chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

system.nix.remote: init

Browse Source
This commit is contained in:
陈浩南
2024-03-11 16:19:37 +08:00
parent cce3917e26
commit 2390edb22f
5 changed files with 69 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
devices/pc/default.nix
View File

@@ -50,6 +50,7 @@ inputs:
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
remote.master = { enable = true; hosts = [ "xmupc1" "xmupc2" ]; };
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };

6
devices/pc/secrets/default.yaml
View File

@@ -20,6 +20,8 @@ wireguard:
privateKey: ENC[AES256_GCM,data:oIpiXJvEoyryS4eEutoe85Af0L5a5iNuOsCWCat9KEhr2ecY/vRimk/1fbA=,iv:dm2hTSNX7Q38yASon5o1jxEJZbWPXUWYydXYMBHF/sE=,tag:yrANhwIF/wHQGHGA1bfPgw==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
nix:
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -44,8 +46,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-07T12:35:41Z"
mac: ENC[AES256_GCM,data:Krgtb791wR+S0PQyV2h0Uyh7MKx9fOTHbetmgLoiGOHL8FMSvmWt3LCMQy+RyjnOIj9XRwb8l+kyTqkgeN4zEfKd1uuOh95Z/hLWhCkWs4dPaBu6Uw4aekH9ZUmQJZIr1lt2AIayRsVjaU0dIl4FOcLW+93ls95aluhvPPloJX0=,iv:MmJFdVpF4ZfxMRwbxPV/TC1Qt957vl0QvU0MZzUWdm8=,tag:6+VVFDdPSTycxnKO7Td6VA==,type:str]
lastmodified: "2024-03-11T08:27:38Z"
mac: ENC[AES256_GCM,data:X5AqIdnMzLNCHXbN3TuG4st907Rw080V8AqzesiwVFOjbBYRZWetCndtfE+/o8G1q5YE/Qwspy7HsxP5tCbSNI5c8P0XTjRTCEGyRFY8fM1TFIM32rCFjUot1iFC+l//iq62M/5iMhT2Z7pi+CDIyNMEE3TJMhBc8JmgTJXIsI8=,iv:UZXFi3rJgVHBNVqwNHlIkmW+xYkX6X2/54QQ1aZTmyU=,tag:SXyL69DZ5i0cQFvXnFkZIg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
devices/xmupc1/default.nix
View File

@@ -48,6 +48,7 @@ inputs:
gui = { preferred = false; autoStart = true; };
kernel.patches = [ "cjktty" "lantian" ];
networking.hostname = "xmupc1";
nix.remote.slave = { enable = true; mandatoryFeatures = [ "nvhpcarch-znver3" ]; };
};
hardware =
{

1
devices/xmupc2/default.nix
View File

@@ -44,6 +44,7 @@ inputs:
gui = { preferred = false; autoStart = true; };
kernel.patches = [ "cjktty" "lantian" ];
networking.hostname = "xmupc2";
nix.remote.slave = { enable = true; mandatoryFeatures = [ "nvhpcarch-skylake" ]; };
};
hardware =
{

64
modules/system/nix.nix
View File

@@ -7,6 +7,19 @@ inputs:
includeBuildDependencies = mkOption { type = types.bool; default = inputs.topInputs.self.config.archive; };
substituters = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
autoOptimiseStore = mkOption { type = types.bool; default = false; };
remote =
{
slave =
{
enable = mkOption { type = types.bool; default = false; };
mandatoryFeatures = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
master =
{
enable = mkOption { type = types.bool; default = false; };
hosts = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
};
};
config = let inherit (inputs.config.nixos.system) nix; in inputs.lib.mkMerge
[
@@ -19,6 +32,7 @@ inputs:
keep-failed = true;
max-substitution-jobs = 4;
trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
trusted-users = [ "@wheel" ];
show-trace = true;
max-jobs = 4;
cores = 0;
@@ -68,17 +82,63 @@ inputs:
++ (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ "nvhpcarch-${march}" ]);
}
# includeBuildDependencies
(inputs.lib.mkIf nix.includeBuildDependencies
{
system.includeBuildDependencies = nix.includeBuildDependencies;
}
})
# substituters
{
nix.settings.substituters = if nix.substituters == null then [ "https://cache.nixos.org/" ] else nix.substituters;
}
# autoOptimiseStore
(inputs.lib.mkIf nix.autoOptimiseStore
{
nix.settings.auto-optimise-store = nix.autoOptimiseStore;
}
})
# remote.slave
(inputs.lib.mkIf nix.remote.slave.enable
{
nix =
{
sshServe =
{
enable = true;
keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAdUiHbT1Vs++5L0OPaMtYG7Wa0ejbJs2KBZ4QAspM4n nix-ssh@pc" ];
write = true;
protocol = "ssh-ng";
};
settings.trusted-users = [ "nix-ssh" ];
};
})
# remote.master
(inputs.lib.mkIf nix.remote.master.enable
{
assertions = builtins.map
(host:
{
assertion = inputs.topInputs.self.nixosConfigurations.${host}.config.nixos.system.nix.remote.slave.enable;
message = "remote.slave.enable is not set for ${host}";
})
nix.remote.master.hosts;
nix =
{
distributedBuilds = true;
buildMachines = builtins.map
(host: let hostConfig = inputs.topInputs.self.nixosConfigurations.${host}.config; in
{
hostName = host;
protocol = "ssh-ng";
systems = [ "x86_64-linux" ] ++ hostConfig.nix.settings.extra-platforms;
sshUser = "nix-ssh";
sshKey = inputs.config.sops.secrets."nix/remote".path;
maxJobs = 1;
inherit (hostConfig.nixos.system.nix.remote.slave) mandatoryFeatures;
supportedFeatures = hostConfig.nix.settings.system-features;
})
nix.remote.master.hosts;
};
sops.secrets."nix/remote" = {};
})
# c++ include path
# environment.pathsToLink = [ "/include" ];
# environment.variables.CPATH = "/run/current-system/sw/include";