From 0000e6383e936e3844ad6ab24296b0f31d64d0ef Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Sat, 17 Aug 2024 17:02:41 +0200 Subject: [PATCH] Set up framework for build-farm --- modules/services/nix-build-farm/hosts.nix | 13 +++++++++++++ nki-framework/configuration.nix | 4 +++- nki-framework/secrets.yaml | 6 ++++-- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/modules/services/nix-build-farm/hosts.nix b/modules/services/nix-build-farm/hosts.nix index 063b346..5b14d4b 100644 --- a/modules/services/nix-build-farm/hosts.nix +++ b/modules/services/nix-build-farm/hosts.nix @@ -16,4 +16,17 @@ host = "yoga.tinc"; pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6ZrO/xIdmwBCUx80cscBSpJBBTp55OHGrXYBGRXKAw nki@nki-yoga-g8"; }; + + framework = { + host = "framework.tinc"; + pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/g472MaT7YySUhBjxClfmMjpn98qYnKXDKlzWHYwuO nki@nki-framework"; + + builder = { + publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUdOUlBCVFRkNTVVMXY1U1Jac0FjYVdhS3JGZTY0ZjIxOVViODVTQ2NWd28gcm9vdEBua2ktZnJhbWV3b3JrCg=="; + systems = [ "x86_64-linux" "aarch64-linux" ]; + maxJobs = 16; + speedFactor = 3; + supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + }; + }; } diff --git a/nki-framework/configuration.nix b/nki-framework/configuration.nix index 4a8732d..4f6e5c3 100644 --- a/nki-framework/configuration.nix +++ b/nki-framework/configuration.nix @@ -21,7 +21,9 @@ common.linux.sops.enable = true; common.linux.sops.file = ./secrets.yaml; - services.nix-build-farm.enable = false; + sops.secrets."nix-build-farm/private-key" = { mode = "0400"; }; + services.nix-build-farm.hostname = "framework"; + services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path; # services.xserver.enable = true; # services.xserver.displayManager.sddm.enable = true; diff --git a/nki-framework/secrets.yaml b/nki-framework/secrets.yaml index f14c729..942e29b 100644 --- a/nki-framework/secrets.yaml +++ b/nki-framework/secrets.yaml @@ -1,4 +1,6 @@ tinc-private-key: ENC[AES256_GCM,data:cKtOFrF5FRSHWxe/QxH5O9GAba1WcWeCwW1IOzmbgdtFufRoWbCtYeaLP+WQhQ70z6xobiY9DN8Jrh7mDptKSsfKrrx2SH5JrdpsoINhLMbetXq7E29+q6CkS8NlLgE/KyV8eFjQySNsYiA/+Efq9xj9e1wOmHBDsND/jgiJDkA1qsEIFZg/vuv8LdoRY3TV/oKJ4pao9+70G4H+8Ef1sMZHGNe9qJ94Wa71nNX2fTSjKH5YBbRijMAePWr/IeCpZ9Phs7RqjBs=,iv:l0iB136X7nLVblQjFi7K4f42JKSxdsiLIRy5GPzK1nc=,tag:HAgkvWkl0Rx62ejGZckdKA==,type:str] +nix-build-farm: + private-key: ENC[AES256_GCM,data:w56sobHrhvVcKbuK15Yj20EqgFrR/5pNy/rcQjlZCiFEfgPC6ZrbsxziIdMTOX+Q4DyllKCKo+g/MIKm5S+s+nIff509ODlILhTtXlZvZlnT9+wvm5oN3WQCdkkqOr1gNnErPupfMxA6V35tNvNBCeomYuM8Xb7TuH4I1fXa5GFeT0Tnp5A2WqWoS1MzXz34CxlKXvoL6i4w7nUngt5zaGr9oMZbSa0pHxEzIhXk6h/lE864QlJid7q/mDok9gh2R80WvArGtNNj9PrT6cNKYIFuXo7vITkSkT3vo9BLflg5sgRxy4+7rBaRla0ziihQvZLtworwo6aNDvEqPqYfiX0TMYPpEWvJpp/HGDJy+Po7b0ZZkwSza+tB0J79vFH2h11Px1XSwXdq757Bn9G4OTb5oKWS5ycBU4xTnnHQBjYTSooFxYyTAvfKNEsB8AHKSuQRZgtVhWoOSPpJ6YL94ClUIT+DTaNmQjwouqNatf/nif+N/FCar8JWZDE+FX1TBu0yLmJie/f0LCdCQx+6IVdyXg7oVCoNiGg0,iv:TeSxlVc0WlOMMUtv/uq3f7JvW/kNCM7LjguhZxL51a4=,tag:m1iuk4pAX/yugM0ObzkJHQ==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +25,8 @@ sops: TDZnVjBaVzZBem5lZDB1MW4xQ0RmZ28K6d7mF+f3ZyilXlSIQGT2pBrTWuYLccE1 rYIJjHjFft/2wPX2gAW9VTiwfMT3lKJhJRqNdoie5phV5BZhkb3D9w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-15T16:27:40Z" - mac: ENC[AES256_GCM,data:T1dTmWEY1c5QFzROnzFc1/dnfXN96B/OisPObZiwXQLHeh29AWjfqpd6eoYdAZW1Iipih7Nn1VUMxkf5xDuWziDrJhun2PaU3UOg/U6VrRIScnySV/VTQGyaJLJZuJmvgvyAV+G8KqxC4Biv7k0PBSZn6uvTg36D4f+IfItReE8=,iv:dgiDux8AxbWFtTd2jzd+XJ0eBMALcI8moDUDlgdnBiE=,tag:cYzL71xT8DBMn9j4pPUBpA==,type:str] + lastmodified: "2024-08-17T14:58:10Z" + mac: ENC[AES256_GCM,data:ZCrzXDttLxYUvdLiqM5I17Ys6O3zoOVKq8xP78VaLb3AAoV4RGGQxixKVQ6K9h84e8bFymh512BR7xKa9fqebxTyL1XCqPkRaSZy0aWjbc6QCaK+JD4yqivgO/x5x2xgMpX/ZhPFzKNLpMga61bnm6plvF8ocG+wOqYvj3vL0Ss=,iv:QZ8YJD7h2QD2jqVKo4bg0rwpZSTyyNw6zZDcBfClKPo=,tag:PH2XnTqxV2irymg2+Z+Egg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0