Compare commits

..

No commits in common. "06ca3a547c78b17565d421c22fd3e5be7b493941" and "b9615589b4eef80343e64d6f713469153c22de1d" have entirely different histories.

12 changed files with 35 additions and 63 deletions

View File

@ -272,7 +272,7 @@
p1005 = ./hardware/printer/hp-laserjet-p1005.nix; p1005 = ./hardware/printer/hp-laserjet-p1005.nix;
au = ./profiles/auto-upgrade.nix; au = ./profiles/auto-upgrade.nix;
ts = ./profiles/tailscale.nix; ts = ./profiles/tailscale.nix;
#rb = ./profiles/known-hosts.nix; # TODO #rb = ./profiles/remote-builders.nix; # TODO
nixld = ./profiles/nix-ld.nix; nixld = ./profiles/nix-ld.nix;
dns64 = { config, ... }: { dns64 = { config, ... }: {
networking.nameservers = [ "2001:700:1:11::2:51" ]; # dns64.uninett.no networking.nameservers = [ "2001:700:1:11::2:51" ]; # dns64.uninett.no

View File

@ -35,7 +35,7 @@
../../profiles/desktop/flatpak.nix ../../profiles/desktop/flatpak.nix
../../profiles/desktop/waydroid.nix ../../profiles/desktop/waydroid.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
#../../profiles/autossh-reverse-tunnels #../../profiles/autossh-reverse-tunnels
]; ];

View File

@ -22,7 +22,7 @@
../../profiles/shell.nix ../../profiles/shell.nix
../../profiles/domeneshop-dyndns.nix ../../profiles/domeneshop-dyndns.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
#../../profiles/autossh-reverse-tunnels #../../profiles/autossh-reverse-tunnels
]; ];
services.domeneshop-updater.targets = [ config.networking.fqdn ]; services.domeneshop-updater.targets = [ config.networking.fqdn ];

View File

@ -19,7 +19,7 @@
../../profiles/shell.nix ../../profiles/shell.nix
#../../profiles/domeneshop-dyndns.nix #../../profiles/domeneshop-dyndns.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
]; ];
#services.domeneshop-updater.targets = [ config.networking.fqdn ]; #services.domeneshop-updater.targets = [ config.networking.fqdn ];

View File

@ -19,7 +19,7 @@
../../profiles/shell.nix ../../profiles/shell.nix
../../profiles/domeneshop-dyndns.nix ../../profiles/domeneshop-dyndns.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
#../../profiles/autossh-reverse-tunnels #../../profiles/autossh-reverse-tunnels
]; ];
services.domeneshop-updater.targets = [ config.networking.fqdn ]; services.domeneshop-updater.targets = [ config.networking.fqdn ];

View File

@ -46,7 +46,7 @@
#../../profiles/desktop/sound/pipewire.nix #../../profiles/desktop/sound/pipewire.nix
../../profiles/domeneshop-dyndns.nix ../../profiles/domeneshop-dyndns.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
]; ];
services.domeneshop-updater.targets = [ config.networking.fqdn ]; services.domeneshop-updater.targets = [ config.networking.fqdn ];

View File

@ -33,7 +33,7 @@
#../../profiles/desktop/lutris.nix #../../profiles/desktop/lutris.nix
#../../profiles/desktop/flatpak.nix #../../profiles/desktop/flatpak.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
]; ];
networking.firewall.allowedTCPPorts = [ 57621 ]; # spotify local discovery networking.firewall.allowedTCPPorts = [ 57621 ]; # spotify local discovery

View File

@ -1,7 +1,6 @@
# primarily used for remote builders, but also configures known public keys # primarily used for remote builders, but also configures known public keys
#["host.name"] #["host.name"]
# aliases = ["other.host.name"]
# https://search.nixos.org/options?query=nix.buildMachine # https://search.nixos.org/options?query=nix.buildMachine
# buildMachine.systems # buildMachine.systems
# buildMachine.maxJobs # buildMachine.maxJobs
@ -15,8 +14,6 @@
# ssh.userPublicKey # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub # ssh.userPublicKey # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub
# ssh.proxyJump # optional hostname # ssh.proxyJump # optional hostname
# ssh.userPrivateKey # optional IdentityFile to use # ssh.userPrivateKey # optional IdentityFile to use
# ssh.connectTimeout
# buildMachine.supportedFeatures: # buildMachine.supportedFeatures:
# - "kvm" - has hypervisor # - "kvm" - has hypervisor
@ -25,7 +22,6 @@
# - "big-parallel" - is beefy, for stuff like llvm # - "big-parallel" - is beefy, for stuff like llvm
[__default__] [__default__]
aliases = []
buildMachine.systems = ["x86_64-linux", "i686-linux"] buildMachine.systems = ["x86_64-linux", "i686-linux"]
buildMachine.maxJobs = 0 # not a builder buildMachine.maxJobs = 0 # not a builder
buildMachine.speedFactor = 1 buildMachine.speedFactor = 1
@ -35,7 +31,6 @@ buildMachine.protocol = "ssh" # "ssh-ng"
ssh.listenUser = "pbsds" # TODO: change ssh.listenUser = "pbsds" # TODO: change
# ssh.listenUser = "nixbld-remote" # ssh.listenUser = "nixbld-remote"
ssh.listenPort = 22 ssh.listenPort = 22
ssh.connectTimeout = 3
# in general: # in general:
# headless: one job per 4 threads and 8GB RAM # headless: one job per 4 threads and 8GB RAM
@ -50,7 +45,6 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeOB/57N1fQPVorIUlkk
ssh.proxyJump = "isvegg.pvv.ntnu.no" ssh.proxyJump = "isvegg.pvv.ntnu.no"
["eple.pbsds.net"] # r9 290x ["eple.pbsds.net"] # r9 290x
aliases = [ "eple.tail9aac63.ts.net" ]
buildMachine.maxJobs = 3 # 12 threads 32GB buildMachine.maxJobs = 3 # 12 threads 32GB
buildMachine.speedFactor = 3 # i7-5820K buildMachine.speedFactor = 3 # i7-5820K
buildMachine.supportedFeatures = ["kvm", "big-parallel", "nixos-test"] buildMachine.supportedFeatures = ["kvm", "big-parallel", "nixos-test"]
@ -66,14 +60,12 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7P
ssh.proxyJump = "isvegg.pvv.ntnu.no" ssh.proxyJump = "isvegg.pvv.ntnu.no"
["noximilien.pbsds.net"] ["noximilien.pbsds.net"]
aliases = [ "noximilien.tail9aac63.ts.net" ]
# buildMachine.maxJobs = 1 # 8 threads 8GB # buildMachine.maxJobs = 1 # 8 threads 8GB
buildMachine.speedFactor = 1 # i7-3770S buildMachine.speedFactor = 1 # i7-3770S
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4" ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4"
ssh.userPublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien" ssh.userPublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien"
["sopp.pbsds.net"] # gtx 1080 ["sopp.pbsds.net"] # gtx 1080
aliases = [ "sopp.tail9aac63.ts.net" ]
# buildMachine.maxJobs = 2 # 8 threads 32GB # buildMachine.maxJobs = 2 # 8 threads 32GB
buildMachine.speedFactor = 2 # i7-4790K buildMachine.speedFactor = 2 # i7-4790K
buildMachine.supportedFeatures = ["kvm", "nixos-test", "cuda"] buildMachine.supportedFeatures = ["kvm", "nixos-test", "cuda"]
@ -82,7 +74,6 @@ ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GC
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp" ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp"
["nord.pbsds.net"] # rx 580 ["nord.pbsds.net"] # rx 580
aliases = [ "nord.tail9aac63.ts.net" ]
# buildMachine.maxJobs = 1 # 4 threads 32GB # buildMachine.maxJobs = 1 # 4 threads 32GB
buildMachine.speedFactor = 1 # i5-2500 buildMachine.speedFactor = 1 # i5-2500
buildMachine.supportedFeatures = ["kvm", "nixos-test"] buildMachine.supportedFeatures = ["kvm", "nixos-test"]
@ -97,7 +88,6 @@ ssh.listenUser = "pbsds"
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we" ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we"
["bjarte.pbsds.net"] ["bjarte.pbsds.net"]
aliases = [ "bjarte.tail9aac63.ts.net" ]
ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4v1+FbiEa6Mohpf3/Una5ahKeKSG9yZ9iU5TC7ddL5 root@bjarte" ssh.userPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4v1+FbiEa6Mohpf3/Una5ahKeKSG9yZ9iU5TC7ddL5 root@bjarte"
["brumlebasse.pbsds.net"] ["brumlebasse.pbsds.net"]
@ -149,14 +139,12 @@ ssh.listenUser = "pederbs"
ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEq0yasKP0mH6PI6ypmuzPzMnbHELo9k+YB5yW534aKudKZS65YsHJKQ9vapOtmegrn5MQbCCgrshf+/XwZcjbM=" ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEq0yasKP0mH6PI6ypmuzPzMnbHELo9k+YB5yW534aKudKZS65YsHJKQ9vapOtmegrn5MQbCCgrshf+/XwZcjbM="
["heid.idi.ntnu.no"] # ["heid.idi.ntnu.no"]
# buildMachine.maxJobs = 24 # 96 threads 1.4TB # buildMachine.maxJobs = 24 # 96 threads 1.4TB
buildMachine.speedFactor = 5 # Intel Xeon Platinum 8168 CPU @ 2.70GHz # buildMachine.supportedFeatures = [ "big-parallel" ];
buildMachine.supportedFeatures = [ "big-parallel" ] # ssh.listenUser = "pederbs"
# buildMachine.mandatoryFeatures = [ "big-parallel" ] # ssh.listenPublicKey = "TODO"
ssh.listenUser = "pederbs" # ssh.proxyJump = "isvegg.pvv.ntnu.no"
ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzLWPq7O9OiUXEDtwm/xfdBmLqEZXWlXDdRuJmb2Gou"
ssh.proxyJump = "isvegg.pvv.ntnu.no"
# ["bob.pvv.ntnu.no"] # ["bob.pvv.ntnu.no"]
# buildMachine.maxJobs = 10 # 40 threads # buildMachine.maxJobs = 10 # 40 threads
@ -188,7 +176,6 @@ ssh.userPrivateKey = "/run/secrets/nix-community-builders-ssh-key"
# ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM"; # ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM";
# ssh.userPrivateKey = "/run/secrets/nixbuild-dot-net-ssh-key" # ssh.userPrivateKey = "/run/secrets/nixbuild-dot-net-ssh-key"
["clab01.idi.ntnu.no"] # gtx 4090 ["clab01.idi.ntnu.no"] # gtx 4090
# buildMachine.maxJobs = 1 # 24 threads 64GB # buildMachine.maxJobs = 1 # 24 threads 64GB
buildMachine.speedFactor = 5 # AMD Ryzen 9 7900X buildMachine.speedFactor = 5 # AMD Ryzen 9 7900X

View File

@ -40,7 +40,7 @@
../../profiles/desktop/steam.nix ../../profiles/desktop/steam.nix
../../profiles/desktop/flatpak.nix ../../profiles/desktop/flatpak.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
#../../profiles/autossh-reverse-tunnels #../../profiles/autossh-reverse-tunnels
#../../profiles/domeneshop-dyndns.nix # handled by noximilien #../../profiles/domeneshop-dyndns.nix # handled by noximilien
]; ];

View File

@ -90,7 +90,7 @@
#../../profiles/code-remote # TODO: move into web? services? #../../profiles/code-remote # TODO: move into web? services?
../../profiles/domeneshop-dyndns.nix ../../profiles/domeneshop-dyndns.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
../../profiles/autossh-reverse-tunnels ../../profiles/autossh-reverse-tunnels
#../../profiles/xrdp #../../profiles/xrdp
]; ];

View File

@ -49,7 +49,7 @@
../../profiles/desktop/lutris.nix ../../profiles/desktop/lutris.nix
../../profiles/desktop/flatpak.nix ../../profiles/desktop/flatpak.nix
../../profiles/known-hosts.nix ../../profiles/remote-builders.nix
#../../profiles/autossh-reverse-tunnels #../../profiles/autossh-reverse-tunnels
#../../profiles/domeneshop-dyndns.nix # handled by noximilien #../../profiles/domeneshop-dyndns.nix # handled by noximilien
]; ];

View File

@ -1,37 +1,20 @@
{ config, lib, ... }: { config, lib, ... }:
# TODO: make a remote-build user on nixos boxes, instead of giving access to pbsds # TODO: make a remote-build user on nixos boxes, instead of giving access to pbsds
# TODO: https://exozy.me/about # TODO: https://exozy.me/quickstart
# TODO: https://github.com/winterqt/darwin-build-box
let let
inherit (builtins) map fromTOML readFile elem attrNames attrValues; inherit (builtins) map fromTOML readFile elem attrNames attrValues;
inherit (lib) mkIf; inherit (lib) mkIf;
known-hosts = let known-hosts' = lib.importTOML ../hosts/known-hosts.toml; # TODO: eww
known-hosts' = lib.importTOML ../hosts/known-hosts.toml; # TODO: eww known-hosts = lib.pipe known-hosts' [
in (lib.flip lib.removeAttrs ["__default__"])
lib.pipe known-hosts' [ (lib.mapAttrs (name: host:
(lib.flip lib.removeAttrs ["__default__"]) lib.recursiveUpdate (known-hosts'."__default__" or {}) host
(lib.mapAttrs (fqdn: host: ))
lib.recursiveUpdate ( ];
(known-hosts'."__default__" or {})
// { isAlias = false; }
) host
))
(lib.mapAttrsToList (fqdn: host: let
allHostnames = [ fqdn ] ++ host.aliases;
in lib.forEach allHostnames (alias:
lib.nameValuePair
alias
(host // {
aliases = lib.remove alias allHostnames;
isAlias = fqdn != alias;
})
)
))
lib.flatten
lib.listToAttrs
];
hostNames = attrNames known-hosts; hostNames = attrNames known-hosts;
thisHost = known-hosts.${config.networking.fqdn}; thisHost = known-hosts.${config.networking.fqdn};
thisHostIsBuilder = thisHost.buildMachine.maxJobs > 0; thisHostIsBuilder = thisHost.buildMachine.maxJobs > 0;
@ -47,18 +30,12 @@ let
}; };
thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0; thatHostIsBuilder = thatHost.buildMachine.maxJobs > 0;
thatHostIsConsumer = thatHost.ssh ? userPublicKey && thisHostIsBuilder; thatHostIsConsumer = thatHost.ssh ? userPublicKey && thisHostIsBuilder;
thatHostIsThis = builtins.elem config.networking.fqdn ([ fqdn ] ++ thatHost.aliases); thatHostIsThis = fqdn == config.networking.fqdn;
in mkIf (!thatHostIsThis) ( lib.mkMerge [ in mkIf (!thatHostIsThis) ( lib.mkMerge [
# out # out
(lib.mkIf (thisHostIsConsumer && thatHostIsBuilder) { (lib.mkIf (thisHostIsConsumer && thatHostIsBuilder) {
# TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0 nix.buildMachines = [ buildMachine ];
# https://github.com/NixOS/nix/issues/2457
nix.distributedBuilds = true;
# useful when the builder has a faster internet connection than i do
nix.settings.builders-use-substitutes = true;
nix.buildMachines = lib.mkIf (!thatHost.isAlias) [ buildMachine ];
}) })
# out or jump # out or jump
@ -69,7 +46,7 @@ let
# timeouts are great when remote is unresponsive. nix doesn't care, lix is way and tests each remote only once # timeouts are great when remote is unresponsive. nix doesn't care, lix is way and tests each remote only once
programs.ssh.extraConfig = '' programs.ssh.extraConfig = ''
Host ${fqdn} Host ${fqdn}
ConnectTimeout ${builtins.toString thatHost.ssh.connectTimeout} ConnectTimeout 3
Port ${builtins.toString thatHost.ssh.listenPort} Port ${builtins.toString thatHost.ssh.listenPort}
${lib.optionalString (thatHost.ssh ? proxyJump) '' ${lib.optionalString (thatHost.ssh ? proxyJump) ''
ProxyJump ${thatJump.ssh.listenUser}@${thatHost.ssh.proxyJump}:${builtins.toString thatJump.ssh.listenPort} ProxyJump ${thatJump.ssh.listenUser}@${thatHost.ssh.proxyJump}:${builtins.toString thatJump.ssh.listenPort}
@ -100,6 +77,14 @@ let
in { in {
nix.distributedBuilds = true;
# TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0
# https://github.com/NixOS/nix/issues/2457
# useful when the builder has a faster internet connection than i do
nix.settings.builders-use-substitutes = true;
imports = lib.forEach hostNames mkRemoteConfig; imports = lib.forEach hostNames mkRemoteConfig;
} }