+83

README.md

reviewed

··· 139 139 home-manager switch --flake .#noah-aleister 140 140 ``` 141 141 142 142 + ### Remote Builders 143 143 + 144 144 + `shizuri` and `odin` are configured as trusted `x86_64-linux` Nix remote builders. Client hosts import `modules/nix-remote-builders.nix` through `common.nix`, so NixOS hosts in this flake will try to use both builders except for the current host itself. 145 145 + 146 146 + Builder access uses the `nixremote` user declared in `modules/nix-builder.nix`. Add client public keys to `users.users.nixremote.openssh.authorizedKeys.keys` before rebuilding the build hosts. 147 147 + 148 148 + #### Set up a new client 149 149 + 150 150 + Generate or install the client key at the path expected by `modules/nix-remote-builders.nix`: 151 151 + 152 152 + ```bash 153 153 + sudo install -d -m 700 /root/.ssh 154 154 + sudo ssh-keygen -t ed25519 -N '' -C "nix-remote-builder@$(hostname)" -f /root/.ssh/nix-remote-builder 155 155 + ``` 156 156 + 157 157 + Copy the public key: 158 158 + 159 159 + ```bash 160 160 + sudo cat /root/.ssh/nix-remote-builder.pub 161 161 + ``` 162 162 + 163 163 + Add that public key to `users.users.nixremote.openssh.authorizedKeys.keys` in `modules/nix-builder.nix`, then rebuild each builder: 164 164 + 165 165 + ```bash 166 166 + sudo nixos-rebuild switch --flake .#shizuri 167 167 + sudo nixos-rebuild switch --flake .#odin 168 168 + ``` 169 169 + 170 170 + On the client, trust the builder host keys and rebuild the client: 171 171 + 172 172 + ```bash 173 173 + sudo ssh-keyscan -H shizuri odin | sudo tee -a /root/.ssh/known_hosts >/dev/null 174 174 + sudo nixos-rebuild switch --flake .#<client-hostname> 175 175 + ``` 176 176 + 177 177 + Test builder access: 178 178 + 179 179 + ```bash 180 180 + sudo ssh -i /root/.ssh/nix-remote-builder nixremote@shizuri nix-store --version 181 181 + sudo ssh -i /root/.ssh/nix-remote-builder nixremote@odin nix-store --version 182 182 + sudo nix build nixpkgs#hello --max-jobs 0 -L 183 183 + ``` 184 184 + 185 185 + #### Set up a new build host 186 186 + 187 187 + Import the builder module from the new host configuration: 188 188 + 189 189 + ```nix 190 190 + { 191 191 + imports = [ 192 192 + ../../modules/nix-builder.nix 193 193 + ]; 194 194 + } 195 195 + ``` 196 196 + 197 197 + Add the host to the `builders` list in `modules/nix-remote-builders.nix`: 198 198 + 199 199 + ```nix 200 200 + { 201 201 + hostName = "new-builder"; 202 202 + sshUser = "nixremote"; 203 203 + sshKey = "/root/.ssh/nix-remote-builder"; 204 204 + system = "x86_64-linux"; 205 205 + protocol = "ssh-ng"; 206 206 + maxJobs = 24; 207 207 + speedFactor = 4; 208 208 + supportedFeatures = [ 209 209 + "nixos-test" 210 210 + "benchmark" 211 211 + "big-parallel" 212 212 + "kvm" 213 213 + ]; 214 214 + } 215 215 + ``` 216 216 + 217 217 + Rebuild the new builder first, then rebuild each client that should use it: 218 218 + 219 219 + ```bash 220 220 + sudo nixos-rebuild switch --flake .#new-builder 221 221 + sudo ssh-keyscan -H new-builder | sudo tee -a /root/.ssh/known_hosts >/dev/null 222 222 + sudo nixos-rebuild switch --flake .#<client-hostname> 223 223 + ``` 224 224 + 142 225 ## Maintenance 143 226 144 227 Regular maintenance tasks:

+4

common.nix

reviewed

··· 1 1 { ... }: 2 2 { 3 3 + imports = [ 4 4 + ./modules/nix-remote-builders.nix 5 5 + ]; 6 6 + 3 7 # Set your time zone. 4 8 time.timeZone = "America/Chicago"; 5 9

+1

host-specific/odin/configuration.nix

reviewed

··· 12 12 ./packages.nix 13 13 ./services.nix 14 14 ./valheim.nix 15 15 + ../../modules/nix-builder.nix 15 16 ../../modules/nixery.nix 16 17 ]; 17 18

+1

host-specific/shizuri/configuration.nix

reviewed

··· 8 8 ./gui.nix 9 9 ./packages.nix 10 10 ./services.nix 11 11 + ../../modules/nix-builder.nix 11 12 ]; 12 13 system.stateVersion = "23.11"; # Did you read the comment? 13 14 }

+21

modules/nix-builder.nix

reviewed

··· 1 1 + { lib, ... }: 2 2 + { 3 3 + users.users.nixremote = { 4 4 + isNormalUser = true; 5 5 + createHome = true; 6 6 + description = "Nix remote build user"; 7 7 + openssh.authorizedKeys.keys = [ 8 8 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINeVMpqxARxLDGCYSys1Rd8fJnZG07IPWwDH1I+vGvFA nix-remote-builder@misaki" 9 9 + ]; 10 10 + }; 11 11 + 12 12 + nix.settings = { 13 13 + trusted-users = [ "nixremote" ]; 14 14 + system-features = lib.mkForce [ 15 15 + "nixos-test" 16 16 + "benchmark" 17 17 + "big-parallel" 18 18 + "kvm" 19 19 + ]; 20 20 + }; 21 21 + }

+41

modules/nix-remote-builders.nix

reviewed

··· 1 1 + { config, lib, ... }: 2 2 + let 3 3 + builders = [ 4 4 + { 5 5 + hostName = "shizuri"; 6 6 + sshUser = "nixremote"; 7 7 + sshKey = "/root/.ssh/nix-remote-builder"; 8 8 + system = "x86_64-linux"; 9 9 + protocol = "ssh-ng"; 10 10 + maxJobs = 24; 11 11 + speedFactor = 4; 12 12 + supportedFeatures = [ 13 13 + "nixos-test" 14 14 + "benchmark" 15 15 + "big-parallel" 16 16 + "kvm" 17 17 + ]; 18 18 + } 19 19 + { 20 20 + hostName = "odin"; 21 21 + sshUser = "nixremote"; 22 22 + sshKey = "/root/.ssh/nix-remote-builder"; 23 23 + system = "x86_64-linux"; 24 24 + protocol = "ssh-ng"; 25 25 + maxJobs = 24; 26 26 + speedFactor = 4; 27 27 + supportedFeatures = [ 28 28 + "nixos-test" 29 29 + "benchmark" 30 30 + "big-parallel" 31 31 + "kvm" 32 32 + ]; 33 33 + } 34 34 + ]; 35 35 + in 36 36 + { 37 37 + nix.distributedBuilds = true; 38 38 + nix.settings.builders-use-substitutes = true; 39 39 + 40 40 + nix.buildMachines = lib.filter (builder: builder.hostName != config.networking.hostName) builders; 41 41 + }