config/profiles/remote-builders/default.nix
2024-03-02 15:33:04 +01:00

218 lines
8.8 KiB
Nix

{ config, pkgs, lib, ... }:
let
# supportedFeatures:
# - "kvm" - has hypervisor
# - "nixos-test" - the same as ^? nixos?
# - "benchmark" - has "equal" performance
# - "big-parallel" - is beefy, for stuff like llvm
# find 'publicKey' with `ssh-keyscan`
proxyjump-ntnu = {
proxy.user = "pederbs";
proxy.host = "isvegg.pvv.ntnu.no";
proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU="; # isvegg
#proxy.host = "hildring.pvv.ntnu.no";
#proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU="; # hildring
#proxy.host = "microbel.pvv.ntnu.no";
#proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEq0yasKP0mH6PI6ypmuzPzMnbHELo9k+YB5yW534aKudKZS65YsHJKQ9vapOtmegrn5MQbCCgrshf+/XwZcjbM="; # microbel
};
sops.secrets.nix-community-builders-ssh-key = {};
remotes = [
/** /
{
systems = [ "aarch64-darwin" "x86_64-darwin" ];
hostName = "darwin-build-box.winter.cafe";
maxJobs = 4;
sshUser = "pbsds";
sshKey = "/run/secrets/nix-community-builders-ssh-key";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD";
}
/** /
{
systems = [ "aarch64-linux" ];
supportedFeatures = [ "big-parallel" ];
hostName = "aarch64.nixos.community";
maxJobs = 64;
sshUser = "pbsds";
sshKey = "/run/secrets/nix-community-builders-ssh-key";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds";
}
/**/
{
systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ];
hostName = "bolle.pbsds.net";
sshUser = "pbsds";
maxJobs = 4; # 12 cores
#maxJobs = 1; # at least for big-parallel
speedFactor = 3;
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeOB/57N1fQPVorIUlkkJZaQduBo+4+km2Qbj4ebd/k";
inherit (proxyjump-ntnu) proxy;
}
/**/
{
systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ];
hostName = "eple.pbsds.net";
sshUser = "pbsds";
maxJobs = 4; # 12 cores
#maxJobs = 1; # at least for big-parallel
speedFactor = 3;
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH03MEINNnjBvtmvN2QsCDCLkvF9ow5FQJp9uiyQ1Iwi";
inherit (proxyjump-ntnu) proxy;
}
/**/
{
systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ];
hostName = "garp.pbsds.net"; # TODO: port 23
sshUser = "pbsds";
maxJobs = 3; # 8 cores
#maxJobs = 1; # at least for big-parallel
speedFactor = 2;
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7PDBInkb3Eps3Xh+xVrhPY+sx";
inherit (proxyjump-ntnu) proxy;
}
/** /
{
systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ];
hostName = "noximilien.pbsds.net"; # TODO: port 23
sshUser = "pbsds";
maxJobs = 3; # 8 cores
#maxJobs = 1; # at least for big-parallel
speedFactor = 3;
supportedFeatures = [ "kvm" "big-parallel" ]; # TODO: "nixos-test"
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4";
}
/** /
{
systems = ["x86_64-linux"];
hostName = "rocm.pbsds.net";
sshUser = "pbsds";
maxJobs = 6; # 16 cores
#maxJobs = 4;
#maxJobs = 1; # at least for big-parallel
speedFactor = 2;
supportedFeatures = [ "kvm" "big-parallel" ];
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we";
inherit (proxyjump-ntnu) proxy;
}
/** /
{
systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ];
hostName = "sopp.pbsds.net";
sshPort = 26;
sshUser = "pbsds";
maxJobs = 4; # 8 cores
#maxJobs = 1; # at least for big-parallel
speedFactor = 1;
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GCQjn70BtVdQuJyXx38zN2CDj";
}
/**/
{
systems = [ "x86_64-linux" ]; #"wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ];
hostName = "nord.pbsds.net";
sshPort = 24;
sshUser = "pbsds";
maxJobs = 1; # 4 cores
#maxJobs = 1; # at least for big-parallel
speedFactor = 1;
supportedFeatures = [ "kvm" "big-parallel" "nixos-test" ];
#mandatoryFeatures = [ ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBSdIUtUfAxnVbPDmDDFdP2S3Wd3+CC8IfZAANJ76oh";
}
/** /
{
systems = ["x86_64-linux"];
hostName = "isvegg.pvv.ntnu.no";
sshUser = "pederbs";
maxJobs = 1; # 4 cores
speedFactor = 0;
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
}
/** /
{
systems = ["x86_64-linux"];
hostName = "eirin.pvv.ntnu.no";
sshUser = "pederbs";
maxJobs = 1; # 8 cores
speedFactor = 0;
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=";
inherit (proxyjump-ntnu) proxy;
}
{
systems = ["x86_64-linux"];
hostName = "demiurgen.pvv.ntnu.no";
sshUser = "pederbs";
maxJobs = 1; # 8 cores
speedFactor = 0;
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=";
inherit (proxyjump-ntnu) proxy;
}
/**/
];
mkRemoteConfig = {
publicKey,# fetch it with `ssh-keyscan`
proxy ? null, # schema: { user, host, publicKey }
sshPort ? 22,
... # the rest follows nix.buildMachines.<NAME> schema
}@args:
let
buildMachine = lib.filterAttrs (key: _: !builtins.elem key ["publicKey" "proxy" "sshPort"]) args; # this should have syntactic sugar: ...@buildMachine
filter = lib.mkIf (buildMachine.hostName != config.networking.fqdn);
in filter {
nix.buildMachines = [ buildMachine ];
#nix.buildMachines = [ (buildMachine // { protocol = "ssh-ng"; } ) ];
#TODO: users.users.root.openssh.authorizedKeys.keys
programs.ssh.knownHosts.${buildMachine.hostName}.publicKey = publicKey;
# the timeout is great to have when a remote is unresponsive, as nix currently does not give a shit
programs.ssh.extraConfig = ''
Host ${buildMachine.hostName}
ConnectTimeout 3
Port ${builtins.toString sshPort}
${lib.optionalString (proxy != null) ''
ProxyJump ${proxy.user}@${proxy.host}
''}
'';
programs.ssh.knownHosts.${proxy.host or "IGNORE"} = lib.mkIf (proxy != null) { publicKey = proxy.publicKey; };
};
remoteMap = lib.listToAttrs (lib.forEach remotes (remote: {
name = remote.hostName;
value = remote;
}));
in {
nix.distributedBuilds = true;
# TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0
# https://github.com/NixOS/nix/issues/2457
# useful when the builder has a faster internet connection than i do
nix.settings.builders-use-substitutes = true;
/** /
nix.buildMachines = let cfg = remoteMap.${config.networking.fqdn}; in [{
hostName = "localhost"; # https://github.com/NixOS/nix/pull/4938
systems = [ config.nixpkgs.system "builtin" ] ++ config.boot.binfmt.emulatedSystems;
supportedFeatures = ["builtin" "local" "kvm" "nixos-test" "big-parallel" "benchmark"];
inherit (cfg) maxJobs speedFactor;
}];
/**/
# TIL: this can be a list of configurations and lambdas, not just file paths
imports = builtins.map mkRemoteConfig remotes;
}