From 9e806117ff00be7cec8c5aa8d03c45bcec526542 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Thu, 25 Jul 2024 11:05:47 -0500 Subject: [PATCH] split runners into separate arch types --- .forgejo/workflows/build.yaml | 45 ++++--------- flake.nix | 122 +++++++++++++++++++--------------- 2 files changed, 81 insertions(+), 86 deletions(-) diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index 5bd012b..302c9e7 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -34,43 +34,24 @@ jobs: - name: Garbage collect build dependencies run: nix-collect-garbage - - name: Build new ${{ matrix.system }} system + - name: Build new ${{ matrix.system }} system and push to cachix + id: "build" shell: bash run: | set -o pipefail - nix build \ - ".#top.${{ matrix.system }}" \ - --profile ./profile \ - --fallback \ - -v \ - --log-format raw \ - > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2) - - name: Push to Cachix + DRVOUT=$(nix build ".#deploy-json.${{ matrix.system }}" --print-out-paths) + ::set-output name=build_output::$DRVOUT + - name: Push cache for ${{ matrix.system }} to cachix + id: "push-to-cachix" if: success() env: CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} run: | - nix build .#deploy-json --print-out-paths | cachix push hsndev - - nix-build-success: - if: ${{ always() }} - needs: - - nix-build - name: Nix Build Successful - runs-on: docker - steps: - - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} - name: Check matrix status - run: exit 1 - deploy: - if: success() - needs: - - nix-build-success - runs-on: docker - env: - CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }} - steps: - - name: Deploy Runners + echo ${{steps.build_push.outputs.build_output}} | cachix push hsndev + - name: Deploy ${{ matrix.system }} runners + id: "deploy" + if: success() + env: + CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }} run: | - spec=$(nix build .#deploy-json --print-out-paths) - cachix deploy activate $spec + cachix deploy activate ${{ steps.build_push.outputs.build_output }} \ No newline at end of file diff --git a/flake.nix b/flake.nix index d92fc9b..be7f51e 100644 --- a/flake.nix +++ b/flake.nix @@ -34,24 +34,24 @@ }; aarch64-linux-modules = [ sops-nix.nixosModules.sops - srvos.nixosModules.hardware-hetzner-cloud - srvos.nixosModules.server - srvos.nixosModules.mixins-systemd-boot - disko.nixosModules.disko - ./agents/fj-hetzner-aarch64.nix - (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) - { - boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "fj-hetzner-aarch64-01"; - users.users.root.openssh.authorizedKeys.keys = - [ + srvos.nixosModules.hardware-hetzner-cloud + srvos.nixosModules.server + srvos.nixosModules.mixins-systemd-boot + disko.nixosModules.disko + ./agents/fj-hetzner-aarch64.nix + (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) + { + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "fj-hetzner-aarch64-01"; + users.users.root.openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "without-password"; - } + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; + } ]; x86_64-linux-modules = [ sops-nix.nixosModules.sops @@ -64,35 +64,35 @@ { boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "fj-shadowfax-01"; - users.users.root.openssh.authorizedKeys.keys = - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" - ]; + users.users.root.openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" + ]; services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "without-password"; } ]; - in + in { # NixOS configurations for manual deployment - nixosConfigurations = - { - "fj-hetzner-aarch64-01" = lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = {inherit inputs; }; - modules = aarch64-linux-modules; - }; + nixosConfigurations = + { + "fj-hetzner-aarch64-01" = lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = aarch64-linux-modules; + }; - "fj-shadowfax-01" = lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs; }; - modules = x86_64-linux-modules; + "fj-shadowfax-01" = lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = x86_64-linux-modules; + }; }; - }; # Cachix deploy for automated deployments - packages.aarch64-linux.default = + packages.aarch64-linux.default = let inherit (common "aarch64-linux") cachix-deploy-lib pkgs; in @@ -110,30 +110,44 @@ # Constructs a deploy.json output that can be used to deploy the runners # https://docs.cachix.org/deploy/reference#deploy-json - deploy-json = - let - inherit (common "aarch64-linux") cachix-deploy-lib; - in - cachix-deploy-lib.spec + + deploy-json = { - agents = { - "fj-hetzner-aarch64-01" = - let - inherit (common "aarch64-linux") cachix-deploy-lib pkgs; - in - cachix-deploy-lib.nixos { - # system = "aarch64-linux"; - imports = aarch64-linux-modules; + "aarch64-linux" = + let + inherit (common "aarch64-linux") cachix-deploy-lib; + in + cachix-deploy-lib.spec + { + agents = { + "fj-hetzner-aarch64-01" = + let + inherit (common "aarch64-linux") cachix-deploy-lib pkgs; + in + cachix-deploy-lib.nixos { + # system = "aarch64-linux"; + imports = aarch64-linux-modules; + }; + }; }; - "fj-shadowfax-01" = - let - inherit (common "x86_64-linux") cachix-deploy-lib pkgs; - in - cachix-deploy-lib.nixos { - imports = x86_64-linux-modules; + "x86_64-linux" = + let + inherit (common "x86_64-linux") cachix-deploy-lib; + in + cachix-deploy-lib.spec + { + agents = { + "fj-shadowfax-01" = + let + inherit (common "x86_64-linux") cachix-deploy-lib pkgs; + in + cachix-deploy-lib.nixos { + imports = x86_64-linux-modules; + }; + }; }; - }; }; + # Convenience output that aggregates the outputs for home, nixos. # Also used in ci to build targets generally. top =