From a4debe09eebb169336f812582f9438d6c8b3ab59 Mon Sep 17 00:00:00 2001 From: Kabbone Date: Sat, 23 Sep 2023 21:19:53 +0200 Subject: [PATCH] hosts: *: intial try remoteBuilder --- hosts/default.nix | 6 ++++++ modules/hardware/remoteBuilder.nix | 14 ++++++++++++++ modules/hardware/remoteClient.nix | 24 ++++++++++++++++++++++++ secrets/keys/nixremote.age | Bin 0 -> 1845 bytes secrets/nixremote | 7 +++++++ secrets/nixremote.pub | 1 + secrets/secrets.nix | 16 +++++++++++++--- 7 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 modules/hardware/remoteBuilder.nix create mode 100644 modules/hardware/remoteClient.nix create mode 100644 secrets/keys/nixremote.age create mode 100644 secrets/nixremote create mode 100644 secrets/nixremote.pub diff --git a/hosts/default.nix b/hosts/default.nix index 9ad2cc3..79ba1f8 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -22,6 +22,7 @@ let }; lib = nixpkgs.lib; + users.defaultShell = "pkgs.zsh"; in { @@ -33,6 +34,7 @@ in nur.nixosModules.nur ./desktop ./configuration_desktop.nix + ../modules/hardware/remoteBuilder.nix nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd @@ -60,6 +62,7 @@ in nur.nixosModules.nur ./laptop ./configuration_desktop.nix + ../modules/hardware/remoteClient.nix nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-gpu-intel nixos-hardware.nixosModules.common-pc-ssd @@ -86,6 +89,7 @@ in nur.nixosModules.nur ./steamdeck ./configuration_desktop.nix + ../modules/hardware/remoteClient.nix nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd @@ -139,6 +143,7 @@ in nur.nixosModules.nur ./nas ./configuration_desktop.nix + ../modules/hardware/remoteClient.nix nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd @@ -165,6 +170,7 @@ in nur.nixosModules.nur ./jupiter ./configuration_desktop.nix + ../modules/hardware/remoteClient.nix nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd diff --git a/modules/hardware/remoteBuilder.nix b/modules/hardware/remoteBuilder.nix new file mode 100644 index 0000000..13f1442 --- /dev/null +++ b/modules/hardware/remoteBuilder.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + users.users.nixremote = { # System User + isNormalUser = true; + extraGroups = [ "kvm" ]; + shell = pkgs.zsh; # Default shell + uid = 1001; +# initialPassword = "password95"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades" + ]; + }; +} diff --git a/modules/hardware/remoteClient.nix b/modules/hardware/remoteClient.nix new file mode 100644 index 0000000..a45d91f --- /dev/null +++ b/modules/hardware/remoteClient.nix @@ -0,0 +1,24 @@ + +{ config, lib, pkgs, ... }: + +{ + nix = { + distributedBuilds = true; + buildMachines = [ { + hostName = "hades"; + system = "x86_64-linux"; + supportedFeatures = [ "kvm" "big-parallel" ]; + sshUser = "nixremote" + sshKey = config.age.secrets."keys/nixremote".path; + maxJobs = 1; + speedFactor = 8; + publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; + protocol = "ssh-ng"; + ] }; + }; + + age.secrets."keys/nixremote" = { + file = ../../../secrets/keys/nixremote.age; + owner = "root"; + }; +} diff --git a/secrets/keys/nixremote.age b/secrets/keys/nixremote.age new file mode 100644 index 0000000000000000000000000000000000000000..5b1de813dd4c1e82b904a58960e0059a8c781a98 GIT binary patch literal 1845 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlGV%9!3RI}b%Ly(l z*A6l;E)GjI4)#n=&oK#23H0^|E-%UT@boYa3N*HK^Di(mFyShzbg4@63QV@l$c}RH zt0;2|F-r9fE~(5aHZRZ0@D9rgsc?*R$t%q-&PTT`$|NWxC|$v;I5n!$+_)sn$KA;= z$k#6~$1TjqJ3PYMT|X<>$ve%_**qxEJhj3&+?C7I!zrvJ$2&YC$tcCCG||MvD?883 zz|t$UFf%eGDaFY!GQhObUq3O#%>doDTQCkW>q8|ME)rO4D5ZuyAcRcca`q z$BLvpzr-?^jB@YP3a8Xe*J3VhZLf3-KQp&nU!Rg<_q+(R%qnenFAM!peQkfs zWMjvSFh|3nyu>{B%21eXMa78;rG`ERm99of zCP7}ImYJmirWIzUh2AA06^<79Dek4oWd>FLUfzkBVG*G@*(SbR`31>&CZ4WFhNk6y zjy_Qa#TMc2UKv#-X4iI2 zT-v$8S?OVAB}SfE1xaN_>0ZSF;pSdR-tOjZWsb?tX^y^O$$43h`jO!-g+*DpPCii? zC1J%*e#vD~nFV1;XUO7(5 zM*d~lo~A(tiN2NIx!P%AMrq0ACeF@5C6-(s8NTk7$q~ibNoIus$>qV`8Q~F*KKe$M z1_r^oX(k?(W|6+yuIagcQQ;Bh?xBT=-bKdFrKOdQr8&;2>4~OXNtsm#%q#(9AjCE-btCV7r!F5%@#g-(v8X(r*pg`qx1CHZD0VP<*8-q{9jfrjNp zT>9ajg+b|g$%ZMxMwPi{&X!S87U@~pp;g}6eicsMx$a3RDQ*#^dFD}-9zF#j9(kqd z0f8<7+9d^5r4dz`VO$ZG`kCb^6`2_(0Ts#S>4l+gQBG9`#$I8;?#@*q;YEc(&W1_u z#>H;N;gQ|}rRJWdIVOIgu4R4^SxH$=g{EA_-o;hHZjlA~$wifxA^HW8hEcxS-pQuv zC85Oyc~wQe-kD|w$p#iqL1jr<83DOQsm9L9slh(wx%%dznJL;_SrHjUnFU74sd;`* zeu;$^PF0!dX{iR@Za)6`A!eQ-PQH$rkzOT9rXjfnmHLH&0s7gFNxtDeK5pri$wlt2 zTm{aCh5DuGh8d|renuhTiH22)PX314|$aZWMEQSQBn|`lI~?vSZoqz5|CaI66lwdSWv1R zmE+3g9++ZSmFeMA>>Ckil9+0l>SmJXURtj0mX&Aek!)@dSz($Q;O6aImFS zzn6DrPKj%gahPYMacQ1wrhZURQdy*FN{(SpxlxFhfq_L>q_zjR>?zbuFG@`;PF0BU zR!|Q0uPSya(^ZJ_SFA4e;3~H8amh+e$~Dakk18t9EXoVkPtI{Rb#pay&5Vl5D5&rV zt8~fh;T|Rt1^iQ&-E=x4hSg7%J9g_@h}MSuguQM z&NXuiHuUv3_i^_uG0Sn}5?6TNZ2wK_?e%vXPsFYCVYOSUX}&4eZsXkP2b&JeTIRAV zv5=|n&7(C(HWVHI#BpHNPUe`8A{Nb|(V_1(GOFHAe%_V(=&*At@5#fe-N%;%1pK+> zUH@=1_s-L8N(pD*8aXVto$FmJd43ARztAI_)bvkIdJrV_sM&Q-VV^;yYsTrKS*#OZ z%~ZKD`N!&CB{C|P9rmiO-JlZN?Y4#C$?ek-cRzUie&KfF$IW@?jMTXnN#)p`n6&BA z{1g|B#m`UaEje%5`u^5#tpcij$qu^@HPA}&F;oa5)YRaL?{#bdWS zNXh0w)ZwgU#om}