From a4debe09eebb169336f812582f9438d6c8b3ab59 Mon Sep 17 00:00:00 2001 From: Kabbone Date: Sat, 23 Sep 2023 21:19:53 +0200 Subject: [PATCH] hosts: *: intial try remoteBuilder --- hosts/default.nix | 6 ++++++ modules/hardware/remoteBuilder.nix | 14 ++++++++++++++ modules/hardware/remoteClient.nix | 24 ++++++++++++++++++++++++ secrets/keys/nixremote.age | Bin 0 -> 1845 bytes secrets/nixremote | 7 +++++++ secrets/nixremote.pub | 1 + secrets/secrets.nix | 16 +++++++++++++--- 7 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 modules/hardware/remoteBuilder.nix create mode 100644 modules/hardware/remoteClient.nix create mode 100644 secrets/keys/nixremote.age create mode 100644 secrets/nixremote create mode 100644 secrets/nixremote.pub diff --git a/hosts/default.nix b/hosts/default.nix index 9ad2cc3..79ba1f8 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -22,6 +22,7 @@ let }; lib = nixpkgs.lib; + users.defaultShell = "pkgs.zsh"; in { @@ -33,6 +34,7 @@ in nur.nixosModules.nur ./desktop ./configuration_desktop.nix + ../modules/hardware/remoteBuilder.nix nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd @@ -60,6 +62,7 @@ in nur.nixosModules.nur ./laptop ./configuration_desktop.nix + ../modules/hardware/remoteClient.nix nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-gpu-intel nixos-hardware.nixosModules.common-pc-ssd @@ -86,6 +89,7 @@ in nur.nixosModules.nur ./steamdeck ./configuration_desktop.nix + ../modules/hardware/remoteClient.nix nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd @@ -139,6 +143,7 @@ in nur.nixosModules.nur ./nas ./configuration_desktop.nix + ../modules/hardware/remoteClient.nix nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd @@ -165,6 +170,7 @@ in nur.nixosModules.nur ./jupiter ./configuration_desktop.nix + ../modules/hardware/remoteClient.nix nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd diff --git a/modules/hardware/remoteBuilder.nix b/modules/hardware/remoteBuilder.nix new file mode 100644 index 0000000..13f1442 --- /dev/null +++ b/modules/hardware/remoteBuilder.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + users.users.nixremote = { # System User + isNormalUser = true; + extraGroups = [ "kvm" ]; + shell = pkgs.zsh; # Default shell + uid = 1001; +# initialPassword = "password95"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades" + ]; + }; +} diff --git a/modules/hardware/remoteClient.nix b/modules/hardware/remoteClient.nix new file mode 100644 index 0000000..a45d91f --- /dev/null +++ b/modules/hardware/remoteClient.nix @@ -0,0 +1,24 @@ + +{ config, lib, pkgs, ... }: + +{ + nix = { + distributedBuilds = true; + buildMachines = [ { + hostName = "hades"; + system = "x86_64-linux"; + supportedFeatures = [ "kvm" "big-parallel" ]; + sshUser = "nixremote" + sshKey = config.age.secrets."keys/nixremote".path; + maxJobs = 1; + speedFactor = 8; + publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; + protocol = "ssh-ng"; + ] }; + }; + + age.secrets."keys/nixremote" = { + file = ../../../secrets/keys/nixremote.age; + owner = "root"; + }; +} diff --git a/secrets/keys/nixremote.age b/secrets/keys/nixremote.age new file mode 100644 index 0000000000000000000000000000000000000000..5b1de813dd4c1e82b904a58960e0059a8c781a98 GIT binary patch literal 1845 zcmZA1f6Uwj8Nl%chtZ-zL?By?Ibg42X>R>-?fsazt-ZTm@7mt=dcF4UV3TXFZ?C;; zuf6`d);~d(dR)R^(fBmCgvwOo3`RD2xGNTuPK$Q!NZfy;6M^QX;BxEk8EBTx1Rz z$rNWqw`2zsZ}LH{hY6yfr)r+oi*p%YVk;yfaCLi3Nh~9GmA9$VcG5FkPbQv5EhQhsDcT#cEJdEe3r#s#$Q=b zeln;8Y6vHd8q+tVPJ2AUIAG$aHdZa82p-i5wg-E8xl$V@eip>1MWHAdeXvP~CMp`1 zCK02ym>-jTi59Iw)vG3k3V>G2)TPiztEQubs9y7UIagDdN{$K%wKz|3l4_d-)Rjx_ z)U-&pH}oZstgB(qa3rM+C|niFNp?%)%N#$TN8-F!2#d-Pv|={OD-Ori#-xfi!ci3$ z;64{K7C0}V^J;_@i-KPO=pk2$)s8n(vM#SiEoLZp2o^#MFx;}{F*?q6Ik2o-^`6|x zRoZT!nP!SX5EH?;sOfziP>iIL7z`YST~aMOq|Nu;jNQ!pveLzDA}q;~;*vx#kI5~! z&7%G!>q}WX!;E06i9}NXlB=$u+bS|>p|O=M7J9wBZjRas1J-9GV^x&Ffa(Nxt{2m+ zBhq%D^UV?u`c4w8$P&;gKt?o}8AFVpsX5(kQ#~?)Gc~DIDJG&kb%i3LR5Biwk-H2Z ztGCNxy<;jS>Eb|!@sbwRbtWtE6-3DCB0UadR9yGlo?|Cdjxn;Z3g<~7RLmi7 zp<1S>YArUhpj_J+fPmQsM`);0041HdM8H#O8#B5b0Il}1Hd<7RRCx+Z6 z4~+w8-2UM6*CyODUMFrDf(ZvSFH174mjnVMqZw%nUW#?)>>>bQtgJ0mcOsP^1C-5U)=s}_WI37H{_0Q+x+;!uRpuvnTL*)p6a{T?SA9p z_f8#~o__ly&wS^^hwgprQ~90kd)im;8YWlvUHXc4@wuY*@#mkLd*Jk8o`3H=^QAvM zal?r-_up~fi&xOC-}?MP##^)W;HvlAr;dLXdVcR8g|!!VmVe^zhP&nAndw8<>_362z$JT9ofcoL8S1+9Dys}Kc`xk2Q+V8*lOLRSOXzh6O;@;!G zd3aE|>#<8OY&^VFSh#xrWTtcBzSQNfF8_K1xapSFhdz0uu>7$#KU+RzZ5n;~!06G* zF(`d)@yO5rdfl35-`#Zc{l7Z!hq-s&JXqMVe0OR8LiBq6?A^P5@DgzN=GRWVxbgOr zm*WY%^XkzD!N0BE6Tf`&;S1Y;+J5Btfm4_KYoA-lzMcO5kGI?^tiNRn-1On`>7^Uy z*2y2eZQGMu*B*S~kQ)4G&s&$lb9b~ld)6!*Ui!qIz3=?CxnIW9U!eCra{gb<`lhdK zUWnefGycqxr44h!s$aZ!dikjvttVa$r6+goxaXz#wR5k$zp!KR*7EYXrM7fdUyuBG U