working

Author: randomizedcoder

hp/hp1/Makefile

@@ -30,8 +30,11 @@ rebuild_trace:
 update:
 	sudo nix flake update;
 
+update_flake:
+	sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update
+
 sync:
-	rsync -av /home/das/nixos/hp/hp1/ hp1:/home/das/nixos/hp/hp1/
+	rsync -av /home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ "${EXPECTED_HOSTNAME}":/home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/
 	#rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/
 
 # https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state

hp/hp1/configuration.nix

@@ -1,3 +1,6 @@
+#
+# hp/hp1/configuration.nix
+#
 { config, pkgs, ... }:
 
 # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F
@@ -60,17 +63,28 @@
   };
 
   nix = {
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [ "nix-command" "flakes" ];
+      download-buffer-size = "100000000";
+      builders-use-substitutes = true;
+    };
+    # https://nix.dev/tutorials/nixos/distributed-builds-setup.html#set-up-distributed-builds
+    distributedBuilds = true;
+    buildMachines = [{
+      hostName = "hp4";
+      sshUser = "remotebuild";
+      #sshKey = "/root/.ssh/remotebuild";
+      sshKey = "/home/das/.ssh/remotebuild";
+      system = pkgs.stdenv.hostPlatform.system;
+      supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ];
+    }];
     gc = {
       automatic = true;                  # Enable automatic execution of the task
       dates = "weekly";                  # Schedule the task to run weekly
       options = "--delete-older-than 10d";  # Specify options for the task: delete files older than 10 days
       randomizedDelaySec = "14m";        # Introduce a randomized delay of up to 14 minutes before executing the task
     };
-    settings = {
-      auto-optimise-store = true;
-      experimental-features = [ "nix-command" "flakes" ];
-      download-buffer-size = "100000000";
-    };
   };
 
   # find /run/opengl-driver -name "libamfrt64.so.1"
@@ -102,9 +116,6 @@
   # Set your time zone.
   time.timeZone = "America/Los_Angeles";
 
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
   environment.sessionVariables = {
     TERM = "xterm-256color";
     #MY_VARIABLE = "my-value";
@@ -121,9 +132,24 @@
     # https://nixos.wiki/wiki/SSH_public_key_authentication
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP3x3r8OZ5ya1GNLqmKOsKDX7oAR+BG9u4EozXvydtC das@hp0"
     ];
   };
 
+  # # https://github.com/colemickens/nixcfg/blob/1915d408ea28a5b7279f94df7a982dbf2cf692ef/mixins/ssh.nix#L13C1-L28C7
+  # system.activationScripts.root_ssh_config = {
+  #   text = ''
+  #     (
+  #       # symlink root ssh config to ours so daemon can use our agent/keys/etc...
+  #       mkdir -p /root/.ssh
+  #       ln -sf /home/das/.ssh/config /root/.ssh/config
+  #       ln -sf /home/das/.ssh/known_hosts /root/.ssh/known_hosts
+  #       ln -sf /home/das/.ssh/known_hosts /root/.ssh/known_hosts
+  #     )
+  #   '';
+  #   deps = [ ];
+  # };
+
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.mtr.enable = true;
@@ -136,6 +162,8 @@
      enableSSHSupport = true;
   };
 
+
+  # https://nixos.wiki/wiki/SSH
   services.openssh.enable = true;
 
   services.timesyncd.enable = true;

hp/hp1/flake.lock

@@ -16,6 +16,15 @@
     };
   };
 
+  nixConfig = {
+    extra-substituters = [
+      "http://hp4:5000"
+    ];
+    extra-trusted-public-keys = [
+      "hp4:YkYI70Fsy07fHWdh++V82b5Lgz03J9oE3KcIiFaJg8w="
+    ];
+  };
+
   outputs = inputs@{ nixpkgs, home-manager, ... }:
     let
       system = "x86_64-linux";

hp/hp1/flake.nix

@@ -136,6 +136,57 @@
     #signing.signByDefault = true;
   };
 
+  # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix
+  # https://mynixos.com/home-manager/options/programs.ssh
+  # programs.ssh = {
+  #   enable = true;
+  #   #   controlPath = "~/.ssh/control/master-%r@%h:%p";
+  #   #   controlPersist = "10m";
+  #   #   compression = true;
+  #   #   serverAliveInterval = 5;
+  #   extraConfig = ''
+  #     Host hp4
+  #       User remotebuild
+  #       IdentityFile ~/.ssh/remotebuild
+  #     Host *
+  #       User das
+  #       KeepAlive yes
+  #       ServerAliveInterval 10
+  #       Protocol 2
+  #       #UseRoaming no
+  #       ForwardAgent yes
+  #       KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+  #       Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+  #       # temp hmac-md5
+  #       #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-md5
+  #       MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
+  #       ControlMaster auto
+  #       ControlPath ~/.ssh/master-%r@%h:%p
+  #       ControlPersist 10m
+  #       Compression yes
+  #       Connecttimeout 10
+  #       HashKnownHosts no
+  #   '';
+
+    # matchBlocks = {
+    #   "hp4" = {
+    #     #hostname = "localhost";
+    #     #port = 2222;
+    #     #identityFile = remotebuild;
+    #   };
+    #   "*" = {
+    #     # everything sucks about SSH_AUTH_SOCK, so let's just control
+    #     # it and what it points to directly
+    #     User = "das";
+    #     KeepAlive = "yes";
+    #     ServerAliveInterval = 10;
+    #     Protocol = 2;
+    #   };
+    # };
+  #};
+  #aws ssh example
+  #https://discourse.nixos.org/t/is-there-a-nix-way-to-configure-ssh-server-connections/28033/7?u=randomizedcoder
+
   nixpkgs.config.allowUnfree = true;
 
   programs.home-manager.enable = true;

hp/hp1/home.nix

@@ -0,0 +1,5 @@
+
+
+nix-build --max-jobs 0 -E << EOF
+(import <nixpkgs> {}).writeText "test" "$(date)"
+EOF

hp/hp1/test_distributed_build.md

@@ -1,5 +1,5 @@
 #
-# nixos/hp4/Makefile
+# nixos/hp/hp4/Makefile
 #
 EXPECTED_HOSTNAME := hp4
 
@@ -16,14 +16,25 @@ else
 endif
 
 rebuild:
-	sudo cp /home/das/nixos/modules/* /etc/nixos/
-	sudo cp ./*.nix /etc/nixos/
-	sudo nix-channel --update
-	sudo nixos-rebuild switch
+	#sudo cp /home/das/nixos/modules/* /etc/nixos/
+	#sudo cp ./*.nix /etc/nixos/
+	#sudo nix-channel --update
+	#sudo nixos-rebuild switch
+	#sudo nix-channel --update;
+	sudo nixos-rebuild switch --flake .
+
+rebuild_trace:
+	sudo nixos-rebuild switch --show-trace --flake .
+
+update:
+	sudo nix flake update;
+
+update_flake:
+	sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update
 
 sync:
-	rsync -av /home/das/nixos/hp/hp4/ hp4:/home/das/nixos/hp4/
-	rsync -av /home/das/nixos/modules/ hp4:/home/das/nixos/modules/
+	rsync -av /home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/ "${EXPECTED_HOSTNAME}":/home/das/nixos/hp/"${EXPECTED_HOSTNAME}"/
+	#rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/
 
 # https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state
 nuke_k8s: check_hostname delete_k8s
@@ -32,6 +43,12 @@ delete_k8s:
 	sudo rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/
 	sudo rm -rf /etc/kube-flannel/ /etc/kubernetes/
 
+nuke_k3s: check_hostname delete_k3s
+
+delete k3s:
+	sudo rm -rf /var/lib/rancher/k3s/ /etc/rancher/k3s
+	k3s-killall.sh
+
 create_cert:
 # Generate private key
 	openssl genrsa -out /var/lib/kubernetes/secrets/cluster-admin.pem 4096
@@ -42,6 +59,16 @@ create_cert:
 # Issue certificate
 	openssl ca -config ./openssl_ca_config -in /var/lib/kubernetes/secrets/cluster-admin.csr -out /var/lib/kubernetes/secrets/cluster-admin.crt -days 365 -notext -batch
 
+# https://nixos.wiki/wiki/Binary_Cache
+# curl http://localhost:5000/nix-cache-info
+setup_nix_serve:
+	cd /var
+	nix-store --generate-binary-cache-key hp4 cache-priv-key.pem cache-pub-key.pem
+	chown nix-serve cache-priv-key.pem
+	chmod 600 cache-priv-key.pem
+	cat cache-pub-key.pem
 
+copy_lock:
+	scp hp4:/home/das/nixos/hp/hp4/flake.lock ./
 
 # end

hp/hp4/Makefile

@@ -0,0 +1,20 @@
+{ pkgs, config, ... }:
+{
+  services.athens = {
+    enable = true;
+    #openFirewall = true; # this doesn't exist any more?
+    port = 8888;
+    logLevel = "debug";
+    # storageType = "disk"; # disk is default
+    # diskStorageRoot = "/var/lib/athens";
+    #goBinary = unstable.go;
+    # https://mynixos.com/nixpkgs/option/services.athens.goBinary
+    goGetWorkers = 32; # default 10
+    indexType = "memory"; # default none
+    statsExporter = "prometheus";
+  };
+  # https://mynixos.com/nixpkgs/options/services.athens
+  # https://github.com/ditsuke/nixpkgs-compat/blob/master/nixos/modules/services/development/athens.md
+  # https://github.com/ditsuke/nixpkgs-compat/blob/master/nixos/modules/services/development/athens.nix
+  # journalctl -u athens.service -f
+}

hp/hp4/athens.nix

@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjiY/MIQUyp58JXt+fuy1mQWCZfFhbYoRK6jJN5ZxeV root@t
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMO7liZykpeI/ggPRBXQswdLAZWNWj+h8QA3hzQLi0ai das@hp1

hp/hp4/authorizedKeys

@@ -0,0 +1 @@
+hp4:YkYI70Fsy07fHWdh++V82b5Lgz03J9oE3KcIiFaJg8w=