moritz/clan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: remote-builders to be more readable

Browse source
This commit is contained in:
Moritz Böhme 2025-04-21 10:45:25 +02:00
parent fde70ab2bb
commit 47855697be
No known key found for this signature in database
GPG key ID: 970C6E89EB0547A9
1 changed files with 39 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

62
clanServices/remote-builders/default.nix
View file

@ -27,7 +27,11 @@
};
# Maps over all instances and produces one result per instance.
perInstance = {roles, ...}: {
perInstance = {
roles,
machine,
...
}: {
# Analog to 'perSystem' of flake-parts.
# For every instance of this service we will add a nixosModule to a client-machine
nixosModule = {
@ -38,7 +42,7 @@
inherit (lib) filterAttrs hasAttr mapAttrsToList;
clients = filterAttrs (name: _value: hasAttr name roles.client.machines) self.nixosConfigurations;
others = filterAttrs (_name: value: value.config.networking.hostName != config.networking.hostName) clients;
others = filterAttrs (name: _value: name != machine.name) clients;
remotebuildKeys =
mapAttrsToList (
_name: attrs: attrs.config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519.pub".value
@ -73,40 +77,35 @@
};
roles.client = {
interface = {};
perInstance = {roles, ...}: {
perInstance = {
roles,
machine,
...
}: {
nixosModule = {
config,
pkgs,
lib,
...
}: let
inherit (lib) filterAttrs hasAttr mapAttrsToList concatLines;
inherit (lib) filterAttrs hasAttr mapAttrsToList concatLines optional;
workers = filterAttrs (name: _value: hasAttr name roles.worker.machines) self.nixosConfigurations;
others = filterAttrs (name: _value: name != machine.name) workers;
mkBuilder = hostName: attrs: let
mkBuilder = name: attrs: let
config' = attrs.config;
cfg' = roles.worker.machines.${hostName}.settings;
cfg' = roles.worker.machines.${name}.settings;
pkgs' = attrs.pkgs;
in {
# NOTE: https://github.com/NixOS/nix/issues/3177
hostName =
if config'.networking.hostName == config.networking.hostName
then "local?root=/nix/store"
else hostName;
sshUser =
if config'.networking.hostName == config.networking.hostName
then null
else "remotebuild";
hostName = name;
sshUser = "remotebuild";
# CPU architecture of the builder, and the operating system it runs.
# If your builder supports multiple architectures
# (e.g. search for "binfmt" for emulation),
systems = [pkgs'.system] ++ config'.boot.binfmt.emulatedSystems;
# Nix custom ssh-variant that avoids lots of "trusted-users" settings pain
protocol =
if config'.networking.hostName == config.networking.hostName
then null
else "ssh-ng";
protocol = "ssh-ng";
# default is 1 but may keep the builder idle in between builds
maxJobs = 3;
speedFactor = 1;
@ -114,11 +113,28 @@
mandatoryFeatures = [];
};
buildMachines = mapAttrsToList mkBuilder workers;
otherBuildMachines = mapAttrsToList mkBuilder others;
buildMachines =
otherBuildMachines
++ optional (hasAttr machine.name roles.worker.machines)
{
# NOTE: https://github.com/NixOS/nix/issues/3177
hostName = "local?root=/nix/store";
sshUser = null;
# CPU architecture of the builder, and the operating system it runs.
# If your builder supports multiple architectures
# (e.g. search for "binfmt" for emulation),
systems = [pkgs.system] ++ config.boot.binfmt.emulatedSystems;
protocol = null;
# default is 1 but may keep the builder idle in between builds
maxJobs = 3;
speedFactor = 1;
supportedFeatures = roles.worker.machines.${machine.name}.settings.supportedFeatures;
mandatoryFeatures = [];
};
others = filterAttrs (_name: value: value.config.networking.hostName != config.networking.hostName) workers;
mkMatch = _name: value: ''
Match User remotebuild Host ${value.config.networking.hostName}
mkMatch = name: _value: ''
Match User remotebuild Host ${name}
IdentityFile ${config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519".path}
'';
sshConfig = concatLines (mapAttrsToList mkMatch others);