From f8c0faa99eef5bec712d758c551c64826415ba64 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 8 Oct 2024 12:34:31 +0200 Subject: [PATCH 1/4] feat(macos-remote-bulder): authorize buildbot-nix-0 --- modules/nixos/macos-remote-builder.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/macos-remote-builder.nix b/modules/nixos/macos-remote-builder.nix index 9d6c2b37..00d74661 100644 --- a/modules/nixos/macos-remote-builder.nix +++ b/modules/nixos/macos-remote-builder.nix @@ -26,7 +26,7 @@ # setup ssh credentials for remote builds mkdir -p /Users/builder/.ssh/ echo "command=\"${pkgs.flock}/bin/flock -s /nix/var/nix/gc.lock nix-daemon --stdio\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1K1ZYBnf3UqQbln5Z8DLYsXyJo6pRAFISPQ7lJZpoO root@linux-builder-01" > /Users/builder/.ssh/authorized_keys - echo "command=\"${pkgs.flock}/bin/flock -s /nix/var/nix/gc.lock nix-daemon --stdio\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6c6N8EnOvMt2GyS3Gp4akujyCIRKi1cXohf8+cXmKc root@linux-builder-02" >> /Users/builder/.ssh/authorized_keys + echo "command=\"${pkgs.flock}/bin/flock -s /nix/var/nix/gc.lock nix-daemon --stdio\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqhOu9oMwDlfQFRTBKAdCe4IZmcGrrbDABP576Q+BYW root@buildbot-nix-0" >> /Users/builder/.ssh/authorized_keys chown -R builder:staff /Users/builder/.ssh/ chmod 700 /Users/builder/.ssh/ chmod 400 /Users/builder/.ssh/authorized_keys From a0206f82096e06047a6986ae8e5e9302c974ff78 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 8 Oct 2024 16:09:22 +0200 Subject: [PATCH 2/4] feat(apps-ssh): add ssh--ping-builders command --- modules/flake-parts/apps.ssh-/default.nix | 37 +++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/modules/flake-parts/apps.ssh-/default.nix b/modules/flake-parts/apps.ssh-/default.nix index c6450730..4b44cb9c 100644 --- a/modules/flake-parts/apps.ssh-/default.nix +++ b/modules/flake-parts/apps.ssh-/default.nix @@ -31,9 +31,46 @@ config.apps = let configurations = (self.darwinConfigurations // self.nixosConfigurations); + individual = lib.mapAttrs' mkSshApp configurations; + + distributers = { + inherit (self.nixosConfigurations) linux-builder-01 buildbot-nix-0; + }; + mkBuilderPingCommand = + distributorConfig: + builtins.concatStringsSep ''&& '' ( + builtins.map (buildMachineAttrs: '' + (timeout 10s ssh -No StrictHostKeyChecking=accept-new ${buildMachineAttrs.sshUser}@${buildMachineAttrs.hostName} || true) && nix store info --store 'ssh-ng://${buildMachineAttrs.sshUser}@${buildMachineAttrs.hostName}' + '') distributorConfig.config.nix.buildMachines + ); + + /* + adds one command for every host that has the nix-build-distributor module imported. + this command will accept the host keys of all the configured buildMachines and check whether nix can successfully establish a remote connection. + note that execution takes 10 seconds per buildMachine, because the the key acceptance command hangs indefinitely in the success case. + + run for example: `nix run .\#ssh-buildbot-nix-0-ping-builders + */ + distributerNixPingBuilders = lib.mapAttrs' ( + attrName: config: + lib.nameValuePair "${prefix}${attrName}-ping-builders" { + type = "app"; + program = builtins.toString ( + pkgs.writeShellScript "${prefix}${attrName}-ping-builders" '' + exec ${ + mkSsh { + inherit attrName; + inherit (config.config) hostName deployUser; + } + } bash -c "${lib.strings.escapeShellArg (mkBuilderPingCommand config)}" + '' + ); + } + ) distributers; in individual + // distributerNixPingBuilders // { "${prefix}all" = { type = "app"; From e89d95eea532dfb39aad800a6e72b64ed32080c5 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 8 Oct 2024 16:10:15 +0200 Subject: [PATCH 3/4] feat(buildbot-nix-0): add darwin buildSystems --- .../nixosConfigurations.buildbot-nix-0/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix index 51fee660..21704392 100644 --- a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix @@ -204,8 +204,8 @@ buildSystems = [ "x86_64-linux" # "aarch64-linux" - # "x86_64-darwin" - # "aarch64-darwin" + "x86_64-darwin" + "aarch64-darwin" ]; domain = config.passthru.buildbot-nix.appFqdn; outputsPath = "/var/www/buildbot/nix-outputs/"; From 98fd14d07ba9c20074adb90ee20e2bc0e4cb418e Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 8 Oct 2024 18:35:44 +0200 Subject: [PATCH 4/4] feat(github/workflows/$pr): remove darwin builders from matrix this effectively disables the workflow as there are no OSs configured for running the job. --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 160120de..d2b5c1a9 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -11,7 +11,7 @@ jobs: strategy: fail-fast: false matrix: - os: [macos-latest, macos-13] + os: [ ] name: OS runs-on: ${{ matrix.os }} permissions: