remote-builders -> known-hosts, add aliases
This commit is contained in:
parent
b9615589b4
commit
c602b45922
|
@ -272,7 +272,7 @@
|
||||||
p1005 = ./hardware/printer/hp-laserjet-p1005.nix;
|
p1005 = ./hardware/printer/hp-laserjet-p1005.nix;
|
||||||
au = ./profiles/auto-upgrade.nix;
|
au = ./profiles/auto-upgrade.nix;
|
||||||
ts = ./profiles/tailscale.nix;
|
ts = ./profiles/tailscale.nix;
|
||||||
#rb = ./profiles/remote-builders.nix; # TODO
|
#rb = ./profiles/known-hosts.nix; # TODO
|
||||||
nixld = ./profiles/nix-ld.nix;
|
nixld = ./profiles/nix-ld.nix;
|
||||||
dns64 = { config, ... }: {
|
dns64 = { config, ... }: {
|
||||||
networking.nameservers = [ "2001:700:1:11::2:51" ]; # dns64.uninett.no
|
networking.nameservers = [ "2001:700:1:11::2:51" ]; # dns64.uninett.no
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
../../profiles/desktop/flatpak.nix
|
../../profiles/desktop/flatpak.nix
|
||||||
../../profiles/desktop/waydroid.nix
|
../../profiles/desktop/waydroid.nix
|
||||||
|
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
#../../profiles/autossh-reverse-tunnels
|
#../../profiles/autossh-reverse-tunnels
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
../../profiles/shell.nix
|
../../profiles/shell.nix
|
||||||
|
|
||||||
../../profiles/domeneshop-dyndns.nix
|
../../profiles/domeneshop-dyndns.nix
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
#../../profiles/autossh-reverse-tunnels
|
#../../profiles/autossh-reverse-tunnels
|
||||||
];
|
];
|
||||||
services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
../../profiles/shell.nix
|
../../profiles/shell.nix
|
||||||
|
|
||||||
#../../profiles/domeneshop-dyndns.nix
|
#../../profiles/domeneshop-dyndns.nix
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
];
|
];
|
||||||
#services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
#services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
../../profiles/shell.nix
|
../../profiles/shell.nix
|
||||||
|
|
||||||
../../profiles/domeneshop-dyndns.nix
|
../../profiles/domeneshop-dyndns.nix
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
#../../profiles/autossh-reverse-tunnels
|
#../../profiles/autossh-reverse-tunnels
|
||||||
];
|
];
|
||||||
services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
||||||
|
|
|
@ -46,7 +46,7 @@
|
||||||
#../../profiles/desktop/sound/pipewire.nix
|
#../../profiles/desktop/sound/pipewire.nix
|
||||||
|
|
||||||
../../profiles/domeneshop-dyndns.nix
|
../../profiles/domeneshop-dyndns.nix
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
];
|
];
|
||||||
services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
services.domeneshop-updater.targets = [ config.networking.fqdn ];
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
#../../profiles/desktop/lutris.nix
|
#../../profiles/desktop/lutris.nix
|
||||||
#../../profiles/desktop/flatpak.nix
|
#../../profiles/desktop/flatpak.nix
|
||||||
|
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 57621 ]; # spotify local discovery
|
networking.firewall.allowedTCPPorts = [ 57621 ]; # spotify local discovery
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# primarily used for remote builders, but also configures known public keys
|
# primarily used for remote builders, but also configures known public keys
|
||||||
|
|
||||||
#["host.name"]
|
#["host.name"]
|
||||||
|
# aliases = ["other.host.name"]
|
||||||
# https://search.nixos.org/options?query=nix.buildMachine
|
# https://search.nixos.org/options?query=nix.buildMachine
|
||||||
# buildMachine.systems
|
# buildMachine.systems
|
||||||
# buildMachine.maxJobs
|
# buildMachine.maxJobs
|
||||||
|
@ -14,6 +15,8 @@
|
||||||
# ssh.userPublicKey # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub
|
# ssh.userPublicKey # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub
|
||||||
# ssh.proxyJump # optional hostname
|
# ssh.proxyJump # optional hostname
|
||||||
# ssh.userPrivateKey # optional IdentityFile to use
|
# ssh.userPrivateKey # optional IdentityFile to use
|
||||||
|
# ssh.connectTimeout
|
||||||
|
|
||||||
|
|
||||||
# buildMachine.supportedFeatures:
|
# buildMachine.supportedFeatures:
|
||||||
# - "kvm" - has hypervisor
|
# - "kvm" - has hypervisor
|
||||||
|
@ -22,6 +25,7 @@
|
||||||
# - "big-parallel" - is beefy, for stuff like llvm
|
# - "big-parallel" - is beefy, for stuff like llvm
|
||||||
|
|
||||||
[__default__]
|
[__default__]
|
||||||
|
aliases = []
|
||||||
buildMachine.systems = ["x86_64-linux", "i686-linux"]
|
buildMachine.systems = ["x86_64-linux", "i686-linux"]
|
||||||
buildMachine.maxJobs = 0 # not a builder
|
buildMachine.maxJobs = 0 # not a builder
|
||||||
buildMachine.speedFactor = 1
|
buildMachine.speedFactor = 1
|
||||||
|
@ -31,6 +35,7 @@ buildMachine.protocol = "ssh" # "ssh-ng"
|
||||||
ssh.listenUser = "pbsds" # TODO: change
|
ssh.listenUser = "pbsds" # TODO: change
|
||||||
# ssh.listenUser = "nixbld-remote"
|
# ssh.listenUser = "nixbld-remote"
|
||||||
ssh.listenPort = 22
|
ssh.listenPort = 22
|
||||||
|
ssh.connectTimeout = 3
|
||||||
|
|
||||||
# in general:
|
# in general:
|
||||||
# headless: one job per 4 threads and 8GB RAM
|
# headless: one job per 4 threads and 8GB RAM
|
||||||
|
@ -45,6 +50,7 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeOB/57N1fQPVorIUlkk
|
||||||
ssh.proxyJump = "isvegg.pvv.ntnu.no"
|
ssh.proxyJump = "isvegg.pvv.ntnu.no"
|
||||||
|
|
||||||
["eple.pbsds.net"] # r9 290x
|
["eple.pbsds.net"] # r9 290x
|
||||||
|
aliases = [ "eple.tail9aac63.ts.net" ]
|
||||||
buildMachine.maxJobs = 3 # 12 threads 32GB
|
buildMachine.maxJobs = 3 # 12 threads 32GB
|
||||||
buildMachine.speedFactor = 3 # i7-5820K
|
buildMachine.speedFactor = 3 # i7-5820K
|
||||||
buildMachine.supportedFeatures = ["kvm", "big-parallel", "nixos-test"]
|
buildMachine.supportedFeatures = ["kvm", "big-parallel", "nixos-test"]
|
||||||
|
@ -60,12 +66,14 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7P
|
||||||
ssh.proxyJump = "isvegg.pvv.ntnu.no"
|
ssh.proxyJump = "isvegg.pvv.ntnu.no"
|
||||||
|
|
||||||
["noximilien.pbsds.net"]
|
["noximilien.pbsds.net"]
|
||||||
|
aliases = [ "noximilien.tail9aac63.ts.net" ]
|
||||||
# buildMachine.maxJobs = 1 # 8 threads 8GB
|
# buildMachine.maxJobs = 1 # 8 threads 8GB
|
||||||
buildMachine.speedFactor = 1 # i7-3770S
|
buildMachine.speedFactor = 1 # i7-3770S
|
||||||
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4"
|
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4"
|
||||||
ssh.userPublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien"
|
ssh.userPublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien"
|
||||||
|
|
||||||
["sopp.pbsds.net"] # gtx 1080
|
["sopp.pbsds.net"] # gtx 1080
|
||||||
|
aliases = [ "sopp.tail9aac63.ts.net" ]
|
||||||
# buildMachine.maxJobs = 2 # 8 threads 32GB
|
# buildMachine.maxJobs = 2 # 8 threads 32GB
|
||||||
buildMachine.speedFactor = 2 # i7-4790K
|
buildMachine.speedFactor = 2 # i7-4790K
|
||||||
buildMachine.supportedFeatures = ["kvm", "nixos-test", "cuda"]
|
buildMachine.supportedFeatures = ["kvm", "nixos-test", "cuda"]
|
||||||
|
@ -74,6 +82,7 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GC
|
||||||
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp"
|
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp"
|
||||||
|
|
||||||
["nord.pbsds.net"] # rx 580
|
["nord.pbsds.net"] # rx 580
|
||||||
|
aliases = [ "nord.tail9aac63.ts.net" ]
|
||||||
# buildMachine.maxJobs = 1 # 4 threads 32GB
|
# buildMachine.maxJobs = 1 # 4 threads 32GB
|
||||||
buildMachine.speedFactor = 1 # i5-2500
|
buildMachine.speedFactor = 1 # i5-2500
|
||||||
buildMachine.supportedFeatures = ["kvm", "nixos-test"]
|
buildMachine.supportedFeatures = ["kvm", "nixos-test"]
|
||||||
|
@ -88,6 +97,7 @@ ssh.listenUser = "pbsds"
|
||||||
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we"
|
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we"
|
||||||
|
|
||||||
["bjarte.pbsds.net"]
|
["bjarte.pbsds.net"]
|
||||||
|
aliases = [ "bjarte.tail9aac63.ts.net" ]
|
||||||
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4v1+FbiEa6Mohpf3/Una5ahKeKSG9yZ9iU5TC7ddL5 root@bjarte"
|
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4v1+FbiEa6Mohpf3/Una5ahKeKSG9yZ9iU5TC7ddL5 root@bjarte"
|
||||||
|
|
||||||
["brumlebasse.pbsds.net"]
|
["brumlebasse.pbsds.net"]
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
../../profiles/desktop/steam.nix
|
../../profiles/desktop/steam.nix
|
||||||
../../profiles/desktop/flatpak.nix
|
../../profiles/desktop/flatpak.nix
|
||||||
|
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
#../../profiles/autossh-reverse-tunnels
|
#../../profiles/autossh-reverse-tunnels
|
||||||
#../../profiles/domeneshop-dyndns.nix # handled by noximilien
|
#../../profiles/domeneshop-dyndns.nix # handled by noximilien
|
||||||
];
|
];
|
||||||
|
|
|
@ -90,7 +90,7 @@
|
||||||
|
|
||||||
#../../profiles/code-remote # TODO: move into web? services?
|
#../../profiles/code-remote # TODO: move into web? services?
|
||||||
../../profiles/domeneshop-dyndns.nix
|
../../profiles/domeneshop-dyndns.nix
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
../../profiles/autossh-reverse-tunnels
|
../../profiles/autossh-reverse-tunnels
|
||||||
#../../profiles/xrdp
|
#../../profiles/xrdp
|
||||||
];
|
];
|
||||||
|
|
|
@ -49,7 +49,7 @@
|
||||||
../../profiles/desktop/lutris.nix
|
../../profiles/desktop/lutris.nix
|
||||||
../../profiles/desktop/flatpak.nix
|
../../profiles/desktop/flatpak.nix
|
||||||
|
|
||||||
../../profiles/remote-builders.nix
|
../../profiles/known-hosts.nix
|
||||||
#../../profiles/autossh-reverse-tunnels
|
#../../profiles/autossh-reverse-tunnels
|
||||||
#../../profiles/domeneshop-dyndns.nix # handled by noximilien
|
#../../profiles/domeneshop-dyndns.nix # handled by noximilien
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,19 +1,36 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
# TODO: make a remote-build user on nixos boxes, instead of giving access to pbsds
|
# TODO: make a remote-build user on nixos boxes, instead of giving access to pbsds
|
||||||
# TODO: https://exozy.me/quickstart
|
# TODO: https://exozy.me/about
|
||||||
# TODO: https://github.com/winterqt/darwin-build-box
|
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (builtins) map fromTOML readFile elem attrNames attrValues;
|
inherit (builtins) map fromTOML readFile elem attrNames attrValues;
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkIf;
|
||||||
|
|
||||||
|
known-hosts = let
|
||||||
known-hosts' = lib.importTOML ../hosts/known-hosts.toml; # TODO: eww
|
known-hosts' = lib.importTOML ../hosts/known-hosts.toml; # TODO: eww
|
||||||
known-hosts = lib.pipe known-hosts' [
|
in
|
||||||
|
lib.pipe known-hosts' [
|
||||||
(lib.flip lib.removeAttrs ["__default__"])
|
(lib.flip lib.removeAttrs ["__default__"])
|
||||||
(lib.mapAttrs (name: host:
|
(lib.mapAttrs (fqdn: host:
|
||||||
lib.recursiveUpdate (known-hosts'."__default__" or {}) host
|
lib.recursiveUpdate (
|
||||||
|
(known-hosts'."__default__" or {})
|
||||||
|
// { isAlias = false; }
|
||||||
|
) host
|
||||||
))
|
))
|
||||||
|
(lib.mapAttrsToList (fqdn: host: let
|
||||||
|
allHostnames = [ fqdn ] ++ host.aliases;
|
||||||
|
in lib.forEach allHostnames (alias:
|
||||||
|
lib.nameValuePair
|
||||||
|
alias
|
||||||
|
(host // {
|
||||||
|
aliases = lib.remove alias allHostnames;
|
||||||
|
isAlias = fqdn != alias;
|
||||||
|
})
|
||||||
|
)
|
||||||
|
))
|
||||||
|
lib.flatten
|
||||||
|
lib.listToAttrs
|
||||||
];
|
];
|
||||||
hostNames = attrNames known-hosts;
|
hostNames = attrNames known-hosts;
|
||||||
thisHost = known-hosts.${config.networking.fqdn};
|
thisHost = known-hosts.${config.networking.fqdn};
|
||||||
|
@ -30,12 +47,18 @@ let
|
||||||
};
|
};
|
||||||
thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0;
|
thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0;
|
||||||
thatHostIsConsumer = thatHost.ssh ? userPublicKey && thisHostIsBuilder;
|
thatHostIsConsumer = thatHost.ssh ? userPublicKey && thisHostIsBuilder;
|
||||||
thatHostIsThis = fqdn == config.networking.fqdn;
|
thatHostIsThis = builtins.elem config.networking.fqdn ([ fqdn ] ++ thatHost.aliases);
|
||||||
in mkIf (!thatHostIsThis) ( lib.mkMerge [
|
in mkIf (!thatHostIsThis) ( lib.mkMerge [
|
||||||
# out
|
# out
|
||||||
(lib.mkIf (thisHostIsConsumer && thatHostIsBuilder) {
|
(lib.mkIf (thisHostIsConsumer && thatHostIsBuilder) {
|
||||||
|
|
||||||
nix.buildMachines = [ buildMachine ];
|
# TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0
|
||||||
|
# https://github.com/NixOS/nix/issues/2457
|
||||||
|
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
# useful when the builder has a faster internet connection than i do
|
||||||
|
nix.settings.builders-use-substitutes = true;
|
||||||
|
nix.buildMachines = lib.mkIf (!thatHost.isAlias) [ buildMachine ];
|
||||||
|
|
||||||
})
|
})
|
||||||
# out or jump
|
# out or jump
|
||||||
|
@ -46,7 +69,7 @@ let
|
||||||
# timeouts are great when remote is unresponsive. nix doesn't care, lix is way and tests each remote only once
|
# timeouts are great when remote is unresponsive. nix doesn't care, lix is way and tests each remote only once
|
||||||
programs.ssh.extraConfig = ''
|
programs.ssh.extraConfig = ''
|
||||||
Host ${fqdn}
|
Host ${fqdn}
|
||||||
ConnectTimeout 3
|
ConnectTimeout ${builtins.toString thatHost.ssh.connectTimeout}
|
||||||
Port ${builtins.toString thatHost.ssh.listenPort}
|
Port ${builtins.toString thatHost.ssh.listenPort}
|
||||||
${lib.optionalString (thatHost.ssh ? proxyJump) ''
|
${lib.optionalString (thatHost.ssh ? proxyJump) ''
|
||||||
ProxyJump ${thatJump.ssh.listenUser}@${thatHost.ssh.proxyJump}:${builtins.toString thatJump.ssh.listenPort}
|
ProxyJump ${thatJump.ssh.listenUser}@${thatHost.ssh.proxyJump}:${builtins.toString thatJump.ssh.listenPort}
|
||||||
|
@ -77,14 +100,6 @@ let
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
nix.distributedBuilds = true;
|
|
||||||
|
|
||||||
# TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0
|
|
||||||
# https://github.com/NixOS/nix/issues/2457
|
|
||||||
|
|
||||||
# useful when the builder has a faster internet connection than i do
|
|
||||||
nix.settings.builders-use-substitutes = true;
|
|
||||||
|
|
||||||
imports = lib.forEach hostNames mkRemoteConfig;
|
imports = lib.forEach hostNames mkRemoteConfig;
|
||||||
|
|
||||||
}
|
}
|
Loading…
Reference in New Issue