feat(oksys): add servivi as remote builder
All checks were successful
Discord / discord commits (push) Has been skipped
All checks were successful
Discord / discord commits (push) Has been skipped
This commit is contained in:
parent
d1d3f4fd17
commit
ebd34a9481
5 changed files with 56 additions and 16 deletions
|
|
@ -8,6 +8,7 @@
|
||||||
./modules/blocky.nix
|
./modules/blocky.nix
|
||||||
./modules/caddy.nix
|
./modules/caddy.nix
|
||||||
./modules/headscale.nix
|
./modules/headscale.nix
|
||||||
|
./modules/remote-builder.nix
|
||||||
./modules/unbound.nix
|
./modules/unbound.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
36
devices/oksys/modules/remote-builder.nix
Normal file
36
devices/oksys/modules/remote-builder.nix
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
{config, ...}: let
|
||||||
|
servivi = "100.64.0.7";
|
||||||
|
in {
|
||||||
|
home-manager.users.root = {
|
||||||
|
home.file.".ssh/config".text = ''
|
||||||
|
Host ${servivi}
|
||||||
|
# Prevent using ssh-agent or another keyfile, useful for testing
|
||||||
|
IdentitiesOnly yes
|
||||||
|
IdentityFile ${config.sops.secrets.nixremote.path}
|
||||||
|
|
||||||
|
# The weakly privileged user on the remote builder – if not set, 'root' is used – which will hopefully fail
|
||||||
|
User nixremote
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.ssh.knownHosts = {
|
||||||
|
${servivi}.publicKey = "servivi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkNW0H4Fl6NFgahlgGbSvglg1DrX4yl1ht9Lp+vHE2A";
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.buildMachines = [
|
||||||
|
{
|
||||||
|
hostName = servivi;
|
||||||
|
system = "x86_64-linux";
|
||||||
|
protocol = "ssh-ng";
|
||||||
|
maxJobs = 1;
|
||||||
|
speedFactor = 2;
|
||||||
|
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
|
||||||
|
mandatoryFeatures = [];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
# optional, useful when the builder has a faster internet connection than yours
|
||||||
|
nix.extraOptions = ''
|
||||||
|
builders-use-substitutes = true
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
@ -95,7 +95,8 @@
|
||||||
jvmPackage = jre17;
|
jvmPackage = jre17;
|
||||||
jvmOpts = "";
|
jvmOpts = "";
|
||||||
|
|
||||||
serverConfig = {
|
serverConfig =
|
||||||
|
{
|
||||||
server-port = 25569;
|
server-port = 25569;
|
||||||
motd = "we do a little hunting of the vaults";
|
motd = "we do a little hunting of the vaults";
|
||||||
|
|
||||||
|
|
@ -110,7 +111,8 @@
|
||||||
use-native-transport = true;
|
use-native-transport = true;
|
||||||
view-distance = 10;
|
view-distance = 10;
|
||||||
};
|
};
|
||||||
} // defaults;
|
}
|
||||||
|
// defaults;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
BIN
flake.lock
BIN
flake.lock
Binary file not shown.
|
|
@ -3,7 +3,8 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}: with lib; let
|
}:
|
||||||
|
with lib; let
|
||||||
# Nix stuff
|
# Nix stuff
|
||||||
isNvidia = config.hardware.nvidia.modesetting.enable;
|
isNvidia = config.hardware.nvidia.modesetting.enable;
|
||||||
isTouchscreen = config.hardware.sensor.iio.enable;
|
isTouchscreen = config.hardware.sensor.iio.enable;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue