systems: fix remote build
This commit is contained in:
parent
7d8eaaae76
commit
e32a2fa43f
8 changed files with 57 additions and 73 deletions
|
@ -8,7 +8,6 @@ let
|
|||
signers-directory = "${ssh-directory}/allowed_signers";
|
||||
|
||||
shared-private = import ./shared/private.nix;
|
||||
shared-builder = import ./shared/builder.nix;
|
||||
shared-work = import ./shared/work.nix { inherit secret; };
|
||||
|
||||
ssh-keys = import ../../../system/shared/ssh-keys.nix;
|
||||
|
@ -29,7 +28,7 @@ in
|
|||
# VerifyHostKeyDNS yes
|
||||
'';
|
||||
|
||||
matchBlocks = shared-private.matchBlocks // shared-builder.matchBlocks // shared-work.matchBlocks;
|
||||
matchBlocks = shared-private.matchBlocks // shared-work.matchBlocks;
|
||||
|
||||
includes = [
|
||||
"~/.ssh/config_work"
|
||||
|
|
|
@ -1,43 +0,0 @@
|
|||
{
|
||||
matchBlocks = {
|
||||
"builder-tanker" = {
|
||||
hostname = "tanker.ts.kempkens.network";
|
||||
port = 22;
|
||||
user = "root";
|
||||
identityFile = "~/.ssh/Hetzner.pub";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
|
||||
"builder-mediaserver" = {
|
||||
hostname = "mediaserver.ts.kempkens.network";
|
||||
port = 22;
|
||||
user = "root";
|
||||
identityFile = "~/.ssh/LAN.pub";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
|
||||
"builder-argon" = {
|
||||
hostname = "argon.ts.kempkens.network";
|
||||
port = 22;
|
||||
user = "root";
|
||||
identityFile = "~/.ssh/LAN.pub";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
|
||||
"builder-adsb-antenna" = {
|
||||
hostname = "adsb-antenna.laniot";
|
||||
port = 22;
|
||||
user = "root";
|
||||
identityFile = "~/.ssh/LAN.pub";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
|
||||
"builder-weather-sdr" = {
|
||||
hostname = "weather-sdr.laniot";
|
||||
port = 22;
|
||||
user = "root";
|
||||
identityFile = "~/.ssh/LAN.pub";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -51,7 +51,6 @@ rec {
|
|||
targetHost = "adsb-antenna";
|
||||
targetPort = 22;
|
||||
targetUser = "root";
|
||||
buildOnTarget = true;
|
||||
};
|
||||
|
||||
nixpkgs.system = default-system;
|
||||
|
|
|
@ -51,7 +51,6 @@ rec {
|
|||
targetHost = "weather-sdr";
|
||||
targetPort = 22;
|
||||
targetUser = "root";
|
||||
buildOnTarget = true;
|
||||
};
|
||||
|
||||
nixpkgs.system = default-system;
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
let
|
||||
homeDir = "/Users/daniel";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../agenix/hosts/Styx/config.nix
|
||||
|
@ -40,33 +43,21 @@
|
|||
|
||||
buildMachines = [
|
||||
{
|
||||
hostName = "builder-tanker";
|
||||
hostName = "mediaserver.ts.kempkens.network";
|
||||
protocol = "ssh-ng";
|
||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||
maxJobs = 4;
|
||||
}
|
||||
|
||||
{
|
||||
hostName = "builder-mediaserver";
|
||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||
maxJobs = 1;
|
||||
}
|
||||
|
||||
{
|
||||
hostName = "builder-argon";
|
||||
systems = [ "aarch64-linux" ];
|
||||
sshUser = "nix-remote-builder";
|
||||
sshKey = "${homeDir}/.ssh/id_nix_remote_builder";
|
||||
maxJobs = 2;
|
||||
}
|
||||
|
||||
{
|
||||
hostName = "builder-adsb-antenna";
|
||||
hostName = "argon.ts.kempkens.network";
|
||||
protocol = "ssh-ng";
|
||||
systems = [ "aarch64-linux" ];
|
||||
maxJobs = 1;
|
||||
}
|
||||
|
||||
{
|
||||
hostName = "builder-weather-sdr";
|
||||
systems = [ "aarch64-linux" ];
|
||||
maxJobs = 1;
|
||||
sshUser = "nix-remote-builder";
|
||||
sshKey = "${homeDir}/.ssh/id_nix_remote_builder";
|
||||
maxJobs = 2;
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -81,7 +72,7 @@
|
|||
|
||||
users = {
|
||||
users.daniel = {
|
||||
home = "/Users/daniel";
|
||||
home = homeDir;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -90,6 +81,9 @@
|
|||
};
|
||||
|
||||
services = {
|
||||
nix-daemon.enable = true;
|
||||
nix-daemon = {
|
||||
enable = true;
|
||||
logFile = "/var/log/nix-daemon.log";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -58,6 +58,11 @@ in
|
|||
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
|
||||
trusted-users = [
|
||||
"root"
|
||||
"nix-remote-builder"
|
||||
];
|
||||
};
|
||||
|
||||
gc = {
|
||||
|
@ -176,7 +181,12 @@ in
|
|||
};
|
||||
|
||||
services.hardware.argonone.enable = true;
|
||||
programs.fish.enable = true;
|
||||
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
zsh.enable = true;
|
||||
htop.enable = true;
|
||||
};
|
||||
|
||||
users.users = {
|
||||
root = {
|
||||
|
@ -192,5 +202,13 @@ in
|
|||
shell = pkgs.fish;
|
||||
openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
|
||||
};
|
||||
|
||||
nix-remote-builder = {
|
||||
isNormalUser = true;
|
||||
home = "/home/nix-remote-builder";
|
||||
description = "Nix Remote Builder";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [ ssh-keys.NixRemoteBuilder ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -71,6 +71,11 @@ in
|
|||
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
|
||||
trusted-users = [
|
||||
"root"
|
||||
"nix-remote-builder"
|
||||
];
|
||||
};
|
||||
|
||||
gc = {
|
||||
|
@ -144,8 +149,11 @@ in
|
|||
fonts.fontconfig.enable = false;
|
||||
sound.enable = false;
|
||||
|
||||
programs.fish.enable = true;
|
||||
programs.htop.enable = true;
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
zsh.enable = true;
|
||||
htop.enable = true;
|
||||
};
|
||||
|
||||
users.users = {
|
||||
root = {
|
||||
|
@ -161,5 +169,13 @@ in
|
|||
shell = pkgs.fish;
|
||||
openssh.authorizedKeys.keys = [ ssh-keys.LAN ssh-keys.ShellFish ];
|
||||
};
|
||||
|
||||
nix-remote-builder = {
|
||||
isNormalUser = true;
|
||||
home = "/home/nix-remote-builder";
|
||||
description = "Nix Remote Builder";
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [ ssh-keys.NixRemoteBuilder ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,4 +10,6 @@
|
|||
ShellFish = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGU56Ebq41/DAKmfSHRO3xv2XBFFq+rMWH1L70L1qgcX";
|
||||
|
||||
BackupTanker = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCncIcbsNkfRODGjADNIJVI7PMrLRGD/fYfsjyelqv9XI1eVzZdVt5rXJeEDf2B0kzciGE+tcvrQ4iwpavucsIgTp68lFETb2QaiWTvGNNdi9Ejgeoe7LhuVGP3XcvJTODLGU5qviIXljfBZVuDZdK2jfA68RBlYUipXWD/rjhnQLOcr5gUQJ6OtPgSDukjyyrDIzmyXZpw4g80v+KweTXf5e2kL5wea4AhSVWBewVLPAVYsOoxh3lisVee/RX/rlMpyNxrEMJOtUQgke1xekFq6wPyPDKLn4HdotqJWlUa1/oCyDQGHVqECL1wWHDEXoJFyKGWsJ8QoctvwFePkwCpDcQaLqd38d8STZOTC2Sa2CBOMFlZUgAS6l+lPFv4wTAmML/yGyqJPug6oEaCFD+m0kcBcLTIT0r6Bc5B9iB34Vw5TrcLVjfTlKity0ioPtNcHTo1gsqCES/gA86Ci2dVanrWTjyT/36UmdzTd02nNgmzTWqZZf7Mc0OPmAMHTrE=";
|
||||
|
||||
NixRemoteBuilder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIz/JmDKOeO4odKnQWkqPneSp4e55yrHpEiBBX5sfz8";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue