ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Update readme

Noah Pederson 65673e5e af335f94

+34 -31
+34 -31
README.md
··· 143 143 144 144 `shizuri` and `odin` are configured as trusted `x86_64-linux` Nix remote builders. Client hosts import `modules/nix-remote-builders.nix` through `common.nix`, so NixOS hosts in this flake will try to use both builders except for the current host itself. 145 145 146 - Builder access uses the `nixremote` user declared in `modules/nix-builder.nix`. Add client public keys to `users.users.nixremote.openssh.authorizedKeys.keys` before rebuilding the build hosts. 146 + Builder access uses the `nixremote` user declared in `modules/nix-builder.nix`. Client private keys live at `/root/.ssh/nix-remote-builder`; their public keys are declared in `users.users.nixremote.openssh.authorizedKeys.keys`. 147 147 148 - #### Set up a new client 148 + #### Add client access 149 149 150 - Generate or install the client key at the path expected by `modules/nix-remote-builders.nix`: 150 + On the client, generate the key and print its public half: 151 151 152 152 ```bash 153 153 sudo install -d -m 700 /root/.ssh 154 154 sudo ssh-keygen -t ed25519 -N '' -C "nix-remote-builder@$(hostname)" -f /root/.ssh/nix-remote-builder 155 + sudo cat /root/.ssh/nix-remote-builder.pub 155 156 ``` 156 157 157 - Copy the public key: 158 + Add the public key to `modules/nix-builder.nix`, then rebuild the builders once: 158 159 159 160 ```bash 160 - sudo cat /root/.ssh/nix-remote-builder.pub 161 + sudo nixos-rebuild switch --flake .#shizuri 162 + sudo nixos-rebuild switch --flake .#odin 161 163 ``` 162 164 163 - Add that public key to `users.users.nixremote.openssh.authorizedKeys.keys` in `modules/nix-builder.nix`, then rebuild each builder: 165 + Trust builder host keys on the client: 164 166 165 167 ```bash 166 - sudo nixos-rebuild switch --flake .#shizuri 167 - sudo nixos-rebuild switch --flake .#odin 168 + sudo ssh-keyscan -H shizuri odin | sudo tee -a /root/.ssh/known_hosts >/dev/null 168 169 ``` 169 170 170 - On the client, trust the builder host keys and rebuild the client: 171 + #### NixOS clients 172 + 173 + NixOS hosts in this flake already import the remote builder config through `common.nix`. After adding client access, rebuild the client: 171 174 172 175 ```bash 173 - sudo ssh-keyscan -H shizuri odin | sudo tee -a /root/.ssh/known_hosts >/dev/null 174 176 sudo nixos-rebuild switch --flake .#<client-hostname> 175 177 ``` 176 178 177 - Test builder access: 179 + Smoke test: 178 180 179 181 ```bash 180 182 sudo ssh -i /root/.ssh/nix-remote-builder nixremote@shizuri nix-store --version ··· 182 184 sudo nix build nixpkgs#hello --max-jobs 0 -L 183 185 ``` 184 186 187 + #### Standalone Home Manager clients 188 + 189 + Standalone Home Manager uses the host's Nix daemon. After adding client access, put the builder list in `/etc/nix/nix.conf`: 190 + 191 + ```conf 192 + experimental-features = nix-command flakes 193 + builders-use-substitutes = true 194 + builders = ssh-ng://nixremote@shizuri x86_64-linux /root/.ssh/nix-remote-builder 24 4 nixos-test,benchmark,big-parallel,kvm - ; ssh-ng://nixremote@odin x86_64-linux /root/.ssh/nix-remote-builder 24 4 nixos-test,benchmark,big-parallel,kvm - 195 + ``` 196 + 197 + Restart the daemon and run Home Manager: 198 + 199 + ```bash 200 + sudo systemctl restart nix-daemon 201 + home-manager switch --flake .#noah 202 + ``` 203 + 204 + Linux builders cannot build normal Darwin outputs; `homeConfigurations.noah-aleister` needs Darwin builders. 205 + 185 206 #### Set up a new build host 186 207 187 - Import the builder module from the new host configuration: 208 + Import `modules/nix-builder.nix` from the new host configuration: 188 209 189 210 ```nix 190 211 { ··· 194 215 } 195 216 ``` 196 217 197 - Add the host to the `builders` list in `modules/nix-remote-builders.nix`: 198 - 199 - ```nix 200 - { 201 - hostName = "new-builder"; 202 - sshUser = "nixremote"; 203 - sshKey = "/root/.ssh/nix-remote-builder"; 204 - system = "x86_64-linux"; 205 - protocol = "ssh-ng"; 206 - maxJobs = 24; 207 - speedFactor = 4; 208 - supportedFeatures = [ 209 - "nixos-test" 210 - "benchmark" 211 - "big-parallel" 212 - "kvm" 213 - ]; 214 - } 215 - ``` 218 + Add a matching entry to the `builders` list in `modules/nix-remote-builders.nix`. 216 219 217 220 Rebuild the new builder first, then rebuild each client that should use it: 218 221