moritz/clan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: remote-builders to be more readable

Browse source
This commit is contained in:
Moritz Böhme 2025-04-21 10:45:25 +02:00
parent fde70ab2bb
commit 47855697be
No known key found for this signature in database
GPG key ID: 970C6E89EB0547A9
1 changed files with 39 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

62
clanServices/remote-builders/default.nix
View file

@ -27,7 +27,11 @@
}; };
# Maps over all instances and produces one result per instance. # Maps over all instances and produces one result per instance.
perInstance = {roles, ...}: { perInstance = {
roles,
machine,
...
}: {
# Analog to 'perSystem' of flake-parts. # Analog to 'perSystem' of flake-parts.
# For every instance of this service we will add a nixosModule to a client-machine # For every instance of this service we will add a nixosModule to a client-machine
nixosModule = { nixosModule = {
@ -38,7 +42,7 @@
inherit (lib) filterAttrs hasAttr mapAttrsToList; inherit (lib) filterAttrs hasAttr mapAttrsToList;
clients = filterAttrs (name: _value: hasAttr name roles.client.machines) self.nixosConfigurations; clients = filterAttrs (name: _value: hasAttr name roles.client.machines) self.nixosConfigurations;
others = filterAttrs (_name: value: value.config.networking.hostName != config.networking.hostName) clients; others = filterAttrs (name: _value: name != machine.name) clients;
remotebuildKeys = remotebuildKeys =
mapAttrsToList ( mapAttrsToList (
_name: attrs: attrs.config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519.pub".value _name: attrs: attrs.config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519.pub".value
@ -73,40 +77,35 @@
}; };
roles.client = { roles.client = {
interface = {}; interface = {};
perInstance = {roles, ...}: { perInstance = {
roles,
machine,
...
}: {
nixosModule = { nixosModule = {
config, config,
pkgs, pkgs,
lib, lib,
... ...
}: let }: let
inherit (lib) filterAttrs hasAttr mapAttrsToList concatLines; inherit (lib) filterAttrs hasAttr mapAttrsToList concatLines optional;
workers = filterAttrs (name: _value: hasAttr name roles.worker.machines) self.nixosConfigurations; workers = filterAttrs (name: _value: hasAttr name roles.worker.machines) self.nixosConfigurations;
others = filterAttrs (name: _value: name != machine.name) workers;
mkBuilder = hostName: attrs: let mkBuilder = name: attrs: let
config' = attrs.config; config' = attrs.config;
cfg' = roles.worker.machines.${hostName}.settings; cfg' = roles.worker.machines.${name}.settings;
pkgs' = attrs.pkgs; pkgs' = attrs.pkgs;
in { in {
# NOTE: https://github.com/NixOS/nix/issues/3177 hostName = name;
hostName = sshUser = "remotebuild";
if config'.networking.hostName == config.networking.hostName
then "local?root=/nix/store"
else hostName;
sshUser =
if config'.networking.hostName == config.networking.hostName
then null
else "remotebuild";
# CPU architecture of the builder, and the operating system it runs. # CPU architecture of the builder, and the operating system it runs.
# If your builder supports multiple architectures # If your builder supports multiple architectures
# (e.g. search for "binfmt" for emulation), # (e.g. search for "binfmt" for emulation),
systems = [pkgs'.system] ++ config'.boot.binfmt.emulatedSystems; systems = [pkgs'.system] ++ config'.boot.binfmt.emulatedSystems;
# Nix custom ssh-variant that avoids lots of "trusted-users" settings pain # Nix custom ssh-variant that avoids lots of "trusted-users" settings pain
protocol = protocol = "ssh-ng";
if config'.networking.hostName == config.networking.hostName
then null
else "ssh-ng";
# default is 1 but may keep the builder idle in between builds # default is 1 but may keep the builder idle in between builds
maxJobs = 3; maxJobs = 3;
speedFactor = 1; speedFactor = 1;
@ -114,11 +113,28 @@
mandatoryFeatures = []; mandatoryFeatures = [];
}; };
buildMachines = mapAttrsToList mkBuilder workers; otherBuildMachines = mapAttrsToList mkBuilder others;
buildMachines =
otherBuildMachines
++ optional (hasAttr machine.name roles.worker.machines)
{
# NOTE: https://github.com/NixOS/nix/issues/3177
hostName = "local?root=/nix/store";
sshUser = null;
# CPU architecture of the builder, and the operating system it runs.
# If your builder supports multiple architectures
# (e.g. search for "binfmt" for emulation),
systems = [pkgs.system] ++ config.boot.binfmt.emulatedSystems;
protocol = null;
# default is 1 but may keep the builder idle in between builds
maxJobs = 3;
speedFactor = 1;
supportedFeatures = roles.worker.machines.${machine.name}.settings.supportedFeatures;
mandatoryFeatures = [];
};
others = filterAttrs (_name: value: value.config.networking.hostName != config.networking.hostName) workers; mkMatch = name: _value: ''
mkMatch = _name: value: '' Match User remotebuild Host ${name}
Match User remotebuild Host ${value.config.networking.hostName}
IdentityFile ${config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519".path} IdentityFile ${config.clan.core.vars.generators.remotebuild.files."ssh.id_ed25519".path}
''; '';
sshConfig = concatLines (mapAttrsToList mkMatch others); sshConfig = concatLines (mapAttrsToList mkMatch others);