hosts: *: intial try remoteBuilder
This commit is contained in:
parent
1402e6a7be
commit
a4debe09ee
SSH Key Fingerprint:
SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
@ -22,6 +22,7 @@ let
|
||||
};
|
||||
|
||||
lib = nixpkgs.lib;
|
||||
users.defaultShell = "pkgs.zsh";
|
||||
|
||||
in
|
||||
{
|
||||
@ -33,6 +34,7 @@ in
|
||||
nur.nixosModules.nur
|
||||
./desktop
|
||||
./configuration_desktop.nix
|
||||
../modules/hardware/remoteBuilder.nix
|
||||
nixos-hardware.nixosModules.common-cpu-amd
|
||||
nixos-hardware.nixosModules.common-gpu-amd
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
@ -60,6 +62,7 @@ in
|
||||
nur.nixosModules.nur
|
||||
./laptop
|
||||
./configuration_desktop.nix
|
||||
../modules/hardware/remoteClient.nix
|
||||
nixos-hardware.nixosModules.common-cpu-intel
|
||||
nixos-hardware.nixosModules.common-gpu-intel
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
@ -86,6 +89,7 @@ in
|
||||
nur.nixosModules.nur
|
||||
./steamdeck
|
||||
./configuration_desktop.nix
|
||||
../modules/hardware/remoteClient.nix
|
||||
nixos-hardware.nixosModules.common-cpu-amd
|
||||
nixos-hardware.nixosModules.common-gpu-amd
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
@ -139,6 +143,7 @@ in
|
||||
nur.nixosModules.nur
|
||||
./nas
|
||||
./configuration_desktop.nix
|
||||
../modules/hardware/remoteClient.nix
|
||||
nixos-hardware.nixosModules.common-cpu-intel
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
|
||||
@ -165,6 +170,7 @@ in
|
||||
nur.nixosModules.nur
|
||||
./jupiter
|
||||
./configuration_desktop.nix
|
||||
../modules/hardware/remoteClient.nix
|
||||
nixos-hardware.nixosModules.common-cpu-intel
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
|
||||
|
||||
14
modules/hardware/remoteBuilder.nix
Normal file
14
modules/hardware/remoteBuilder.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.nixremote = { # System User
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "kvm" ];
|
||||
shell = pkgs.zsh; # Default shell
|
||||
uid = 1001;
|
||||
# initialPassword = "password95";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
|
||||
];
|
||||
};
|
||||
}
|
||||
24
modules/hardware/remoteClient.nix
Normal file
24
modules/hardware/remoteClient.nix
Normal file
@ -0,0 +1,24 @@
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
distributedBuilds = true;
|
||||
buildMachines = [ {
|
||||
hostName = "hades";
|
||||
system = "x86_64-linux";
|
||||
supportedFeatures = [ "kvm" "big-parallel" ];
|
||||
sshUser = "nixremote"
|
||||
sshKey = config.age.secrets."keys/nixremote".path;
|
||||
maxJobs = 1;
|
||||
speedFactor = 8;
|
||||
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
|
||||
protocol = "ssh-ng";
|
||||
] };
|
||||
};
|
||||
|
||||
age.secrets."keys/nixremote" = {
|
||||
file = ../../../secrets/keys/nixremote.age;
|
||||
owner = "root";
|
||||
};
|
||||
}
|
||||
BIN
secrets/keys/nixremote.age
Normal file
BIN
secrets/keys/nixremote.age
Normal file
Binary file not shown.
7
secrets/nixremote
Normal file
7
secrets/nixremote
Normal file
@ -0,0 +1,7 @@
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACC3M7I+FtZBUGmpRcGmPkSeCxMzXhSg/orVweNENjufTAAAAJAgCaSVIAmk
|
||||
lQAAAAtzc2gtZWQyNTUxOQAAACC3M7I+FtZBUGmpRcGmPkSeCxMzXhSg/orVweNENjufTA
|
||||
AAAEAJPJDPptl9Ljj80G3MNyiAfMBKn6MOfBOT+vF0aBenTLczsj4W1kFQaalFwaY+RJ4L
|
||||
EzNeFKD+itXB40Q2O59MAAAADWthYmJvbmVAaGFkZXM=
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
1
secrets/nixremote.pub
Normal file
1
secrets/nixremote.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M kabbone@hades
|
||||
@ -20,15 +20,24 @@ let
|
||||
|
||||
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
|
||||
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
|
||||
nbf5 = "";
|
||||
nas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfKbeexWFg8nFEQvZCcFycrwil24c4HJxZazDQpnVNs";
|
||||
jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWXo8ljwE4o+nL4A3es3zw4rPhvGRf7MIR336mJaO3C";
|
||||
steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8tMIza5FOB3DQhiYaS3QG67n4J0e4okCrvoxPxneA";
|
||||
systems = [
|
||||
hades
|
||||
nbf5
|
||||
dmz
|
||||
hades
|
||||
nas
|
||||
jupiter
|
||||
steamdeck
|
||||
];
|
||||
servers = [
|
||||
dmz
|
||||
];
|
||||
buildClients = [
|
||||
nas
|
||||
jupiter
|
||||
steamdeck
|
||||
];
|
||||
in
|
||||
{
|
||||
"services/postgresql/initScript.age".publicKeys = servers ++ users;
|
||||
@ -45,4 +54,5 @@ in
|
||||
"services/gitea/databasePassword.age".publicKeys = servers ++ users;
|
||||
"services/gitea/mailerPassword.age".publicKeys = servers ++ users;
|
||||
"services/woodpecker/environment.age".publicKeys = servers ++ users;
|
||||
"keys/nixremote.age".publicKeys = buildClients ++ users;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user