darwinConfigurations/builder: init · scrumplex.net/flake@096724b

scrumplex.net / flake

fork atom

❄️ Dotfiles and NixOS configurations

fork atom

darwinConfigurations/builder: init

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>

scrumplex.net 1 year ago 096724b0 3d2a81bf

+132

7 changed files

expand all

darwinConfigurations

builder

configuration.nix

default.nix

common

openssh.nix

remote-build-provider.nix

flake.lock

flake.nix

nixosConfigurations

common

remote-build-consumer.nix

+48

darwinConfigurations/builder/configuration.nix

··· 1 + { 2 + inputs, 3 + pkgs, 4 + ... 5 + }: { 6 + imports = [ 7 + inputs.srvos.darwinModules.server 8 + ../common/openssh.nix 9 + ../common/remote-build-provider.nix 10 + ]; 11 + 12 + system.stateVersion = 5; 13 + 14 + programs.zsh.enable = true; 15 + programs.zsh.enableCompletion = false; 16 + programs.bash.enable = true; 17 + programs.bash.completion.enable = true; 18 + 19 + services.nix-daemon.enable = true; 20 + 21 + nix = { 22 + package = pkgs.nix; 23 + settings = { 24 + "extra-experimental-features" = [ 25 + "nix-command" 26 + "flakes" 27 + ]; 28 + max-jobs = 4; 29 + cores = 2; 30 + }; 31 + 32 + gc = { 33 + automatic = true; 34 + user = ""; 35 + interval = { 36 + Minute = 15; 37 + }; 38 + options = let 39 + gbFree = 50; 40 + in "--max-freed $((${toString gbFree} * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; 41 + }; 42 + # If we drop below 20GiB during builds, free 20GiB 43 + extraOptions = '' 44 + min-free = ${toString (30 * 1024 * 1024 * 1024)} 45 + max-free = ${toString (50 * 1024 * 1024 * 1024)} 46 + ''; 47 + }; 48 + }

+15

darwinConfigurations/builder/default.nix

··· 1 + {inputs, ...}: { 2 + flake.darwinConfigurations = { 3 + builder = inputs.darwin.lib.darwinSystem { 4 + system = "aarch64-darwin"; 5 + 6 + modules = [ 7 + ./configuration.nix 8 + ]; 9 + 10 + specialArgs = { 11 + inherit inputs; 12 + }; 13 + }; 14 + }; 15 + }

darwinConfigurations/common/openssh.nix

··· 1 + { 2 + users.users.root.openssh.authorizedKeys.keys = [ 3 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV9lYhi0kcwAAjPTMl6sycwCGkjrI0bvTIwpPuXkW2W scrumplex@andromeda" 4 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4jTPHOnfxvBOcVmExcU+j2u9Lsf1OoVG/ols2Met9/ scrumplex@dyson" 5 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJiQEIN+AnXuJFNqw04h/LSGF1bu8cS5PjzgIpn5QTX1 termux@void" 6 + ]; 7 + }

+25

darwinConfigurations/common/remote-build-provider.nix

··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: let 7 + environment = lib.concatStringsSep " " [ 8 + "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" 9 + ]; 10 + 11 + authorizedNixStoreKey = key: "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --store daemon --write\" ${key}"; 12 + in { 13 + users.knownUsers = ["bob-the-builder"]; 14 + users.users.bob-the-builder = { 15 + uid = 502; 16 + createHome = true; 17 + home = "/Users/bob-the-builder"; 18 + shell = pkgs.bashInteractive; 19 + openssh.authorizedKeys.keys = [ 20 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0NTTsagVihqSLWR9gHcH6cWkADIQdI1YKEuogq71Gw" 21 + ]; 22 + }; 23 + 24 + nix.settings.trusted-users = ["bob-the-builder"]; 25 + }

+21

flake.lock

··· 117 117 "type": "github" 118 118 } 119 119 }, 120 + "darwin_2": { 121 + "inputs": { 122 + "nixpkgs": [ 123 + "nixpkgs" 124 + ] 125 + }, 126 + "locked": { 127 + "lastModified": 1730698801, 128 + "narHash": "sha256-sq68bCmk4tCXSt5CoRNimfigIZSLJSpNi/gjFtNLjRE=", 129 + "owner": "LnL7", 130 + "repo": "nix-darwin", 131 + "rev": "189d2d422c773fa065cc9c72e6806f007ebb9be0", 132 + "type": "github" 133 + }, 134 + "original": { 135 + "owner": "LnL7", 136 + "repo": "nix-darwin", 137 + "type": "github" 138 + } 139 + }, 120 140 "devshell": { 121 141 "inputs": { 122 142 "nixpkgs": [ ··· 735 755 "buildbot-nix": "buildbot-nix", 736 756 "catppuccin": "catppuccin", 737 757 "catppuccin-qt5ct": "catppuccin-qt5ct", 758 + "darwin": "darwin_2", 738 759 "disko": "disko", 739 760 "flake-parts": "flake-parts", 740 761 "git-hooks": "git-hooks",

flake.nix

··· 33 33 url = "github:nix-community/home-manager"; 34 34 inputs.nixpkgs.follows = "nixpkgs"; 35 35 }; 36 + darwin = { 37 + url = "github:LnL7/nix-darwin"; 38 + inputs.nixpkgs.follows = "nixpkgs"; 39 + }; 36 40 nixvim = { 37 41 url = "github:nix-community/nixvim"; 38 42 inputs.nixpkgs.follows = "nixpkgs"; ··· 150 154 ./nixosConfigurations/cosmos 151 155 ./nixosConfigurations/eclipse 152 156 ./nixosConfigurations/universe 157 + 158 + ./darwinConfigurations/builder 153 159 154 160 ./openwrt 155 161

+10

nixosConfigurations/common/remote-build-consumer.nix

··· 23 23 speedFactor = 1; 24 24 supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; 25 25 } 26 + { 27 + hostName = "mini.scrumplex.net"; 28 + sshUser = "bob-the-builder"; 29 + sshKey = config.age.secrets."bob-the-builder.key".path; 30 + system = "aarch64-darwin"; 31 + protocol = "ssh-ng"; 32 + maxJobs = 8; 33 + speedFactor = 1; 34 + supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "apple-virt"]; 35 + } 26 36 ]; 27 37 distributedBuilds = true; 28 38 settings.builders-use-substitutes = true;