ReboteBuild : Fix substitute issues to always prefer the builder.

This commit is contained in:
Dmitry Voronin 2024-06-24 17:53:37 +03:00 committed by Dmitry Voronin
parent 2c6fa18226
commit 939414b564
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
6 changed files with 37 additions and 34 deletions

View file

@ -1,5 +0,0 @@
{ ... }: {
extraOptions = ''
experimental-features = nix-command flakes
'';
}

View file

@ -12,7 +12,6 @@
# Android modules. # Android modules.
environment = import ./Environment.nix args; environment = import ./Environment.nix args;
git = import ./Git.nix args; git = import ./Git.nix args;
nix = import ./Nix.nix args;
package = import ./Package.nix args; package = import ./Package.nix args;
termux = import ./Termux.nix args; termux = import ./Termux.nix args;
@ -25,7 +24,9 @@
in { in {
# Configure system. # Configure system.
time.timeZone = const.timeZone; time.timeZone = const.timeZone;
nix.extraOptions = nix.extraOptions; nix.settings = {
experimental-features = [ "nix-command " "flakes" ];
};
# Install packages. # Install packages.
environment.packages = package.list; environment.packages = package.list;

View file

@ -1,5 +1,5 @@
# Module that enables remote builds. This is a client configuration. # Module that enables remote builds. This is a client configuration.
{ config, pkgs, ... }: { { lib, secret, ... }: {
# NOTE: Requires host private key to be present in secret.ssh.builderKeys. # NOTE: Requires host private key to be present in secret.ssh.builderKeys.
nix.buildMachines = [{ nix.buildMachines = [{
hostName = "nixbuilder"; hostName = "nixbuilder";
@ -15,10 +15,14 @@
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}]; }];
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.extraOptions = '' nix.settings = let
builders-use-substitutes = true substituters = [ "ssh-ng://nixbuilder" ];
extra-substituters = ssh-ng://nixbuilder in {
extra-trusted-substituters = ssh-ng://nixbuilder substituters = lib.mkForce substituters;
extra-trusted-public-keys = nixbuilder-1:Skghjixd8lPzNe2ZEgYLM9Pu/wF9wiZtZGsdm3bo9h0= trusted-substituters = lib.mkForce substituters;
''; builders-use-substitutes = true;
max-jobs = 0;
trusted-public-keys = [ secret.ssh.builderKey ];
# substitute = false;
};
} }

View file

@ -3,7 +3,7 @@
keyPath = "/root/.nixbuilder"; keyPath = "/root/.nixbuilder";
in { in {
# Service that generates new key on boot if not present. # Service that generates new key on boot if not present.
# Don't forget to add new key to secret.ssh.builderKeys. # Don't forget to add new key to secret.ssh.buildKeys.
systemd.services.generate-nix-cache-key = { systemd.services.generate-nix-cache-key = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
@ -19,7 +19,7 @@ in {
# Add `nixbuilder` restricted user. # Add `nixbuilder` restricted user.
users.groups.nixbuilder = {}; users.groups.nixbuilder = {};
users.users.nixbuilder = { users.users.nixbuilder = {
openssh.authorizedKeys.keys = secret.ssh.builderKeys; openssh.authorizedKeys.keys = secret.ssh.buildKeys;
description = "Nix Remote Builder"; description = "Nix Remote Builder";
isNormalUser = true; isNormalUser = true;
createHome = lib.mkForce false; createHome = lib.mkForce false;
@ -30,8 +30,8 @@ in {
# Sign store automatically. # Sign store automatically.
# Sign existing store with: nix store sign --all -k /path/to/secret-key-file # Sign existing store with: nix store sign --all -k /path/to/secret-key-file
nix.extraOptions = '' nix.settings = {
trusted-users = nixbuilder trusted-users = [ "nixbuilder" ];
secret-key-files = ${keyPath}/private-key secret-key-files = [ "${keyPath}/private-key" ];
''; };
} }

View file

@ -10,20 +10,22 @@
# Allow installation of proprietary software. # Allow installation of proprietary software.
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# Deduplicate store automatically. Slows down switches a bit, but saves space. nix.settings = {
nix.settings.auto-optimise-store = true; # Deduplicate store automatically. Slows down switches a bit, but saves space.
auto-optimise-store = true;
# Extra configuration line-by-line: # Allow use of flakes.
# 1. Allow use of flakes. experimental-features = [ "nix-command " "flakes" ];
# 2. When running GC, keep .drv files.
# 3. When running GC, keep build dependencies. # When running GC, keep .drv files.
# 4. Run GC automatically when there's a 50 GB or less free space. keep-derivations = true;
nix.extraOptions = ''
experimental-features = nix-command flakes # When running GC, keep build dependencies.
keep-derivations = true keep-outputs = true;
keep-outputs = true
min-free = ${toString (50 * 1000 * 1000 * 1000)} # Run GC automatically when there's a 50 GB or less free space.
''; min-free = 50 * 1000 * 1000 * 1000;
};
# NOTE: Currently I run GC completely, but this setting (put above near min-free) # NOTE: Currently I run GC completely, but this setting (put above near min-free)
# can stop GC when you hit 101 GB of free space available. # can stop GC when you hit 101 GB of free space available.

View file

@ -10,7 +10,8 @@
]; ];
# Keys that are allowd to connect via SSH to nixbuild user for Nix remote builds. # Keys that are allowd to connect via SSH to nixbuild user for Nix remote builds.
builderKeys = [ builderKey = "nixbuilder-1:Skghjixd8lPzNe2ZEgYLM9Pu/wF9wiZtZGsdm3bo9h0=";
buildKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSWdbkYsRiDlKu8iT/k+JN4KY08iX9qh4VyqxlpEZcE root@home" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSWdbkYsRiDlKu8iT/k+JN4KY08iX9qh4VyqxlpEZcE root@home"