Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test remote builds

Browse Source
This commit is contained in:
Nathan
2025-08-23 09:49:02 -05:00
parent 0fdfa33016
commit a62a69c7ce
8 changed files with 121 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.sops.yaml
View File

@@ -15,3 +15,8 @@ creation_rules:
- age: - age:
- *laptop - *laptop
- *homebox - *homebox
- path_regex: system-config/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox

41
home-manager/nathan/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, inputs, ... }: {
imports = [ imports = [
./programs ./programs
@@ -7,18 +7,6 @@
./dotfiles ./dotfiles
]; ];
options.homeconfig = {
host = lib.options.mkOption {
type = lib.types.str;
default = null;
};
home-manager.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = { config = {
home.stateVersion = "23.11"; home.stateVersion = "23.11";
@@ -48,11 +36,34 @@
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
}; };
/*nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders = '''';
builders-use-substitutes = true;
};
distributedBuilds = config.sysconfig.remoteBuildClient;
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
{
hostName = "blunkall.us";
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildSSHKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
}
];
};*/
services.mpris-proxy.enable = true; services.mpris-proxy.enable = true;
programs.ssh.enable = true; programs.ssh.enable = true;
programs.home-manager.enable = config.homeconfig.home-manager.enable;
}; };
} }

15
home-manager/programs/hyprpanel/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, lib, ... }: {
options.homeconfig.hyprpanel.enable = lib.mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf config.homeconfig.hyprpanel.enable {
programs.hyprpanel = {
enable = true;
};
};
}

17
system-config/configuration/homebox/default.nix
View File

@@ -21,6 +21,21 @@
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
};
nix.settings.trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true;
createHome = false;
/*openssh.authorizedKeys.keyFiles = [
config.sops.secrets."remoteBuildClientKeys/laptop".path
];*/
openssh.authorizedKeys.keyFiles = (builtins.partition
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
).right;
}; };
hardware = { hardware = {
@@ -102,7 +117,7 @@
}; };
sysconfig = { sysconfig = {
#remoteBuildHost = true; remoteBuildHost = true;
host = "homebox"; host = "homebox";
graphical = true; graphical = true;
users = { users = {

2
system-config/configuration/laptop/default.nix
View File

@@ -63,7 +63,7 @@
]; ];
sysconfig = { sysconfig = {
#remoteBuildClient = true; remoteBuildClient = true;
host = "laptop"; host = "laptop";
graphical = true; graphical = true;
users = { users = {

5
system-config/configuration/laptop/secrets.yaml
View File

@@ -1,5 +1,6 @@
nathan: nathan:
pass: ENC[AES256_GCM,data:H/duNPyclGoCF/Z90TQcqaUymowHOLRDmcfDxSubNGdmijknsCq+UH5PaWUmXGZ7uZqcpYWBcsVbYfQO/98OHH/kbwAFD/Hgkw==,iv:74M2PQqVzAgMXA8Z4RVLJKawt0Lzh94IKbn8YCTx3tY=,tag:B/xgA4mrhWEccaXQ+qvjCA==,type:str] pass: ENC[AES256_GCM,data:H/duNPyclGoCF/Z90TQcqaUymowHOLRDmcfDxSubNGdmijknsCq+UH5PaWUmXGZ7uZqcpYWBcsVbYfQO/98OHH/kbwAFD/Hgkw==,iv:74M2PQqVzAgMXA8Z4RVLJKawt0Lzh94IKbn8YCTx3tY=,tag:B/xgA4mrhWEccaXQ+qvjCA==,type:str]
remoteBuildKey: ENC[AES256_GCM,data:CN7AyOCV4iYzYrwVh2Af5YB0nwR4raXfj5FbbeIZg5Bfha0sUPnLAG+oqVUyzVQA3yftFhfwPGaALOyb6VlT13pTifG+uEoyiq1dQP6dimlmk/p/6kVtg4aiETJ/61EUeQF/HTVTZ3F7akgQRsKNFQYbF2srcurPQSY0Q2gjlkkFA3A3aLoN2LrkFPJvtnNP6SJzXDFHVOTPmbc/DvF9UbMiYu0viIlfiPqeBs26lAqcOWhrYlOxKqEL2IoP3kADDncedxT42c1rCPB/2kGvKg+mXSlaIH3a0Hb8hrnjVUB0edyqYnNCurVhPF8mg2yoqrtyaxRkZKvUsa5LBZwS+iL9bYQdU/4hxT9c7wRC+ZtWkwF4l/gy8Ggc+VuB+YT9JUCJY96o8f2wKFup0BS+oiYLGJKpcOLMFrPJLEtOMrqPN/Z6+gZ9LVbhlSliIV/yUTJAa26el0w6tP9Ebs6tHiFakpkMahsBbRxmHBmqkHW5zfa5YpvD5Ii/EC+F8Vb/Efn6LkBZBwSB6K33NSOy,iv:4i0bGQe7wiDSvmygY2VNSEhuYfYIi9YY1g7qLgDTcMo=,tag:MJqOovOcZ97COsVjxZus8w==,type:str]
sops: sops:
age: age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
@@ -11,7 +12,7 @@ sops:
Y2ZpR25VNGVoMi9ibW8wbW5rYTQ3R00Ka6/KLXSSRP9WJDV0RBHHS5nALfd/3xDu Y2ZpR25VNGVoMi9ibW8wbW5rYTQ3R00Ka6/KLXSSRP9WJDV0RBHHS5nALfd/3xDu
y+QS+Ueh56kQT2zbYpYBRIPDgI3LZgwlTifQCDJ9ZPq0LGgu4XbEqQ== y+QS+Ueh56kQT2zbYpYBRIPDgI3LZgwlTifQCDJ9ZPq0LGgu4XbEqQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-19T03:46:09Z" lastmodified: "2025-08-23T03:46:50Z"
mac: ENC[AES256_GCM,data:oDQaS7PdVa2U8mJtv5lwj6DKO25dxyzAfhDuI+fBeAeKlq7RlILpxCsT3iXcltblMhz8Jk2QronMtAy53r/aCIEhmIeEKGqGWr/sPV5DRWmIcIvZU2EDAEqbcbrxOV8BQFmEvRvJ7RhpG90ffK51SdaczzTcod9PGMst7LHTeMw=,iv:4/MeKQ2j0CLXHwusfsyOzUVSz78j3q1aipw1ugWtW8Y=,tag:Tkn9Zx9vk93Ka28tBpcjWQ==,type:str] mac: ENC[AES256_GCM,data:QJLMqnmkrgtTqqmLN9NCfV8PPm5N/F0gtGw/XlX+nnfbesGVeYubSjtHmYWmY7ha41jEvLYu8rmIXaxDepfogyOf4wzuRPLkJxO7Wu0UVdr5uZlHNrcxZh4Ex6YGgg8Lbcjs0iVCev66lWfuhuxuvPOKsGLZvoNTq0V1hLpo/Fw=,iv:VFrL0L6tC1JvWM3BOJP4Dh+q1xSMBecCtPnNcY/loAU=,tag:p5VmBaGPTxyTmm1Ha9Le3Q==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2

42
system-config/default.nix
View File

@@ -28,7 +28,33 @@
config = { config = {
sops.secrets."remoteBuildSSHKey" = lib.mkIf config.sysconfig.remoteBuildClient {}; sops.secrets = (if config.sysconfig.remoteBuildHost then (
builtins.listToAttrs
(builtins.map
(y: {
name = "remoteBuildClientKeys/${y}";
value = {
format = "yaml";
sopsFile = ./secrets.yaml;
};
})
(builtins.partition
(z: let
cfg = if
((builtins.readDir ./configuration).${z} == "directory")
then (import ./configuration/${z}).config
else null;
test = if cfg == null then false
else if !(cfg ? sysconfig) then false
else if !(cfg.sysconfig ? remoteBuildClient) then false
else cfg.sysconfig.remoteBuildClient;
in test)
(builtins.readDir ./configuration)
).right
)
) else {}) // {
"remoteBuildKey" = lib.mkIf config.sysconfig.remoteBuildClient {};
};
networking.hostName = lib.mkDefault config.sysconfig.host; networking.hostName = lib.mkDefault config.sysconfig.host;
@@ -39,7 +65,7 @@
channel.enable = false; channel.enable = false;
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ]; builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
}; };
distributedBuilds = config.sysconfig.remoteBuildClient; distributedBuilds = config.sysconfig.remoteBuildClient;
@@ -47,7 +73,7 @@
{ {
hostName = "blunkall.us"; hostName = "blunkall.us";
sshUser = "remote-builder"; sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildSSHKey".path; sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [ supportedFeatures = [
"nixos-test" "nixos-test"
"benchmark" "benchmark"
@@ -59,16 +85,6 @@
]; ];
}; };
boot.binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
isNormalUser = true;
createHome = false;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7wpZD7mpHHpfHBSBV28x3ify+dtoLRDXO91mJ/WhUj root@laptop"
];
};
time.timeZone = lib.mkDefault "America/Chicago"; time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault { i18n = lib.mkDefault {

26
system-config/secrets.yaml Normal file
View File

@@ -0,0 +1,26 @@
remoteBuildClientKeys:
laptop: ENC[AES256_GCM,data:SZRAZ36nSueWVLcdvpgZpltp/aORqAObFWhgqtIrTYccoK/3F7l0J+VJzF51FASa6spbGJL2BSbzOygyal609pvJc9Hb9bIN85GMzV1P4lha62iC8dkuVLXezPU=,iv:veQJxL4QTxFg2UKm2+I3RQXyuwW2rXEV/gXIQ7nBtlY=,tag:9C9Ltzwz823yY029p9K41A==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZlgyTEl5ZUxFcHU0eFQ0
NEc1Y05heUpLSmFzb2xrVVZZbzVUV2E0N1FjCjd0R0NrNktmMFlPWlpmRG9Qd0Zi
aGhRR3VodVVUNElKTzRIWGNUS01qaG8KLS0tIHBBdHdlVkx3STVLQ1ZNa2xCNjJU
aGhUWHhYQ21kRENhZkMxcS9KQWk1NW8KH/gDEIG7hPjHmWtAqU6o5tcE0Y6y68XV
0cW84xSazHMO4PEGuvvvi3YE8Q2tR2XJR9+CJFBEDqvx1zaFroUptA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUGFIZDk4azdsSFhBUHho
cnUxWkVIdVg1ZUdqTVRTMTRZeTRyejBYendZCkF3WDN2QUh6MjZzSDNrdS9ZNVpW
b2ZHVnJYN2xsMVhWM3dDWGhXWkQzWDQKLS0tIGNoWFBNWkFjNFNjWDM4MkN2RUFC
S2UxVDJXd2J6NkJYUDVGMnR3VDhqRzQKCj/uuR0vRNjhDpr6D0nRhyxOkBRm6Ruq
0HOgp2xkNH+q/KEhB1s/hRSae7lNKKi0T35xFPb46DMPkJSFUNdpPw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-23T03:42:30Z"
mac: ENC[AES256_GCM,data:+q0EeH0W+1Suu6/DDD4Br83RZ4wzWtsh+1BJrrQ1GBdFV55hjQoKigUVqPZMgjIZ2PIYOnKt9IjZhOdA/m5MY7N1Qdj/cPjzLRKM6JxjJEfaSW5EAp2cSC8vVp2zISsSEUh04zvv4Tiwjmzx2urdLHzOd/SK1upvDKNgAQfcDqQ=,iv:cJRH8JaHPex1I+ar9MC6PSwifRITPTr9+Ka7DCOHcaI=,tag:jpyC55iOI2KVHlnGzEpFNg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2