hosts: *: intial try remoteBuilder
This commit is contained in:
parent
1402e6a7be
commit
a4debe09ee
SSH Key Fingerprint:
SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
@ -22,6 +22,7 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
lib = nixpkgs.lib;
|
lib = nixpkgs.lib;
|
||||||
|
users.defaultShell = "pkgs.zsh";
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
@ -33,6 +34,7 @@ in
|
|||||||
nur.nixosModules.nur
|
nur.nixosModules.nur
|
||||||
./desktop
|
./desktop
|
||||||
./configuration_desktop.nix
|
./configuration_desktop.nix
|
||||||
|
../modules/hardware/remoteBuilder.nix
|
||||||
nixos-hardware.nixosModules.common-cpu-amd
|
nixos-hardware.nixosModules.common-cpu-amd
|
||||||
nixos-hardware.nixosModules.common-gpu-amd
|
nixos-hardware.nixosModules.common-gpu-amd
|
||||||
nixos-hardware.nixosModules.common-pc-ssd
|
nixos-hardware.nixosModules.common-pc-ssd
|
||||||
@ -60,6 +62,7 @@ in
|
|||||||
nur.nixosModules.nur
|
nur.nixosModules.nur
|
||||||
./laptop
|
./laptop
|
||||||
./configuration_desktop.nix
|
./configuration_desktop.nix
|
||||||
|
../modules/hardware/remoteClient.nix
|
||||||
nixos-hardware.nixosModules.common-cpu-intel
|
nixos-hardware.nixosModules.common-cpu-intel
|
||||||
nixos-hardware.nixosModules.common-gpu-intel
|
nixos-hardware.nixosModules.common-gpu-intel
|
||||||
nixos-hardware.nixosModules.common-pc-ssd
|
nixos-hardware.nixosModules.common-pc-ssd
|
||||||
@ -86,6 +89,7 @@ in
|
|||||||
nur.nixosModules.nur
|
nur.nixosModules.nur
|
||||||
./steamdeck
|
./steamdeck
|
||||||
./configuration_desktop.nix
|
./configuration_desktop.nix
|
||||||
|
../modules/hardware/remoteClient.nix
|
||||||
nixos-hardware.nixosModules.common-cpu-amd
|
nixos-hardware.nixosModules.common-cpu-amd
|
||||||
nixos-hardware.nixosModules.common-gpu-amd
|
nixos-hardware.nixosModules.common-gpu-amd
|
||||||
nixos-hardware.nixosModules.common-pc-ssd
|
nixos-hardware.nixosModules.common-pc-ssd
|
||||||
@ -139,6 +143,7 @@ in
|
|||||||
nur.nixosModules.nur
|
nur.nixosModules.nur
|
||||||
./nas
|
./nas
|
||||||
./configuration_desktop.nix
|
./configuration_desktop.nix
|
||||||
|
../modules/hardware/remoteClient.nix
|
||||||
nixos-hardware.nixosModules.common-cpu-intel
|
nixos-hardware.nixosModules.common-cpu-intel
|
||||||
nixos-hardware.nixosModules.common-pc-ssd
|
nixos-hardware.nixosModules.common-pc-ssd
|
||||||
|
|
||||||
@ -165,6 +170,7 @@ in
|
|||||||
nur.nixosModules.nur
|
nur.nixosModules.nur
|
||||||
./jupiter
|
./jupiter
|
||||||
./configuration_desktop.nix
|
./configuration_desktop.nix
|
||||||
|
../modules/hardware/remoteClient.nix
|
||||||
nixos-hardware.nixosModules.common-cpu-intel
|
nixos-hardware.nixosModules.common-cpu-intel
|
||||||
nixos-hardware.nixosModules.common-pc-ssd
|
nixos-hardware.nixosModules.common-pc-ssd
|
||||||
|
|
||||||
|
|||||||
14
modules/hardware/remoteBuilder.nix
Normal file
14
modules/hardware/remoteBuilder.nix
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
users.users.nixremote = { # System User
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "kvm" ];
|
||||||
|
shell = pkgs.zsh; # Default shell
|
||||||
|
uid = 1001;
|
||||||
|
# initialPassword = "password95";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
24
modules/hardware/remoteClient.nix
Normal file
24
modules/hardware/remoteClient.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
nix = {
|
||||||
|
distributedBuilds = true;
|
||||||
|
buildMachines = [ {
|
||||||
|
hostName = "hades";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
supportedFeatures = [ "kvm" "big-parallel" ];
|
||||||
|
sshUser = "nixremote"
|
||||||
|
sshKey = config.age.secrets."keys/nixremote".path;
|
||||||
|
maxJobs = 1;
|
||||||
|
speedFactor = 8;
|
||||||
|
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
|
||||||
|
protocol = "ssh-ng";
|
||||||
|
] };
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets."keys/nixremote" = {
|
||||||
|
file = ../../../secrets/keys/nixremote.age;
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
}
|
||||||
BIN
secrets/keys/nixremote.age
Normal file
BIN
secrets/keys/nixremote.age
Normal file
Binary file not shown.
7
secrets/nixremote
Normal file
7
secrets/nixremote
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||||
|
QyNTUxOQAAACC3M7I+FtZBUGmpRcGmPkSeCxMzXhSg/orVweNENjufTAAAAJAgCaSVIAmk
|
||||||
|
lQAAAAtzc2gtZWQyNTUxOQAAACC3M7I+FtZBUGmpRcGmPkSeCxMzXhSg/orVweNENjufTA
|
||||||
|
AAAEAJPJDPptl9Ljj80G3MNyiAfMBKn6MOfBOT+vF0aBenTLczsj4W1kFQaalFwaY+RJ4L
|
||||||
|
EzNeFKD+itXB40Q2O59MAAAADWthYmJvbmVAaGFkZXM=
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
||||||
1
secrets/nixremote.pub
Normal file
1
secrets/nixremote.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M kabbone@hades
|
||||||
@ -20,15 +20,24 @@ let
|
|||||||
|
|
||||||
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
|
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
|
||||||
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
|
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
|
||||||
nbf5 = "";
|
nas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfKbeexWFg8nFEQvZCcFycrwil24c4HJxZazDQpnVNs";
|
||||||
|
jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWXo8ljwE4o+nL4A3es3zw4rPhvGRf7MIR336mJaO3C";
|
||||||
|
steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8tMIza5FOB3DQhiYaS3QG67n4J0e4okCrvoxPxneA";
|
||||||
systems = [
|
systems = [
|
||||||
hades
|
|
||||||
nbf5
|
|
||||||
dmz
|
dmz
|
||||||
|
hades
|
||||||
|
nas
|
||||||
|
jupiter
|
||||||
|
steamdeck
|
||||||
];
|
];
|
||||||
servers = [
|
servers = [
|
||||||
dmz
|
dmz
|
||||||
];
|
];
|
||||||
|
buildClients = [
|
||||||
|
nas
|
||||||
|
jupiter
|
||||||
|
steamdeck
|
||||||
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"services/postgresql/initScript.age".publicKeys = servers ++ users;
|
"services/postgresql/initScript.age".publicKeys = servers ++ users;
|
||||||
@ -45,4 +54,5 @@ in
|
|||||||
"services/gitea/databasePassword.age".publicKeys = servers ++ users;
|
"services/gitea/databasePassword.age".publicKeys = servers ++ users;
|
||||||
"services/gitea/mailerPassword.age".publicKeys = servers ++ users;
|
"services/gitea/mailerPassword.age".publicKeys = servers ++ users;
|
||||||
"services/woodpecker/environment.age".publicKeys = servers ++ users;
|
"services/woodpecker/environment.age".publicKeys = servers ++ users;
|
||||||
|
"keys/nixremote.age".publicKeys = buildClients ++ users;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user