handled by noximilien ]; diff --git a/profiles/remote-builders.nix b/profiles/known-hosts.nix similarity index 67% rename from profiles/remote-builders.nix rename to profiles/known-hosts.nix index 6fc7a43..9550aec 100644 --- a/profiles/remote-builders.nix +++ b/profiles/known-hosts.nix @@ -1,20 +1,37 @@ { config, lib, ... }: # TODO: make a remote-build user on nixos boxes, instead of giving access to pbsds -# TODO: https://exozy.me/quickstart -# TODO: https://github.com/winterqt/darwin-build-box +# TODO: https://exozy.me/about let inherit (builtins) map fromTOML readFile elem attrNames attrValues; inherit (lib) mkIf; - known-hosts' = lib.importTOML ../hosts/known-hosts.toml; # TODO: eww - known-hosts = lib.pipe known-hosts' [ - (lib.flip lib.removeAttrs ["__default__"]) - (lib.mapAttrs (name: host: - lib.recursiveUpdate (known-hosts'."__default__" or {}) host - )) - ]; + known-hosts = let + known-hosts' = lib.importTOML ../hosts/known-hosts.toml; # TODO: eww + in + lib.pipe known-hosts' [ + (lib.flip lib.removeAttrs ["__default__"]) + (lib.mapAttrs (fqdn: host: + lib.recursiveUpdate ( + (known-hosts'."__default__" or {}) + // { isAlias = false; } + ) host + )) + (lib.mapAttrsToList (fqdn: host: let + allHostnames = [ fqdn ] ++ host.aliases; + in lib.forEach allHostnames (alias: + lib.nameValuePair + alias + (host // { + aliases = lib.remove alias allHostnames; + isAlias = fqdn != alias; + }) + ) + )) + lib.flatten + lib.listToAttrs + ]; hostNames = attrNames known-hosts; thisHost = known-hosts.${config.networking.fqdn}; thisHostIsBuilder = thisHost.buildMachine.maxJobs > 0; @@ -30,12 +47,18 @@ let }; thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0; thatHostIsConsumer = thatHost.ssh ? userPublicKey && thisHostIsBuilder; - thatHostIsThis = fqdn == config.networking.fqdn; + thatHostIsThis = builtins.elem config.networking.fqdn ([ fqdn ] ++ thatHost.aliases); in mkIf (!thatHostIsThis) ( lib.mkMerge [ # out (lib.mkIf (thisHostIsConsumer && thatHostIsBuilder) { - nix.buildMachines = [ buildMachine ]; + # TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0 + # https://github.com/NixOS/nix/issues/2457 + + nix.distributedBuilds = true; + # useful when the builder has a faster internet connection than i do + nix.settings.builders-use-substitutes = true; + nix.buildMachines = lib.mkIf (!thatHost.isAlias) [ buildMachine ]; }) # out or jump @@ -46,7 +69,7 @@ let # timeouts are great when remote is unresponsive. nix doesn't care, lix is way and tests each remote only once programs.ssh.extraConfig = '' Host ${fqdn} - ConnectTimeout 3 + ConnectTimeout ${builtins.toString thatHost.ssh.connectTimeout} Port ${builtins.toString thatHost.ssh.listenPort} ${lib.optionalString (thatHost.ssh ? proxyJump) '' ProxyJump ${thatJump.ssh.listenUser}@${thatHost.ssh.proxyJump}:${builtins.toString thatJump.ssh.listenPort} @@ -77,14 +100,6 @@ let in { - nix.distributedBuilds = true; - - # TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0 - # https://github.com/NixOS/nix/issues/2457 - - # useful when the builder has a faster internet connection than i do - nix.settings.builders-use-substitutes = true; - imports = lib.forEach hostNames mkRemoteConfig; }