split runners into separate arch types
This commit is contained in:
parent
17b3fba5f6
commit
9e806117ff
SSH key fingerprint:
SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
2 changed files with 81 additions and 86 deletions
|
|
@ -34,43 +34,24 @@ jobs:
|
|||
- name: Garbage collect build dependencies
|
||||
run: nix-collect-garbage
|
||||
|
||||
- name: Build new ${{ matrix.system }} system
|
||||
- name: Build new ${{ matrix.system }} system and push to cachix
|
||||
id: "build"
|
||||
shell: bash
|
||||
run: |
|
||||
set -o pipefail
|
||||
nix build \
|
||||
".#top.${{ matrix.system }}" \
|
||||
--profile ./profile \
|
||||
--fallback \
|
||||
-v \
|
||||
--log-format raw \
|
||||
> >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
|
||||
- name: Push to Cachix
|
||||
DRVOUT=$(nix build ".#deploy-json.${{ matrix.system }}" --print-out-paths)
|
||||
::set-output name=build_output::$DRVOUT
|
||||
- name: Push cache for ${{ matrix.system }} to cachix
|
||||
id: "push-to-cachix"
|
||||
if: success()
|
||||
env:
|
||||
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
||||
run: |
|
||||
nix build .#deploy-json --print-out-paths | cachix push hsndev
|
||||
|
||||
nix-build-success:
|
||||
if: ${{ always() }}
|
||||
needs:
|
||||
- nix-build
|
||||
name: Nix Build Successful
|
||||
runs-on: docker
|
||||
steps:
|
||||
- if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
|
||||
name: Check matrix status
|
||||
run: exit 1
|
||||
deploy:
|
||||
if: success()
|
||||
needs:
|
||||
- nix-build-success
|
||||
runs-on: docker
|
||||
env:
|
||||
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
|
||||
steps:
|
||||
- name: Deploy Runners
|
||||
echo ${{steps.build_push.outputs.build_output}} | cachix push hsndev
|
||||
- name: Deploy ${{ matrix.system }} runners
|
||||
id: "deploy"
|
||||
if: success()
|
||||
env:
|
||||
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
|
||||
run: |
|
||||
spec=$(nix build .#deploy-json --print-out-paths)
|
||||
cachix deploy activate $spec
|
||||
cachix deploy activate ${{ steps.build_push.outputs.build_output }}
|
||||
122
flake.nix
122
flake.nix
|
|
@ -34,24 +34,24 @@
|
|||
};
|
||||
aarch64-linux-modules = [
|
||||
sops-nix.nixosModules.sops
|
||||
srvos.nixosModules.hardware-hetzner-cloud
|
||||
srvos.nixosModules.server
|
||||
srvos.nixosModules.mixins-systemd-boot
|
||||
disko.nixosModules.disko
|
||||
./agents/fj-hetzner-aarch64.nix
|
||||
(import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; })
|
||||
{
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
networking.hostName = "fj-hetzner-aarch64-01";
|
||||
users.users.root.openssh.authorizedKeys.keys =
|
||||
[
|
||||
srvos.nixosModules.hardware-hetzner-cloud
|
||||
srvos.nixosModules.server
|
||||
srvos.nixosModules.mixins-systemd-boot
|
||||
disko.nixosModules.disko
|
||||
./agents/fj-hetzner-aarch64.nix
|
||||
(import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; })
|
||||
{
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
networking.hostName = "fj-hetzner-aarch64-01";
|
||||
users.users.root.openssh.authorizedKeys.keys =
|
||||
[
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
||||
];
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.PermitRootLogin = "without-password";
|
||||
}
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.PermitRootLogin = "without-password";
|
||||
}
|
||||
];
|
||||
x86_64-linux-modules = [
|
||||
sops-nix.nixosModules.sops
|
||||
|
|
@ -64,35 +64,35 @@
|
|||
{
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
networking.hostName = "fj-shadowfax-01";
|
||||
users.users.root.openssh.authorizedKeys.keys =
|
||||
[
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
||||
];
|
||||
users.users.root.openssh.authorizedKeys.keys =
|
||||
[
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
||||
];
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.PermitRootLogin = "without-password";
|
||||
}
|
||||
];
|
||||
in
|
||||
in
|
||||
{
|
||||
# NixOS configurations for manual deployment
|
||||
nixosConfigurations =
|
||||
{
|
||||
"fj-hetzner-aarch64-01" = lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
specialArgs = {inherit inputs; };
|
||||
modules = aarch64-linux-modules;
|
||||
};
|
||||
nixosConfigurations =
|
||||
{
|
||||
"fj-hetzner-aarch64-01" = lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = aarch64-linux-modules;
|
||||
};
|
||||
|
||||
"fj-shadowfax-01" = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs; };
|
||||
modules = x86_64-linux-modules;
|
||||
"fj-shadowfax-01" = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = x86_64-linux-modules;
|
||||
};
|
||||
};
|
||||
};
|
||||
# Cachix deploy for automated deployments
|
||||
packages.aarch64-linux.default =
|
||||
packages.aarch64-linux.default =
|
||||
let
|
||||
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
|
||||
in
|
||||
|
|
@ -110,30 +110,44 @@
|
|||
|
||||
# Constructs a deploy.json output that can be used to deploy the runners
|
||||
# https://docs.cachix.org/deploy/reference#deploy-json
|
||||
deploy-json =
|
||||
let
|
||||
inherit (common "aarch64-linux") cachix-deploy-lib;
|
||||
in
|
||||
cachix-deploy-lib.spec
|
||||
|
||||
deploy-json =
|
||||
{
|
||||
agents = {
|
||||
"fj-hetzner-aarch64-01" =
|
||||
let
|
||||
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
|
||||
in
|
||||
cachix-deploy-lib.nixos {
|
||||
# system = "aarch64-linux";
|
||||
imports = aarch64-linux-modules;
|
||||
"aarch64-linux" =
|
||||
let
|
||||
inherit (common "aarch64-linux") cachix-deploy-lib;
|
||||
in
|
||||
cachix-deploy-lib.spec
|
||||
{
|
||||
agents = {
|
||||
"fj-hetzner-aarch64-01" =
|
||||
let
|
||||
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
|
||||
in
|
||||
cachix-deploy-lib.nixos {
|
||||
# system = "aarch64-linux";
|
||||
imports = aarch64-linux-modules;
|
||||
};
|
||||
};
|
||||
};
|
||||
"fj-shadowfax-01" =
|
||||
let
|
||||
inherit (common "x86_64-linux") cachix-deploy-lib pkgs;
|
||||
in
|
||||
cachix-deploy-lib.nixos {
|
||||
imports = x86_64-linux-modules;
|
||||
"x86_64-linux" =
|
||||
let
|
||||
inherit (common "x86_64-linux") cachix-deploy-lib;
|
||||
in
|
||||
cachix-deploy-lib.spec
|
||||
{
|
||||
agents = {
|
||||
"fj-shadowfax-01" =
|
||||
let
|
||||
inherit (common "x86_64-linux") cachix-deploy-lib pkgs;
|
||||
in
|
||||
cachix-deploy-lib.nixos {
|
||||
imports = x86_64-linux-modules;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Convenience output that aggregates the outputs for home, nixos.
|
||||
# Also used in ci to build targets generally.
|
||||
top =
|
||||
|
|
|
|||
Loading…
Reference in a new issue