ReboteBuild : Fix substitute issues to always prefer the builder.
This commit is contained in:
parent
2c6fa18226
commit
939414b564
|
@ -1,5 +0,0 @@
|
||||||
{ ... }: {
|
|
||||||
extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -12,7 +12,6 @@
|
||||||
# Android modules.
|
# Android modules.
|
||||||
environment = import ./Environment.nix args;
|
environment = import ./Environment.nix args;
|
||||||
git = import ./Git.nix args;
|
git = import ./Git.nix args;
|
||||||
nix = import ./Nix.nix args;
|
|
||||||
package = import ./Package.nix args;
|
package = import ./Package.nix args;
|
||||||
termux = import ./Termux.nix args;
|
termux = import ./Termux.nix args;
|
||||||
|
|
||||||
|
@ -25,7 +24,9 @@
|
||||||
in {
|
in {
|
||||||
# Configure system.
|
# Configure system.
|
||||||
time.timeZone = const.timeZone;
|
time.timeZone = const.timeZone;
|
||||||
nix.extraOptions = nix.extraOptions;
|
nix.settings = {
|
||||||
|
experimental-features = [ "nix-command " "flakes" ];
|
||||||
|
};
|
||||||
|
|
||||||
# Install packages.
|
# Install packages.
|
||||||
environment.packages = package.list;
|
environment.packages = package.list;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Module that enables remote builds. This is a client configuration.
|
# Module that enables remote builds. This is a client configuration.
|
||||||
{ config, pkgs, ... }: {
|
{ lib, secret, ... }: {
|
||||||
# NOTE: Requires host private key to be present in secret.ssh.builderKeys.
|
# NOTE: Requires host private key to be present in secret.ssh.builderKeys.
|
||||||
nix.buildMachines = [{
|
nix.buildMachines = [{
|
||||||
hostName = "nixbuilder";
|
hostName = "nixbuilder";
|
||||||
|
@ -15,10 +15,14 @@
|
||||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
}];
|
}];
|
||||||
nix.distributedBuilds = true;
|
nix.distributedBuilds = true;
|
||||||
nix.extraOptions = ''
|
nix.settings = let
|
||||||
builders-use-substitutes = true
|
substituters = [ "ssh-ng://nixbuilder" ];
|
||||||
extra-substituters = ssh-ng://nixbuilder
|
in {
|
||||||
extra-trusted-substituters = ssh-ng://nixbuilder
|
substituters = lib.mkForce substituters;
|
||||||
extra-trusted-public-keys = nixbuilder-1:Skghjixd8lPzNe2ZEgYLM9Pu/wF9wiZtZGsdm3bo9h0=
|
trusted-substituters = lib.mkForce substituters;
|
||||||
'';
|
builders-use-substitutes = true;
|
||||||
|
max-jobs = 0;
|
||||||
|
trusted-public-keys = [ secret.ssh.builderKey ];
|
||||||
|
# substitute = false;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
keyPath = "/root/.nixbuilder";
|
keyPath = "/root/.nixbuilder";
|
||||||
in {
|
in {
|
||||||
# Service that generates new key on boot if not present.
|
# Service that generates new key on boot if not present.
|
||||||
# Don't forget to add new key to secret.ssh.builderKeys.
|
# Don't forget to add new key to secret.ssh.buildKeys.
|
||||||
systemd.services.generate-nix-cache-key = {
|
systemd.services.generate-nix-cache-key = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
|
@ -19,7 +19,7 @@ in {
|
||||||
# Add `nixbuilder` restricted user.
|
# Add `nixbuilder` restricted user.
|
||||||
users.groups.nixbuilder = {};
|
users.groups.nixbuilder = {};
|
||||||
users.users.nixbuilder = {
|
users.users.nixbuilder = {
|
||||||
openssh.authorizedKeys.keys = secret.ssh.builderKeys;
|
openssh.authorizedKeys.keys = secret.ssh.buildKeys;
|
||||||
description = "Nix Remote Builder";
|
description = "Nix Remote Builder";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
createHome = lib.mkForce false;
|
createHome = lib.mkForce false;
|
||||||
|
@ -30,8 +30,8 @@ in {
|
||||||
|
|
||||||
# Sign store automatically.
|
# Sign store automatically.
|
||||||
# Sign existing store with: nix store sign --all -k /path/to/secret-key-file
|
# Sign existing store with: nix store sign --all -k /path/to/secret-key-file
|
||||||
nix.extraOptions = ''
|
nix.settings = {
|
||||||
trusted-users = nixbuilder
|
trusted-users = [ "nixbuilder" ];
|
||||||
secret-key-files = ${keyPath}/private-key
|
secret-key-files = [ "${keyPath}/private-key" ];
|
||||||
'';
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,20 +10,22 @@
|
||||||
# Allow installation of proprietary software.
|
# Allow installation of proprietary software.
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
# Deduplicate store automatically. Slows down switches a bit, but saves space.
|
nix.settings = {
|
||||||
nix.settings.auto-optimise-store = true;
|
# Deduplicate store automatically. Slows down switches a bit, but saves space.
|
||||||
|
auto-optimise-store = true;
|
||||||
|
|
||||||
# Extra configuration line-by-line:
|
# Allow use of flakes.
|
||||||
# 1. Allow use of flakes.
|
experimental-features = [ "nix-command " "flakes" ];
|
||||||
# 2. When running GC, keep .drv files.
|
|
||||||
# 3. When running GC, keep build dependencies.
|
# When running GC, keep .drv files.
|
||||||
# 4. Run GC automatically when there's a 50 GB or less free space.
|
keep-derivations = true;
|
||||||
nix.extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
# When running GC, keep build dependencies.
|
||||||
keep-derivations = true
|
keep-outputs = true;
|
||||||
keep-outputs = true
|
|
||||||
min-free = ${toString (50 * 1000 * 1000 * 1000)}
|
# Run GC automatically when there's a 50 GB or less free space.
|
||||||
'';
|
min-free = 50 * 1000 * 1000 * 1000;
|
||||||
|
};
|
||||||
|
|
||||||
# NOTE: Currently I run GC completely, but this setting (put above near min-free)
|
# NOTE: Currently I run GC completely, but this setting (put above near min-free)
|
||||||
# can stop GC when you hit 101 GB of free space available.
|
# can stop GC when you hit 101 GB of free space available.
|
||||||
|
|
|
@ -10,7 +10,8 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# Keys that are allowd to connect via SSH to nixbuild user for Nix remote builds.
|
# Keys that are allowd to connect via SSH to nixbuild user for Nix remote builds.
|
||||||
builderKeys = [
|
builderKey = "nixbuilder-1:Skghjixd8lPzNe2ZEgYLM9Pu/wF9wiZtZGsdm3bo9h0=";
|
||||||
|
buildKeys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSWdbkYsRiDlKu8iT/k+JN4KY08iX9qh4VyqxlpEZcE root@home"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSWdbkYsRiDlKu8iT/k+JN4KY08iX9qh4VyqxlpEZcE root@home"
|
||||||
|
|
Loading…
Reference in a new issue