vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ditributed builds: use fqdn if available

Browse source
This commit is contained in:
müde 2026-05-03 16:04:27 +02:00
parent c8cfa37bb9
commit 9bff3f718f
2 changed files with 20 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

1
devices.nix
View file

@ -26,6 +26,7 @@ in
}; };
forgejo-runner-1 = { forgejo-runner-1 = {
system = "aarch64-linux"; system = "aarch64-linux";
publicFqdn = "forgejo-runner-1.dev.zerforschen.plus";
distributedBuilds = { distributedBuilds = {
isBuilder = true; isBuilder = true;
speedFactor = 1; speedFactor = 1;

31
nixosModules/distributed-builds.nix
View file

@ -21,13 +21,14 @@ let
_: v: (v.distributedBuilds or { }).isBuilder or false _: v: (v.distributedBuilds or { }).isBuilder or false
) allDevices; ) allDevices;
sshHostname = m: m.publicFqdn or m.hostName;
buildServerKnownHosts = lib.pipe buildServerDevices [ buildServerKnownHosts = lib.pipe buildServerDevices [
(lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey)) (lib.filterAttrs (_: v: v.distributedBuilds ? hostPublicKey))
(lib.mapAttrs ( (lib.mapAttrs (name: v: {
_: v: { publicKey = v.distributedBuilds.hostPublicKey;
publicKey = v.distributedBuilds.hostPublicKey; hostNames = [ (v.publicFqdn or name) ];
} }))
))
]; ];
remoteBuildServerDevices = builtins.filter ( remoteBuildServerDevices = builtins.filter (
@ -37,7 +38,7 @@ let
buildMachines = map ( buildMachines = map (
m: m:
{ {
hostName = m.hostName; hostName = sshHostname m;
systems = [ m.system ]; systems = [ m.system ];
sshUser = buildUser; sshUser = buildUser;
sshKey = clientSshKeyPath; sshKey = clientSshKeyPath;
@ -65,6 +66,8 @@ in
# All machines # All machines
{ {
nix.settings = { nix.settings = {
#fallback = true;
connect-timeout = 5;
trusted-public-keys = lib.pipe buildServerDevices [ trusted-public-keys = lib.pipe buildServerDevices [
(lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null))
(builtins.filter (k: k != null)) (builtins.filter (k: k != null))
@ -103,11 +106,15 @@ in
programs.ssh = { programs.ssh = {
knownHosts = buildServerKnownHosts; knownHosts = buildServerKnownHosts;
extraConfig = lib.concatStringsSep "\n" ( extraConfig = lib.concatStringsSep "\n" (
lib.mapAttrsToList (name: _: '' lib.mapAttrsToList (name: v:
Match originalhost ${name} user ${buildUser} let
IdentityFile ${clientSshKeyPath} names = lib.unique [ name (v.publicFqdn or name) ];
IdentitiesOnly yes in
'') buildServerDevices ''
Match originalhost ${lib.concatStringsSep "," names} user ${buildUser}
IdentityFile ${clientSshKeyPath}
IdentitiesOnly yes
'') buildServerDevices
); );
}; };
nix = { nix = {
@ -115,7 +122,7 @@ in
buildMachines = buildMachines; buildMachines = buildMachines;
settings = { settings = {
builders-use-substitutes = true; builders-use-substitutes = true;
substituters = map (m: "ssh-ng://${buildUser}@${m.hostName}") ( substituters = map (m: "ssh-ng://${buildUser}@${sshHostname m}") (
builtins.filter (m: m.distributedBuilds ? storeSigningPublicKey) remoteBuildServerDevices builtins.filter (m: m.distributedBuilds ? storeSigningPublicKey) remoteBuildServerDevices
); );
}; };