split runners into separate arch types
Some checks failed
Build / nix-build (native-aarch64, fj-hetzner-aarch64-01) (push) Failing after 13s
Build / nix-build (native-x86_64, fj-shadowfax-01) (push) Failing after 12s

This commit is contained in:
Joseph Hanson 2024-07-25 11:05:47 -05:00
parent 17b3fba5f6
commit 9e806117ff
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
2 changed files with 81 additions and 86 deletions

View file

@ -34,43 +34,24 @@ jobs:
- name: Garbage collect build dependencies - name: Garbage collect build dependencies
run: nix-collect-garbage run: nix-collect-garbage
- name: Build new ${{ matrix.system }} system - name: Build new ${{ matrix.system }} system and push to cachix
id: "build"
shell: bash shell: bash
run: | run: |
set -o pipefail set -o pipefail
nix build \ DRVOUT=$(nix build ".#deploy-json.${{ matrix.system }}" --print-out-paths)
".#top.${{ matrix.system }}" \ ::set-output name=build_output::$DRVOUT
--profile ./profile \ - name: Push cache for ${{ matrix.system }} to cachix
--fallback \ id: "push-to-cachix"
-v \
--log-format raw \
> >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
- name: Push to Cachix
if: success() if: success()
env: env:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
run: | run: |
nix build .#deploy-json --print-out-paths | cachix push hsndev echo ${{steps.build_push.outputs.build_output}} | cachix push hsndev
- name: Deploy ${{ matrix.system }} runners
nix-build-success: id: "deploy"
if: ${{ always() }} if: success()
needs: env:
- nix-build CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
name: Nix Build Successful
runs-on: docker
steps:
- if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
name: Check matrix status
run: exit 1
deploy:
if: success()
needs:
- nix-build-success
runs-on: docker
env:
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
steps:
- name: Deploy Runners
run: | run: |
spec=$(nix build .#deploy-json --print-out-paths) cachix deploy activate ${{ steps.build_push.outputs.build_output }}
cachix deploy activate $spec

122
flake.nix
View file

@ -34,24 +34,24 @@
}; };
aarch64-linux-modules = [ aarch64-linux-modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
srvos.nixosModules.hardware-hetzner-cloud srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko disko.nixosModules.disko
./agents/fj-hetzner-aarch64.nix ./agents/fj-hetzner-aarch64.nix
(import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; }) (import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; })
{ {
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-hetzner-aarch64-01"; networking.hostName = "fj-hetzner-aarch64-01";
users.users.root.openssh.authorizedKeys.keys = users.users.root.openssh.authorizedKeys.keys =
[ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
]; ];
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password"; services.openssh.settings.PermitRootLogin = "without-password";
} }
]; ];
x86_64-linux-modules = [ x86_64-linux-modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -64,35 +64,35 @@
{ {
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-shadowfax-01"; networking.hostName = "fj-shadowfax-01";
users.users.root.openssh.authorizedKeys.keys = users.users.root.openssh.authorizedKeys.keys =
[ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
]; ];
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password"; services.openssh.settings.PermitRootLogin = "without-password";
} }
]; ];
in in
{ {
# NixOS configurations for manual deployment # NixOS configurations for manual deployment
nixosConfigurations = nixosConfigurations =
{ {
"fj-hetzner-aarch64-01" = lib.nixosSystem { "fj-hetzner-aarch64-01" = lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = {inherit inputs; }; specialArgs = { inherit inputs; };
modules = aarch64-linux-modules; modules = aarch64-linux-modules;
}; };
"fj-shadowfax-01" = lib.nixosSystem { "fj-shadowfax-01" = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs; }; specialArgs = { inherit inputs; };
modules = x86_64-linux-modules; modules = x86_64-linux-modules;
};
}; };
};
# Cachix deploy for automated deployments # Cachix deploy for automated deployments
packages.aarch64-linux.default = packages.aarch64-linux.default =
let let
inherit (common "aarch64-linux") cachix-deploy-lib pkgs; inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
in in
@ -110,30 +110,44 @@
# Constructs a deploy.json output that can be used to deploy the runners # Constructs a deploy.json output that can be used to deploy the runners
# https://docs.cachix.org/deploy/reference#deploy-json # https://docs.cachix.org/deploy/reference#deploy-json
deploy-json =
let deploy-json =
inherit (common "aarch64-linux") cachix-deploy-lib;
in
cachix-deploy-lib.spec
{ {
agents = { "aarch64-linux" =
"fj-hetzner-aarch64-01" = let
let inherit (common "aarch64-linux") cachix-deploy-lib;
inherit (common "aarch64-linux") cachix-deploy-lib pkgs; in
in cachix-deploy-lib.spec
cachix-deploy-lib.nixos { {
# system = "aarch64-linux"; agents = {
imports = aarch64-linux-modules; "fj-hetzner-aarch64-01" =
let
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
in
cachix-deploy-lib.nixos {
# system = "aarch64-linux";
imports = aarch64-linux-modules;
};
};
}; };
"fj-shadowfax-01" = "x86_64-linux" =
let let
inherit (common "x86_64-linux") cachix-deploy-lib pkgs; inherit (common "x86_64-linux") cachix-deploy-lib;
in in
cachix-deploy-lib.nixos { cachix-deploy-lib.spec
imports = x86_64-linux-modules; {
agents = {
"fj-shadowfax-01" =
let
inherit (common "x86_64-linux") cachix-deploy-lib pkgs;
in
cachix-deploy-lib.nixos {
imports = x86_64-linux-modules;
};
};
}; };
};
}; };
# Convenience output that aggregates the outputs for home, nixos. # Convenience output that aggregates the outputs for home, nixos.
# Also used in ci to build targets generally. # Also used in ci to build targets generally.
top = top =