diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-09-27 23:06:10 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-09-27 23:06:10 +0200 |
commit | 3c33dd66ea59e9b01b05c515c22df11bcaf94194 (patch) | |
tree | 2894ae9d0486bbb4c4657f67820f247a1052558f /modules | |
parent | ecf32ed77857e76322394cc53aa37e4d971ddd9d (diff) | |
download | nixos-3c33dd66ea59e9b01b05c515c22df11bcaf94194.tar nixos-3c33dd66ea59e9b01b05c515c22df11bcaf94194.tar.gz nixos-3c33dd66ea59e9b01b05c515c22df11bcaf94194.tar.bz2 nixos-3c33dd66ea59e9b01b05c515c22df11bcaf94194.tar.xz nixos-3c33dd66ea59e9b01b05c515c22df11bcaf94194.zip |
vidhar/sif: build-server/build-client
Diffstat (limited to 'modules')
-rw-r--r-- | modules/build-client.nix | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/modules/build-client.nix b/modules/build-client.nix new file mode 100644 index 00000000..763fdb38 --- /dev/null +++ b/modules/build-client.nix | |||
@@ -0,0 +1,108 @@ | |||
1 | { flake, config, lib, hostName, ... }: | ||
2 | |||
3 | with lib; | ||
4 | |||
5 | let | ||
6 | cfg = config.nix.buildServers; | ||
7 | |||
8 | secretName = name: "nix-ssh-builder-${name}-private"; | ||
9 | in { | ||
10 | options = { | ||
11 | nix = { | ||
12 | buildServers = mkOption { | ||
13 | type = types.attrsOf (types.submodule { | ||
14 | options = { | ||
15 | address = mkOption { | ||
16 | type = types.str; | ||
17 | }; | ||
18 | |||
19 | system = mkOption { | ||
20 | type = types.nullOr types.str; | ||
21 | default = null; | ||
22 | example = "x86_64-linux"; | ||
23 | description = '' | ||
24 | The system type the build machine can execute derivations on. | ||
25 | Either this attribute or <varname>systems</varname> must be | ||
26 | present, where <varname>system</varname> takes precedence if | ||
27 | both are set. | ||
28 | ''; | ||
29 | }; | ||
30 | systems = mkOption { | ||
31 | type = types.listOf types.str; | ||
32 | default = []; | ||
33 | example = [ "x86_64-linux" "aarch64-linux" ]; | ||
34 | description = '' | ||
35 | The system types the build machine can execute derivations on. | ||
36 | Either this attribute or <varname>system</varname> must be | ||
37 | present, where <varname>system</varname> takes precedence if | ||
38 | both are set. | ||
39 | ''; | ||
40 | }; | ||
41 | maxJobs = mkOption { | ||
42 | type = types.int; | ||
43 | default = 1; | ||
44 | description = '' | ||
45 | The number of concurrent jobs the build machine supports. The | ||
46 | build machine will enforce its own limits, but this allows hydra | ||
47 | to schedule better since there is no work-stealing between build | ||
48 | machines. | ||
49 | ''; | ||
50 | }; | ||
51 | speedFactor = mkOption { | ||
52 | type = types.int; | ||
53 | default = 1; | ||
54 | description = '' | ||
55 | The relative speed of this builder. This is an arbitrary integer | ||
56 | that indicates the speed of this builder, relative to other | ||
57 | builders. Higher is faster. | ||
58 | ''; | ||
59 | }; | ||
60 | mandatoryFeatures = mkOption { | ||
61 | type = types.listOf types.str; | ||
62 | default = []; | ||
63 | example = [ "big-parallel" ]; | ||
64 | description = '' | ||
65 | A list of features mandatory for this builder. The builder will | ||
66 | be ignored for derivations that don't require all features in | ||
67 | this list. All mandatory features are automatically included in | ||
68 | <varname>supportedFeatures</varname>. | ||
69 | ''; | ||
70 | }; | ||
71 | supportedFeatures = mkOption { | ||
72 | type = types.listOf types.str; | ||
73 | default = []; | ||
74 | example = [ "kvm" "big-parallel" ]; | ||
75 | description = '' | ||
76 | A list of features supported by this builder. The builder will | ||
77 | be ignored for derivations that require features not in this | ||
78 | list. | ||
79 | ''; | ||
80 | }; | ||
81 | }; | ||
82 | }); | ||
83 | default = {}; | ||
84 | }; | ||
85 | }; | ||
86 | }; | ||
87 | |||
88 | config = mkIf (cfg != {}) { | ||
89 | programs.ssh.extraConfig = concatMapStringsSep "\n" ({ name, value }: '' | ||
90 | Host ${name} | ||
91 | User nix-ssh-builder | ||
92 | HostName ${value.address} | ||
93 | IdentitiesOnly yes | ||
94 | IdentityFile ${config.sops.secrets.${secretName name}.path} | ||
95 | ControlMaster auto | ||
96 | ControlPath /run/nix-ssh-builder-master-%r@%n:%p | ||
97 | ControlPersist 30m | ||
98 | Compression yes | ||
99 | ForwardAgent no | ||
100 | ServerAliveInterval 6 | ||
101 | ServerAliveCountMax 10 | ||
102 | '') (mapAttrsToList nameValuePair cfg); | ||
103 | |||
104 | sops.secrets = mapAttrs' (name: hCfg: nameValuePair (secretName name) { sopsFile = ../system-profiles/build-server/clients + "/${hostName}/private"; format = "binary"; }) cfg; | ||
105 | |||
106 | nix.buildMachines = mapAttrsToList (hostName: hCfg: { inherit hostName; inherit (hCfg) system systems maxJobs speedFactor mandatoryFeatures supportedFeatures; }) cfg; | ||
107 | }; | ||
108 | } | ||