daniel/dotfiles
1
0
Fork 0
Code Activity Actions

systems: fix remote build

Browse source
This commit is contained in:
Daniel Kempkens 2023-10-25 23:31:32 +02:00
parent 7d8eaaae76
commit e32a2fa43f
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
8 changed files with 57 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
home/programs/ssh/Styx.nix
View file

@ -8,7 +8,6 @@ let
signers-directory = "${ssh-directory}/allowed_signers"; signers-directory = "${ssh-directory}/allowed_signers";
shared-private = import ./shared/private.nix; shared-private = import ./shared/private.nix;
shared-builder = import ./shared/builder.nix;
shared-work = import ./shared/work.nix { inherit secret; }; shared-work = import ./shared/work.nix { inherit secret; };
ssh-keys = import ../../../system/shared/ssh-keys.nix; ssh-keys = import ../../../system/shared/ssh-keys.nix;
@ -29,7 +28,7 @@ in
# VerifyHostKeyDNS yes # VerifyHostKeyDNS yes
''; '';
matchBlocks = shared-private.matchBlocks // shared-builder.matchBlocks // shared-work.matchBlocks; matchBlocks = shared-private.matchBlocks // shared-work.matchBlocks;
includes = [ includes = [
"~/.ssh/config_work" "~/.ssh/config_work"

43
home/programs/ssh/shared/builder.nix
View file

@ -1,43 +0,0 @@
{
matchBlocks = {
"builder-tanker" = {
hostname = "tanker.ts.kempkens.network";
port = 22;
user = "root";
identityFile = "~/.ssh/Hetzner.pub";
identitiesOnly = true;
};
"builder-mediaserver" = {
hostname = "mediaserver.ts.kempkens.network";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"builder-argon" = {
hostname = "argon.ts.kempkens.network";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"builder-adsb-antenna" = {
hostname = "adsb-antenna.laniot";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"builder-weather-sdr" = {
hostname = "weather-sdr.laniot";
port = 22;
user = "root";
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
};
}

1
system/flakes/adsb-antenna.nix
View file

@ -51,7 +51,6 @@ rec {
targetHost = "adsb-antenna"; targetHost = "adsb-antenna";
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
buildOnTarget = true;
}; };
nixpkgs.system = default-system; nixpkgs.system = default-system;

1
system/flakes/weather-sdr.nix
View file

@ -51,7 +51,6 @@ rec {
targetHost = "weather-sdr"; targetHost = "weather-sdr";
targetPort = 22; targetPort = 22;
targetUser = "root"; targetUser = "root";
buildOnTarget = true;
}; };
nixpkgs.system = default-system; nixpkgs.system = default-system;

40
system/hosts/Styx.nix
View file

@ -1,3 +1,6 @@
let
homeDir = "/Users/daniel";
in
{ {
imports = [ imports = [
../../agenix/hosts/Styx/config.nix ../../agenix/hosts/Styx/config.nix
@ -40,33 +43,21 @@
buildMachines = [ buildMachines = [
{ {
hostName = "builder-tanker"; hostName = "mediaserver.ts.kempkens.network";
protocol = "ssh-ng";
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 4; sshUser = "nix-remote-builder";
} sshKey = "${homeDir}/.ssh/id_nix_remote_builder";
{
hostName = "builder-mediaserver";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 1;
}
{
hostName = "builder-argon";
systems = [ "aarch64-linux" ];
maxJobs = 2; maxJobs = 2;
} }
{ {
hostName = "builder-adsb-antenna"; hostName = "argon.ts.kempkens.network";
protocol = "ssh-ng";
systems = [ "aarch64-linux" ]; systems = [ "aarch64-linux" ];
maxJobs = 1; sshUser = "nix-remote-builder";
} sshKey = "${homeDir}/.ssh/id_nix_remote_builder";
maxJobs = 2;
{
hostName = "builder-weather-sdr";
systems = [ "aarch64-linux" ];
maxJobs = 1;
} }
]; ];
@ -81,7 +72,7 @@
users = { users = {
users.daniel = { users.daniel = {
home = "/Users/daniel"; home = homeDir;
}; };
}; };
@ -90,6 +81,9 @@
}; };
services = { services = {
nix-daemon.enable = true; nix-daemon = {
enable = true;
logFile = "/var/log/nix-daemon.log";
};
}; };
} }

20
system/hosts/argon.nix
View file

@ -58,6 +58,11 @@ in
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II=" "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]; ];
trusted-users = [
"root"
"nix-remote-builder"
];
}; };
gc = { gc = {
@ -176,7 +181,12 @@ in
}; };
services.hardware.argonone.enable = true; services.hardware.argonone.enable = true;
programs.fish.enable = true;
programs = {
fish.enable = true;
zsh.enable = true;
htop.enable = true;
};
users.users = { users.users = {
root = { root = {
@ -192,5 +202,13 @@ in
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [ ssh-keys.LAN ]; openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
}; };
nix-remote-builder = {
isNormalUser = true;
home = "/home/nix-remote-builder";
description = "Nix Remote Builder";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ ssh-keys.NixRemoteBuilder ];
};
}; };
} }

20
system/hosts/mediaserver.nix
View file

@ -71,6 +71,11 @@ in
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II=" "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]; ];
trusted-users = [
"root"
"nix-remote-builder"
];
}; };
gc = { gc = {
@ -144,8 +149,11 @@ in
fonts.fontconfig.enable = false; fonts.fontconfig.enable = false;
sound.enable = false; sound.enable = false;
programs.fish.enable = true; programs = {
programs.htop.enable = true; fish.enable = true;
zsh.enable = true;
htop.enable = true;
};
users.users = { users.users = {
root = { root = {
@ -161,5 +169,13 @@ in
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [ ssh-keys.LAN ssh-keys.ShellFish ]; openssh.authorizedKeys.keys = [ ssh-keys.LAN ssh-keys.ShellFish ];
}; };
nix-remote-builder = {
isNormalUser = true;
home = "/home/nix-remote-builder";
description = "Nix Remote Builder";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ ssh-keys.NixRemoteBuilder ];
};
}; };
} }

2
system/shared/ssh-keys.nix
View file

@ -10,4 +10,6 @@
ShellFish = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGU56Ebq41/DAKmfSHRO3xv2XBFFq+rMWH1L70L1qgcX"; ShellFish = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGU56Ebq41/DAKmfSHRO3xv2XBFFq+rMWH1L70L1qgcX";
BackupTanker = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCncIcbsNkfRODGjADNIJVI7PMrLRGD/fYfsjyelqv9XI1eVzZdVt5rXJeEDf2B0kzciGE+tcvrQ4iwpavucsIgTp68lFETb2QaiWTvGNNdi9Ejgeoe7LhuVGP3XcvJTODLGU5qviIXljfBZVuDZdK2jfA68RBlYUipXWD/rjhnQLOcr5gUQJ6OtPgSDukjyyrDIzmyXZpw4g80v+KweTXf5e2kL5wea4AhSVWBewVLPAVYsOoxh3lisVee/RX/rlMpyNxrEMJOtUQgke1xekFq6wPyPDKLn4HdotqJWlUa1/oCyDQGHVqECL1wWHDEXoJFyKGWsJ8QoctvwFePkwCpDcQaLqd38d8STZOTC2Sa2CBOMFlZUgAS6l+lPFv4wTAmML/yGyqJPug6oEaCFD+m0kcBcLTIT0r6Bc5B9iB34Vw5TrcLVjfTlKity0ioPtNcHTo1gsqCES/gA86Ci2dVanrWTjyT/36UmdzTd02nNgmzTWqZZf7Mc0OPmAMHTrE="; BackupTanker = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCncIcbsNkfRODGjADNIJVI7PMrLRGD/fYfsjyelqv9XI1eVzZdVt5rXJeEDf2B0kzciGE+tcvrQ4iwpavucsIgTp68lFETb2QaiWTvGNNdi9Ejgeoe7LhuVGP3XcvJTODLGU5qviIXljfBZVuDZdK2jfA68RBlYUipXWD/rjhnQLOcr5gUQJ6OtPgSDukjyyrDIzmyXZpw4g80v+KweTXf5e2kL5wea4AhSVWBewVLPAVYsOoxh3lisVee/RX/rlMpyNxrEMJOtUQgke1xekFq6wPyPDKLn4HdotqJWlUa1/oCyDQGHVqECL1wWHDEXoJFyKGWsJ8QoctvwFePkwCpDcQaLqd38d8STZOTC2Sa2CBOMFlZUgAS6l+lPFv4wTAmML/yGyqJPug6oEaCFD+m0kcBcLTIT0r6Bc5B9iB34Vw5TrcLVjfTlKity0ioPtNcHTo1gsqCES/gA86Ci2dVanrWTjyT/36UmdzTd02nNgmzTWqZZf7Mc0OPmAMHTrE=";
NixRemoteBuilder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIz/JmDKOeO4odKnQWkqPneSp4e55yrHpEiBBX5sfz8";
} }