split runners into separate arch types
This commit is contained in:
parent
17b3fba5f6
commit
9e806117ff
2 changed files with 81 additions and 86 deletions
|
@ -34,43 +34,24 @@ jobs:
|
||||||
- name: Garbage collect build dependencies
|
- name: Garbage collect build dependencies
|
||||||
run: nix-collect-garbage
|
run: nix-collect-garbage
|
||||||
|
|
||||||
- name: Build new ${{ matrix.system }} system
|
- name: Build new ${{ matrix.system }} system and push to cachix
|
||||||
|
id: "build"
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
nix build \
|
DRVOUT=$(nix build ".#deploy-json.${{ matrix.system }}" --print-out-paths)
|
||||||
".#top.${{ matrix.system }}" \
|
::set-output name=build_output::$DRVOUT
|
||||||
--profile ./profile \
|
- name: Push cache for ${{ matrix.system }} to cachix
|
||||||
--fallback \
|
id: "push-to-cachix"
|
||||||
-v \
|
|
||||||
--log-format raw \
|
|
||||||
> >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
|
|
||||||
- name: Push to Cachix
|
|
||||||
if: success()
|
if: success()
|
||||||
env:
|
env:
|
||||||
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
nix build .#deploy-json --print-out-paths | cachix push hsndev
|
echo ${{steps.build_push.outputs.build_output}} | cachix push hsndev
|
||||||
|
- name: Deploy ${{ matrix.system }} runners
|
||||||
nix-build-success:
|
id: "deploy"
|
||||||
if: ${{ always() }}
|
if: success()
|
||||||
needs:
|
env:
|
||||||
- nix-build
|
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
|
||||||
name: Nix Build Successful
|
|
||||||
runs-on: docker
|
|
||||||
steps:
|
|
||||||
- if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
|
|
||||||
name: Check matrix status
|
|
||||||
run: exit 1
|
|
||||||
deploy:
|
|
||||||
if: success()
|
|
||||||
needs:
|
|
||||||
- nix-build-success
|
|
||||||
runs-on: docker
|
|
||||||
env:
|
|
||||||
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
|
|
||||||
steps:
|
|
||||||
- name: Deploy Runners
|
|
||||||
run: |
|
run: |
|
||||||
spec=$(nix build .#deploy-json --print-out-paths)
|
cachix deploy activate ${{ steps.build_push.outputs.build_output }}
|
||||||
cachix deploy activate $spec
|
|
122
flake.nix
122
flake.nix
|
@ -34,24 +34,24 @@
|
||||||
};
|
};
|
||||||
aarch64-linux-modules = [
|
aarch64-linux-modules = [
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
srvos.nixosModules.hardware-hetzner-cloud
|
srvos.nixosModules.hardware-hetzner-cloud
|
||||||
srvos.nixosModules.server
|
srvos.nixosModules.server
|
||||||
srvos.nixosModules.mixins-systemd-boot
|
srvos.nixosModules.mixins-systemd-boot
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
./agents/fj-hetzner-aarch64.nix
|
./agents/fj-hetzner-aarch64.nix
|
||||||
(import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; })
|
(import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; })
|
||||||
{
|
{
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
networking.hostName = "fj-hetzner-aarch64-01";
|
networking.hostName = "fj-hetzner-aarch64-01";
|
||||||
users.users.root.openssh.authorizedKeys.keys =
|
users.users.root.openssh.authorizedKeys.keys =
|
||||||
[
|
[
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
||||||
];
|
];
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.settings.PermitRootLogin = "without-password";
|
services.openssh.settings.PermitRootLogin = "without-password";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
x86_64-linux-modules = [
|
x86_64-linux-modules = [
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
|
@ -64,35 +64,35 @@
|
||||||
{
|
{
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
networking.hostName = "fj-shadowfax-01";
|
networking.hostName = "fj-shadowfax-01";
|
||||||
users.users.root.openssh.authorizedKeys.keys =
|
users.users.root.openssh.authorizedKeys.keys =
|
||||||
[
|
[
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
||||||
];
|
];
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.settings.PermitRootLogin = "without-password";
|
services.openssh.settings.PermitRootLogin = "without-password";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# NixOS configurations for manual deployment
|
# NixOS configurations for manual deployment
|
||||||
nixosConfigurations =
|
nixosConfigurations =
|
||||||
{
|
{
|
||||||
"fj-hetzner-aarch64-01" = lib.nixosSystem {
|
"fj-hetzner-aarch64-01" = lib.nixosSystem {
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
specialArgs = {inherit inputs; };
|
specialArgs = { inherit inputs; };
|
||||||
modules = aarch64-linux-modules;
|
modules = aarch64-linux-modules;
|
||||||
};
|
};
|
||||||
|
|
||||||
"fj-shadowfax-01" = lib.nixosSystem {
|
"fj-shadowfax-01" = lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = {inherit inputs; };
|
specialArgs = { inherit inputs; };
|
||||||
modules = x86_64-linux-modules;
|
modules = x86_64-linux-modules;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
# Cachix deploy for automated deployments
|
# Cachix deploy for automated deployments
|
||||||
packages.aarch64-linux.default =
|
packages.aarch64-linux.default =
|
||||||
let
|
let
|
||||||
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
|
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
|
||||||
in
|
in
|
||||||
|
@ -110,30 +110,44 @@
|
||||||
|
|
||||||
# Constructs a deploy.json output that can be used to deploy the runners
|
# Constructs a deploy.json output that can be used to deploy the runners
|
||||||
# https://docs.cachix.org/deploy/reference#deploy-json
|
# https://docs.cachix.org/deploy/reference#deploy-json
|
||||||
deploy-json =
|
|
||||||
let
|
deploy-json =
|
||||||
inherit (common "aarch64-linux") cachix-deploy-lib;
|
|
||||||
in
|
|
||||||
cachix-deploy-lib.spec
|
|
||||||
{
|
{
|
||||||
agents = {
|
"aarch64-linux" =
|
||||||
"fj-hetzner-aarch64-01" =
|
let
|
||||||
let
|
inherit (common "aarch64-linux") cachix-deploy-lib;
|
||||||
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
|
in
|
||||||
in
|
cachix-deploy-lib.spec
|
||||||
cachix-deploy-lib.nixos {
|
{
|
||||||
# system = "aarch64-linux";
|
agents = {
|
||||||
imports = aarch64-linux-modules;
|
"fj-hetzner-aarch64-01" =
|
||||||
|
let
|
||||||
|
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
|
||||||
|
in
|
||||||
|
cachix-deploy-lib.nixos {
|
||||||
|
# system = "aarch64-linux";
|
||||||
|
imports = aarch64-linux-modules;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
"fj-shadowfax-01" =
|
"x86_64-linux" =
|
||||||
let
|
let
|
||||||
inherit (common "x86_64-linux") cachix-deploy-lib pkgs;
|
inherit (common "x86_64-linux") cachix-deploy-lib;
|
||||||
in
|
in
|
||||||
cachix-deploy-lib.nixos {
|
cachix-deploy-lib.spec
|
||||||
imports = x86_64-linux-modules;
|
{
|
||||||
|
agents = {
|
||||||
|
"fj-shadowfax-01" =
|
||||||
|
let
|
||||||
|
inherit (common "x86_64-linux") cachix-deploy-lib pkgs;
|
||||||
|
in
|
||||||
|
cachix-deploy-lib.nixos {
|
||||||
|
imports = x86_64-linux-modules;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Convenience output that aggregates the outputs for home, nixos.
|
# Convenience output that aggregates the outputs for home, nixos.
|
||||||
# Also used in ci to build targets generally.
|
# Also used in ci to build targets generally.
|
||||||
top =
|
top =
|
||||||
|
|
Loading…
Reference in a new issue