diff --git a/profiles/remote-builders/default.nix b/profiles/remote-builders/default.nix deleted file mode 100644 index a9326e0..0000000 --- a/profiles/remote-builders/default.nix +++ /dev/null @@ -1,257 +0,0 @@ -{ config, pkgs, lib, ... }: -let - # supportedFeatures: - # - "kvm" - has hypervisor - # - "nixos-test" - the same as ^? nixos? - # - "benchmark" - has "equal" performance - # - "big-parallel" - is beefy, for stuff like llvm - - # find 'publicKey' with `ssh-keyscan` - proxyjump-ntnu = { - proxy.user = "pederbs"; - proxy.host = "isvegg.pvv.ntnu.no"; - proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU="; # isvegg - #proxy.host = "hildring.pvv.ntnu.no"; - #proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU="; # hildring - #proxy.host = "microbel.pvv.ntnu.no"; - #proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEq0yasKP0mH6PI6ypmuzPzMnbHELo9k+YB5yW534aKudKZS65YsHJKQ9vapOtmegrn5MQbCCgrshf+/XwZcjbM="; # microbel - #proxy.host = "snotra-login1.idi.ntnu.no"; - #proxy.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvf//xeGEuGkPqTMyCZJlyjufpChPkwnB+W19yIQquF"; # snotra -}; - - sops.secrets.nix-community-builders-ssh-key = {}; - - remotes = - let - mkClab = hostname: pubkey: { - systems = [ "x86_64-linux" ]; - hostName = hostname; - sshUser = "pederbs"; - maxJobs = 1; # 24 thread 64gb ram - speedFactor = 2; - supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ]; - #mandatoryFeatures = [ ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7PDBInkb3Eps3Xh+xVrhPY+sx"; - inherit (proxyjump-ntnu) proxy; - }; - in [ - /** / - { - systems = [ "aarch64-darwin" "x86_64-darwin" ]; - hostName = "darwin-build-box.winter.cafe"; - maxJobs = 4; - sshUser = "pbsds"; - sshKey = "/run/secrets/nix-community-builders-ssh-key"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD"; - } - /** / - { - systems = [ "aarch64-linux" ]; - supportedFeatures = [ "big-parallel" ]; - hostName = "aarch64.nixos.community"; - maxJobs = 64; - sshUser = "pbsds"; - sshKey = "/run/secrets/nix-community-builders-ssh-key"; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds"; - } - /**/ - { - systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ]; - hostName = "bolle.pbsds.net"; - sshUser = "pbsds"; - maxJobs = 4; # 12 cores - #maxJobs = 1; # at least for big-parallel - speedFactor = 3; - supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ]; - #mandatoryFeatures = [ ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeOB/57N1fQPVorIUlkkJZaQduBo+4+km2Qbj4ebd/k"; - inherit (proxyjump-ntnu) proxy; - } - /**/ - { - systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ]; - hostName = "eple.pbsds.net"; - sshUser = "pbsds"; - maxJobs = 4; # 12 cores - #maxJobs = 1; # at least for big-parallel - speedFactor = 3; - supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ]; - #mandatoryFeatures = [ ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH03MEINNnjBvtmvN2QsCDCLkvF9ow5FQJp9uiyQ1Iwi"; - inherit (proxyjump-ntnu) proxy; - } - /**/ - { - systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ]; - hostName = "garp.pbsds.net"; # TODO: port 23 - sshUser = "pbsds"; - maxJobs = 3; # 8 cores - #maxJobs = 1; # at least for big-parallel - speedFactor = 2; - supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ]; - #mandatoryFeatures = [ ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7PDBInkb3Eps3Xh+xVrhPY+sx"; - inherit (proxyjump-ntnu) proxy; - } - /** / - { - systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ]; - hostName = "noximilien.pbsds.net"; # TODO: port 23 - sshUser = "pbsds"; - maxJobs = 3; # 8 cores - #maxJobs = 1; # at least for big-parallel - speedFactor = 3; - supportedFeatures = [ "kvm" "big-parallel" ]; # TODO: "nixos-test" - #mandatoryFeatures = [ ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4"; - } - /** / - { - systems = ["x86_64-linux"]; - hostName = "rocm.pbsds.net"; - sshUser = "pbsds"; - maxJobs = 6; # 16 cores - #maxJobs = 4; - #maxJobs = 1; # at least for big-parallel - speedFactor = 2; - supportedFeatures = [ "kvm" "big-parallel" ]; - #mandatoryFeatures = [ ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we"; - inherit (proxyjump-ntnu) proxy; - } - /** / - { - systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ]; - hostName = "sopp.pbsds.net"; - sshPort = 26; - sshUser = "pbsds"; - maxJobs = 4; # 8 cores - #maxJobs = 1; # at least for big-parallel - speedFactor = 1; - supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ]; - #mandatoryFeatures = [ ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GCQjn70BtVdQuJyXx38zN2CDj"; - } - /**/ - { - systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ]; - hostName = "nord.pbsds.net"; - sshPort = 24; - sshUser = "pbsds"; - maxJobs = 1; # 4 cores - #maxJobs = 1; # at least for big-parallel - speedFactor = 1; - supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ]; - #mandatoryFeatures = [ ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBSdIUtUfAxnVbPDmDDFdP2S3Wd3+CC8IfZAANJ76oh"; - } - /** / - { - systems = ["x86_64-linux"]; - hostName = "isvegg.pvv.ntnu.no"; - sshUser = "pederbs"; - maxJobs = 1; # 4 cores - speedFactor = 0; - publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU="; - } - /** / - { - systems = ["x86_64-linux"]; - hostName = "eirin.pvv.ntnu.no"; - sshUser = "pederbs"; - maxJobs = 1; # 8 cores - speedFactor = 0; - publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk="; - inherit (proxyjump-ntnu) proxy; - } - { - systems = ["x86_64-linux"]; - hostName = "demiurgen.pvv.ntnu.no"; - sshUser = "pederbs"; - maxJobs = 1; # 8 cores - speedFactor = 0; - publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM="; - inherit (proxyjump-ntnu) proxy; - } - /**/ - - /** / - (mkClab "clab01.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJfJV5Ov3D0qErVnbQZ3oxhA3i0zuAmjmVUf3JV08aSg") - (mkClab "clab02.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHNhQPotOGWZdFeW4B3eDYGcaF/2xB56hNL+x3QEURa6") - (mkClab "clab03.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5srnYPuULchLvlCOlWOwrhQEBznQn61kj0Oawnp44Y") - (mkClab "clab04.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgMxLYYiYb/6IAH6nyc9eGXASgDPTE2JcRZ9ODjhQt5") - (mkClab "clab05.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHw4h4dH689bLYWjrhhsvfljyWfUEClPa1Kb0cYxLRaD") - (mkClab "clab06.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVZ394P3124lSxkzVodFqbindIvCB3kcn4YcgbaPrAs") - (mkClab "clab07.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKQfcOmWC73bmE2mlWEcXFHiDUhsYWA7Xy9Dtq8kKmn") - (mkClab "clab08.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlyZq3uTBCgkvPgs6nWRzsdhHmXHph14dmYWgt1vuBx") - (mkClab "clab09.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAj4eXT/k7iiUYx+CXq5ShLWm1N6SNO23EIs4xYEaQaW") - (mkClab "clab10.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5xEUkiwXWaUCA+QfMDq2vHfXKzcpXlrHpJMNQ8EU+K") - (mkClab "clab11.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlKZhdQBrjafzzwdRR3arem3TXnnPucQskd7RWW9L5V") - (mkClab "clab12.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEr2zGzev8JffE67Hkb3Qli7K0kzVdu8VXxJW47PK7m") - (mkClab "clab13.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZgIhgpMCdegJaW6Huad7Dj4YfyR8Zhi1UmDsgcJYK2") - (mkClab "clab14.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3pAYx5rtbaUCf4xsiy+7/qKqnGMnSa9KCp42j+XmEh") - (mkClab "clab15.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7XwwhLJGwK+a7zShr2Ok9f2GlvPkP+FxKdbGYsNHtd") - (mkClab "clab16.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKAaMXBAYsDd2QQOAQhXAAJCejbylQNLI9KsN3/EsY+") - (mkClab "clab20.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGBbcKU5uDTgaQoREjaNuzQkCKNm5wlnhln6ZNiL3o2") - (mkClab "clab22.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMHlaYq184VDBoEOtaIIu2jnuBihhWiGPlyku0SMKORG") - (mkClab "clab23.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsIRgqoFF900olTCy6DSrFMpZyRmtK6aVP2oYQhNi8g") - (mkClab "clab24.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqh/Sp13OcUnZ8gVgiylcLsqAgIw+twQG92GyZK3FBZ") - (mkClab "clab25.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdL5coXj0geu9O1cMLdYuUE0TWlIkKLNj71/XF0e8eg") - (mkClab "clab26.idi.ntnu.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINqqxg0hVT/gPBM1xqrR9QtMRHVBZDYWZ3pzbJv9MHUG") - /**/ - ]; - - mkRemoteConfig = { - publicKey,# fetch it with `ssh-keyscan` - proxy ? null, # schema: { user, host, publicKey } - sshPort ? 22, - ... # the rest follows nix.buildMachines. schema - }@args: - let - buildMachine = lib.filterAttrs (key: _: !builtins.elem key ["publicKey" "proxy" "sshPort"]) args; # this should have syntactic sugar: ...@buildMachine - filter = lib.mkIf (buildMachine.hostName != config.networking.fqdn); - in filter { - nix.buildMachines = [ buildMachine ]; - #nix.buildMachines = [ (buildMachine // { protocol = "ssh-ng"; } ) ]; - #TODO: users.users.root.openssh.authorizedKeys.keys - programs.ssh.knownHosts.${buildMachine.hostName}.publicKey = publicKey; - # the timeout is great to have when a remote is unresponsive, as nix currently does not give a shit - programs.ssh.extraConfig = '' - Host ${buildMachine.hostName} - ConnectTimeout 3 - Port ${builtins.toString sshPort} - ${lib.optionalString (proxy != null) '' - ProxyJump ${proxy.user}@${proxy.host} - ''} - ''; - programs.ssh.knownHosts.${proxy.host or "IGNORE"} = lib.mkIf (proxy != null) { publicKey = proxy.publicKey; }; - }; - - remoteMap = lib.listToAttrs (lib.forEach remotes (remote: { - name = remote.hostName; - value = remote; - })); - -in { - - nix.distributedBuilds = true; - - # TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0 - # https://github.com/NixOS/nix/issues/2457 - - # useful when the builder has a faster internet connection than i do - nix.settings.builders-use-substitutes = true; - - /** / - nix.buildMachines = let cfg = remoteMap.${config.networking.fqdn}; in [{ - hostName = "localhost"; # https://github.com/NixOS/nix/pull/4938 - systems = [ config.nixpkgs.system "builtin" ] ++ config.boot.binfmt.emulatedSystems; - supportedFeatures = ["builtin" "local" "kvm" "nixos-test" "big-parallel" "benchmark"]; - inherit (cfg) maxJobs speedFactor; - }]; - /**/ - - # TIL: this can be a list of configurations and lambdas, not just file paths - imports = builtins.map mkRemoteConfig remotes; - -}