gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

treewide reformat

Browse source
This commit is contained in:
Gerg-L 2023-09-23 21:55:56 -04:00
parent de7683556e
commit fc21bf9436
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
42 changed files with 1012 additions and 876 deletions
Download patch file Download diff file Expand all files Collapse all files

152
modules/builders.nix
View file

@ -1,50 +1,50 @@
_: {
config,
lib,
...
}: {
_:
{ config, lib, ... }:
{
options.local.remoteBuild = {
enable = lib.mkEnableOption "";
isBuilder = lib.mkEnableOption "";
};
config = lib.mkMerge [
(
lib.mkIf config.local.remoteBuild.enable {
nix = {
settings = {
keep-outputs = false;
keep-derivations = false;
builders-use-substitutes = true;
max-jobs = 0;
substituters = [
"ssh-ng://nix-ssh@gerg-desktop"
];
trusted-public-keys = [
"gerg-desktop:6p1+h6jQnb1MOt3ra3PlQpfgEEF4zRrQWiEuAqcjBj8="
];
};
distributedBuilds = true;
buildMachines = [
{
hostName = "gerg-desktop";
protocol = "ssh-ng";
maxJobs = 32;
systems = ["x86_64-linux" "i686-linux"];
supportedFeatures = ["big-parallel" "nixos-test" "kvm" "benchmark"];
sshUser = "builder";
sshKey = "/etc/ssh/ssh_host_ed25519_key";
publicHostKey = config.local.keys.gerg-desktop_fingerprint;
}
(lib.mkIf config.local.remoteBuild.enable {
nix = {
settings = {
keep-outputs = false;
keep-derivations = false;
builders-use-substitutes = true;
max-jobs = 0;
substituters = [ "ssh-ng://nix-ssh@gerg-desktop" ];
trusted-public-keys = [
"gerg-desktop:6p1+h6jQnb1MOt3ra3PlQpfgEEF4zRrQWiEuAqcjBj8="
];
};
programs.ssh.knownHosts = {
gerg-desktop = {
extraHostNames = ["gerg-desktop.lan"];
publicKey = config.local.keys.root_gerg-desktop;
};
distributedBuilds = true;
buildMachines = [ {
hostName = "gerg-desktop";
protocol = "ssh-ng";
maxJobs = 32;
systems = [
"x86_64-linux"
"i686-linux"
];
supportedFeatures = [
"big-parallel"
"nixos-test"
"kvm"
"benchmark"
];
sshUser = "builder";
sshKey = "/etc/ssh/ssh_host_ed25519_key";
publicHostKey = config.local.keys.gerg-desktop_fingerprint;
} ];
};
programs.ssh.knownHosts = {
gerg-desktop = {
extraHostNames = [ "gerg-desktop.lan" ];
publicKey = config.local.keys.root_gerg-desktop;
};
}
)
};
})
(
let
@ -53,44 +53,48 @@ _: {
config.local.keys.root_game-laptop
];
in
lib.mkIf config.local.remoteBuild.isBuilder
{
sops.secrets.store_key = {};
users = {
groups.builder = {};
users.builder = {
createHome = false;
isSystemUser = true;
openssh.authorizedKeys = {inherit keys;};
useDefaultShell = true;
group = "builder";
};
};
services.openssh.extraConfig = ''
Match User builder
AllowAgentForwarding no
AllowTcpForwarding no
PermitTTY no
PermitTunnel no
X11Forwarding no
Match All
'';
nix = {
settings = {
trusted-users = ["builder" "nix-ssh"];
keep-outputs = true;
keep-derivations = true;
secret-key-files = config.sops.secrets.store_key.path;
};
sshServe = {
enable = true;
write = true;
lib.mkIf config.local.remoteBuild.isBuilder {
sops.secrets.store_key = { };
users = {
groups.builder = { };
users.builder = {
createHome = false;
isSystemUser = true;
openssh.authorizedKeys = {
inherit keys;
protocol = "ssh-ng";
};
useDefaultShell = true;
group = "builder";
};
}
};
services.openssh.extraConfig = ''
Match User builder
AllowAgentForwarding no
AllowTcpForwarding no
PermitTTY no
PermitTunnel no
X11Forwarding no
Match All
'';
nix = {
settings = {
trusted-users = [
"builder"
"nix-ssh"
];
keep-outputs = true;
keep-derivations = true;
secret-key-files = config.sops.secrets.store_key.path;
};
sshServe = {
enable = true;
write = true;
inherit keys;
protocol = "ssh-ng";
};
};
}
)
];
_file = ./builders.nix;