search

Frontear / dotfiles

Configurations that power my NixOS systems
2 stars 0 forks source link

Set up a Nix builder #15

Open Frontear opened 1 week ago

Frontear commented 1 week ago

Extremely low priority. This issue is largely being made to document the process so that I do not need to stumble around in documentation hell.

1) Generate an ssh key on the local machine, send the public part to the remote machine (via users.users.<name>.openssh.authorizedKeys.keys/keyFiles). 2) Create a /root/.ssh/config on the local machine that contains this minimum snippet

Host REMOTE-BUILDER
  IdentitiesOnly yes
  IdentityFile /root/.ssh/key
  User <builder-user>

3) Create a build user on the remote machine via this minimal snippet

services.openssh.enable = true;

users.users.builder = {
  isNormalUser = true;
  group = "builder";

  openssh.authorizedKeys.key/keyFiles = [ ... ];
};

users.groups.builder = {};

nix.settings.trusted-users = [ "builder" ];

4) On the local machine, use this configuration to attach the builder

nix.distributedBuilds = true;
nix.buildMachines = [{
  hostName = "REMOTE-BUILDER";
  sshUser = "builder";
  sshKey = "/root/.ssh/key";
  system = " ... ";
  supportedFeatures = [ ... ];
  ... # THIS IS BARE MINIMUM
}];

That's it. What a disgustingly annoying set of tips, full of imperative behaviour too. Ideally I want to set this up behind a module and in a significantly saner way, sometime in the near future.

Frontear commented 1 week ago

https://wiki.nixos.org/wiki/Distributed_build https://nix.dev/manual/nix/2.24/advanced-topics/distributed-builds.html https://nix.dev/tutorials/nixos/distributed-builds-setup#set-up-distributed-builds https://wiki.nixos.org/wiki/Distributed_build

Frontear commented 1 week ago

https://docs.nixbuild.net/getting-started/

programs.ssh.extraConfig = ''
  Host eu.nixbuild.net
    PubkeyAcceptedKeyTypes ssh-ed25519
    ServerAliveInterval 60
    IPQoS throughput
    IdentityFile /path/to/your/private/key
'';

programs.ssh.knownHosts = {
  nixbuild = {
    hostNames = [ "eu.nixbuild.net" ];
    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM";
  };
};

nix = {
  distributedBuilds = true;
  buildMachines = [
    { hostName = "eu.nixbuild.net";
      system = "x86_64-linux";
      maxJobs = 100;
      supportedFeatures = [ "benchmark" "big-parallel" ];
    }
  ];
};