daniel/dotfiles
1
0
Fork 0
Code Activity Actions

systems: fix remote build

Browse source
This commit is contained in:
Daniel Kempkens 2023-10-25 23:31:32 +02:00
parent 7d8eaaae76
commit e32a2fa43f
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
8 changed files with 57 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
home/programs/ssh/Styx.nix
View file

@ -8,7 +8,6 @@ let
signers-directory = "${ssh-directory}/allowed_signers";
shared-private = import ./shared/private.nix;
shared-builder = import ./shared/builder.nix;
shared-work = import ./shared/work.nix { inherit secret; };
ssh-keys = import ../../../system/shared/ssh-keys.nix;
@ -29,7 +28,7 @@ in
# VerifyHostKeyDNS yes
'';
matchBlocks = shared-private.matchBlocks // shared-builder.matchBlocks // shared-work.matchBlocks;
matchBlocks = shared-private.matchBlocks // shared-work.matchBlocks;
includes = [
"~/.ssh/config_work"

43
home/programs/ssh/shared/builder.nix
View file

@ -1,43 +0,0 @@
{
matchBlocks = {
"builder-tanker" = {
hostname = "tanker.ts.kempkens.network";
port = 22;
user = "root";
identityFile = "~/.ssh/Hetzner.pub";
identitiesOnly = true;
};
"builder-mediaserver" = {
hostname = "mediaserver.ts.kempkens.network";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"builder-argon" = {
hostname = "argon.ts.kempkens.network";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"builder-adsb-antenna" = {
hostname = "adsb-antenna.laniot";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"builder-weather-sdr" = {
hostname = "weather-sdr.laniot";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
};
}

1
system/flakes/adsb-antenna.nix
View file

@ -51,7 +51,6 @@ rec {
targetHost = "adsb-antenna";
targetPort = 22;
targetUser = "root";
buildOnTarget = true;
};
nixpkgs.system = default-system;

1
system/flakes/weather-sdr.nix
View file

@ -51,7 +51,6 @@ rec {
targetHost = "weather-sdr";
targetPort = 22;
targetUser = "root";
buildOnTarget = true;
};
nixpkgs.system = default-system;

40
system/hosts/Styx.nix
View file

@ -1,3 +1,6 @@
let
homeDir = "/Users/daniel";
in
{
imports = [
../../agenix/hosts/Styx/config.nix
@ -40,33 +43,21 @@
buildMachines = [
{
hostName = "builder-tanker";
hostName = "mediaserver.ts.kempkens.network";
protocol = "ssh-ng";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 4;
}
{
hostName = "builder-mediaserver";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 1;
}
{
hostName = "builder-argon";
systems = [ "aarch64-linux" ];
sshUser = "nix-remote-builder";
sshKey = "${homeDir}/.ssh/id_nix_remote_builder";
maxJobs = 2;
}
{
hostName = "builder-adsb-antenna";
hostName = "argon.ts.kempkens.network";
protocol = "ssh-ng";
systems = [ "aarch64-linux" ];
maxJobs = 1;
}
{
hostName = "builder-weather-sdr";
systems = [ "aarch64-linux" ];
maxJobs = 1;
sshUser = "nix-remote-builder";
sshKey = "${homeDir}/.ssh/id_nix_remote_builder";
maxJobs = 2;
}
];
@ -81,7 +72,7 @@
users = {
users.daniel = {
home = "/Users/daniel";
home = homeDir;
};
};
@ -90,6 +81,9 @@
};
services = {
nix-daemon.enable = true;
nix-daemon = {
enable = true;
logFile = "/var/log/nix-daemon.log";
};
};
}

20
system/hosts/argon.nix
View file

@ -58,6 +58,11 @@ in
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trusted-users = [
"root"
"nix-remote-builder"
];
};
gc = {
@ -176,7 +181,12 @@ in
};
services.hardware.argonone.enable = true;
programs.fish.enable = true;
programs = {
fish.enable = true;
zsh.enable = true;
htop.enable = true;
};
users.users = {
root = {
@ -192,5 +202,13 @@ in
shell = pkgs.fish;
openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
};
nix-remote-builder = {
isNormalUser = true;
home = "/home/nix-remote-builder";
description = "Nix Remote Builder";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ ssh-keys.NixRemoteBuilder ];
};
};
}

20
system/hosts/mediaserver.nix
View file

@ -71,6 +71,11 @@ in
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trusted-users = [
"root"
"nix-remote-builder"
];
};
gc = {
@ -144,8 +149,11 @@ in
fonts.fontconfig.enable = false;
sound.enable = false;
programs.fish.enable = true;
programs.htop.enable = true;
programs = {
fish.enable = true;
zsh.enable = true;
htop.enable = true;
};
users.users = {
root = {
@ -161,5 +169,13 @@ in
shell = pkgs.fish;
openssh.authorizedKeys.keys = [ ssh-keys.LAN ssh-keys.ShellFish ];
};
nix-remote-builder = {
isNormalUser = true;
home = "/home/nix-remote-builder";
description = "Nix Remote Builder";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ ssh-keys.NixRemoteBuilder ];
};
};
}

2
system/shared/ssh-keys.nix
View file

@ -10,4 +10,6 @@
ShellFish = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGU56Ebq41/DAKmfSHRO3xv2XBFFq+rMWH1L70L1qgcX";
BackupTanker = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCncIcbsNkfRODGjADNIJVI7PMrLRGD/fYfsjyelqv9XI1eVzZdVt5rXJeEDf2B0kzciGE+tcvrQ4iwpavucsIgTp68lFETb2QaiWTvGNNdi9Ejgeoe7LhuVGP3XcvJTODLGU5qviIXljfBZVuDZdK2jfA68RBlYUipXWD/rjhnQLOcr5gUQJ6OtPgSDukjyyrDIzmyXZpw4g80v+KweTXf5e2kL5wea4AhSVWBewVLPAVYsOoxh3lisVee/RX/rlMpyNxrEMJOtUQgke1xekFq6wPyPDKLn4HdotqJWlUa1/oCyDQGHVqECL1wWHDEXoJFyKGWsJ8QoctvwFePkwCpDcQaLqd38d8STZOTC2Sa2CBOMFlZUgAS6l+lPFv4wTAmML/yGyqJPug6oEaCFD+m0kcBcLTIT0r6Bc5B9iB34Vw5TrcLVjfTlKity0ioPtNcHTo1gsqCES/gA86Ci2dVanrWTjyT/36UmdzTd02nNgmzTWqZZf7Mc0OPmAMHTrE=";
NixRemoteBuilder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIz/JmDKOeO4odKnQWkqPneSp4e55yrHpEiBBX5sfz8";
}