feat(steveej-x13s,sj-bm-hostkey0): configure buildmachine
This commit is contained in:
parent
5f1eded00a
commit
a58b498d3e
3 changed files with 34 additions and 10 deletions
|
|
@ -18,9 +18,18 @@ in {
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
nodeFlake.inputs.disko.nixosModules.disko
|
nodeFlake.inputs.disko.nixosModules.disko
|
||||||
nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder
|
|
||||||
repoFlake.inputs.sops-nix.nixosModules.sops
|
repoFlake.inputs.sops-nix.nixosModules.sops
|
||||||
|
|
||||||
|
nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder
|
||||||
|
{
|
||||||
|
roles.nix-remote-builder.schedulerPublicKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s"
|
||||||
|
|
||||||
|
# TODO: make this a reference to the private key's secret
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
../../profiles/common/user.nix
|
../../profiles/common/user.nix
|
||||||
../../snippets/nix-settings.nix
|
../../snippets/nix-settings.nix
|
||||||
../../snippets/nix-settings-holo-chain.nix
|
../../snippets/nix-settings-holo-chain.nix
|
||||||
|
|
@ -66,11 +75,6 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
roles.nix-remote-builder.schedulerPublicKeys = [
|
|
||||||
# TODO: make this a reference to the private key's secret
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.settings.PermitRootLogin = "yes";
|
services.openssh.settings.PermitRootLogin = "yes";
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -81,6 +81,26 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
enableNonRoot = true;
|
enableNonRoot = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets.builder-private-key = {};
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
nix.buildMachines = [
|
||||||
|
{
|
||||||
|
hostName = "sj-bm-hostkey0.dev.infra.holochain.org";
|
||||||
|
sshUser = "nix-remote-builder";
|
||||||
|
sshKey = config.sops.secrets.builder-private-key.path;
|
||||||
|
protocol = "ssh-ng";
|
||||||
|
systems = [
|
||||||
|
"x86_64-linux"
|
||||||
|
"aarch64-linux"
|
||||||
|
];
|
||||||
|
supportedFeatures = [
|
||||||
|
"big-parallel"
|
||||||
|
"kvm"
|
||||||
|
];
|
||||||
|
maxJobs = 32;
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: create syncthing os snippet
|
# TODO: create syncthing os snippet
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str]
|
builder-private-key: ENC[AES256_GCM,data:KG5V86SDVM5LfFPZI5rjKGvYwqLZInEqpwdIJPAiF7fMdG3rTq3JgNJCQr0eOhfmLwT3KEN2Fv0mHZS4smMGdh0WCkza8CzRn/KFY8gqEWxxdff1Wqj7+2/5lSI8I7Qp2EW+eaAgU53PPOh/M3Cgm/Rraw2ARmIJNIgtuJC8ZeZlsh3sl0tacF9rgSrP8p4xAH3C/QUs1HW+10eL9F3STtAV+ZBruU68lNmCdiyqKjg3O3qdRFsjdGWAwHNHL42cEm3il4PofyS5fDDF4otQktZa5n8832ukF5Aj6RNgJwubrsxB9+1M9s7hD1UQyKo6oQKJr1GXNK+IPyXAvdxckZ8INhsxP4c4v8GzR0zJK4MfESx0r67ciGLOcYulNBDOMSbD57oW+wRvCI2eZlpB3ugBcUm/rsQbgFVEX8q6jD8WipJ+Q3hz1zWq45s66XooFmnwc2nBhT6cRmtGzTJCcDpiovgj5tKXSXrWfwYO7tWr7lYg8T4zhfplZBtQOaqTUrAOhW7IRT5Lo/310cMRcp1h44TSnpWXZN7l,iv:DOUijPr4wHmjNIniF2IRjinXZ6iyg8Z1Nt5EgFfX5Zw=,tag:VWxHpfpyphtu6XLR1yKugg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -14,8 +14,8 @@ sops:
|
||||||
dUQ5ZE9keUtxVU5mMklGODRjSld0TnMKGWu7m6/q6PhS1R8N9YBsxDs9O76U6Bta
|
dUQ5ZE9keUtxVU5mMklGODRjSld0TnMKGWu7m6/q6PhS1R8N9YBsxDs9O76U6Bta
|
||||||
wr8Tqr/1JLWoSLbPapltKH8+hKAb84LeILezVS1SrL+mjf2KYa3WQQ==
|
wr8Tqr/1JLWoSLbPapltKH8+hKAb84LeILezVS1SrL+mjf2KYa3WQQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-01-23T09:41:31Z"
|
lastmodified: "2024-05-01T16:50:35Z"
|
||||||
mac: ENC[AES256_GCM,data:xGspZnqqcwoxM0otV3m6RJdwp4laYC+b6DSOEhzbQDeS6hslD6BddQ2g+tS7l3QTtItOjmB6pLb1JJkyhaG3PDWaDu89GNlvUyTyTUxfZWzTfiB6LWJS7eDTwb6OvzDklzCRltoH+8bWTjedWkeWIOtYbjJPo6zwUAiXgiKOj2s=,iv:MSgm5HXlb/NtvqHvVmDdwzX5ebipf7UJnmPNFUV9Nzs=,tag:XT4Evu+Sn+t/+EPb+dZ61Q==,type:str]
|
mac: ENC[AES256_GCM,data:wDnv7wZLks2EME+JqlBtagVaDZEo9ap3d6xFfnBy2/D4wrJhhYlo8vOYM8GFXEhfa0Jek+9ZlkmXYerLNWLMiUMKWIvk0cvHjxBaR2wcxt9FnynPT9W9hSX7UFhM/eTiJviksOESTI7pqNh9X7ggLSZ0c+O5mBxxEh/bcjz8vIU=,iv:vgvmyvUkZBapCpRbPU3cDgmHsc5NwHzCsMzjHvr/Xc0=,tag:FMI0YrwdCPIFe8tnLQr69w==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-04-04T18:26:01Z"
|
- created_at: "2024-04-04T18:26:01Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
@ -33,4 +33,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
|
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.8.1
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue