allencai/ccl-nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: remote build for EFLKumo

Browse Source
This commit is contained in:
imxyy_soope_
2025-06-28 23:27:15 +08:00
parent f400aaf570
commit 7bacc8ae06
6 changed files with 75 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
config/hosts/imxyy-nix-server/build.nix Normal file
View File

@@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
sopsRoot,
...
}:
{
sops.secrets.et-imxyy-nix-server-nixremote = {
sopsFile = sopsRoot + /et-imxyy-nix-server-nixremote.toml;
format = "binary";
};
environment.systemPackages = [ pkgs.easytier ];
systemd.services."easytier-nixremote" = {
enable = true;
script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-server-nixremote.path}";
serviceConfig = {
Restart = lib.mkOverride 500 "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m";
RestartSec = lib.mkOverride 500 "100ms";
RestartSteps = lib.mkOverride 500 9;
User = "root";
};
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"sops-nix.service"
];
};
users.groups.nixremote = { };
users.users.nixremote = {
isSystemUser = true;
description = "nix remote build user";
group = "nixremote";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIENauvvhVMLsUwH9cPYsvnOg7VCL3a4yEiKm8I524TE efl@efl-nix"
];
};
nix.settings.trusted-users = [
"nixremote"
];
}

1
config/hosts/imxyy-nix-server/default.nix
View File

@@ -21,5 +21,6 @@
./note.nix ./note.nix
./matrix.nix ./matrix.nix
./minio.nix ./minio.nix
./build.nix
]; ];
} }

7
config/hosts/imxyy-nix-server/net.nix
View File

@@ -455,7 +455,7 @@
environment.systemPackages = [ pkgs.easytier ]; environment.systemPackages = [ pkgs.easytier ];
systemd.services."easytier" = { systemd.services."easytier" = {
enable = true; enable = true;
script = "easytier-core -c ${config.sops.secrets.et-imxyy-nix-server.path}"; script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-server.path}";
serviceConfig = { serviceConfig = {
Restart = lib.mkOverride 500 "always"; Restart = lib.mkOverride 500 "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m"; RestartMaxDelaySec = lib.mkOverride 500 "1m";
@@ -468,11 +468,6 @@
"network.target" "network.target"
"sops-nix.service" "sops-nix.service"
]; ];
path = with pkgs; [
easytier
iproute2
bash
];
}; };
virtualisation.oci-containers = { virtualisation.oci-containers = {

5
config/hosts/imxyy-nix-server/samba.nix
View File

@@ -26,9 +26,8 @@
]; ];
users = { users = {
users.nas = { users.nas = {
isNormalUser = true; isSystemUser = true;
home = "/var/empty"; description = "NAS user";
description = "nas user";
group = "nextcloud"; group = "nextcloud";
}; };
}; };

7
config/hosts/imxyy-nix/net.nix
View File

@@ -113,7 +113,7 @@
environment.systemPackages = [ pkgs.easytier ]; environment.systemPackages = [ pkgs.easytier ];
systemd.services."easytier" = { systemd.services."easytier" = {
enable = true; enable = true;
script = "easytier-core -c ${config.sops.secrets.et-imxyy-nix.path}"; script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix.path}";
serviceConfig = { serviceConfig = {
Restart = lib.mkOverride 500 "always"; Restart = lib.mkOverride 500 "always";
RestartMaxDelaySec = lib.mkOverride 500 "1m"; RestartMaxDelaySec = lib.mkOverride 500 "1m";
@@ -126,10 +126,5 @@
"network.target" "network.target"
"sops-nix.service" "sops-nix.service"
]; ];
path = with pkgs; [
easytier
iproute2
bash
];
}; };
} }

23
secrets/et-imxyy-nix-server-nixremote.toml Normal file
View File

@@ -0,0 +1,23 @@
{
"data": "ENC[AES256_GCM,data:XGaYFf+y9qx3lKof7LiL08cv2xmm39Cx7yvCvjQj2hL9OGuB6mOQ8WYD+O6HpJaAJTGzpEE/965mA0fZ1Qjl7kyXeeE4DzPv32N8a6lM4+m8qMJhwTZt1gOe3HqwKl+4j7T2CJeNXKgSJaaMOzmJztOBxoL+RUj4ozhjUJJNLonzbsKsOVCA9RCbySDulUA6L14H7+4ouG1MvVQ8pz6OoKejGg62UYXQXmUDSmE2iGj45GaYzQJYGajxBPhbnuu/p5fd5WhPF1Eg7RRJ3WlMISwdP+4v6t2YC3Dg1faC+hEVFiMcC4Cu1Oh6bpaU1FIU7PlkCvZnIQ+pYEHOoc+4Csw4707Tgcly8I16qKEnZOd9emK3ZeUUCL8lzQDJfSQRYv5adf81tEpj1ki2H9FDOGFcDjFnZ13DE+SrTOXRbuepGLCycxHCEArL70TCMHMWInUubajN1bSd4elcPMimKQjGAgYVmEv/RUD1wYQ5N07dzp9Wb6hRcB9Cu7bdZ+5BywjEfxkQzl0l8Y9moQa8pRXdoC8pt+qOXCvKox9epWJlMOy8Ryhs1E2YF6UiL9w8HttDCrfRtXyD172KJKYXLx4bmPCtxDTAhViaDF+HlfUScvH/0fs8lnwhuRkrqXtjEvhT8mecIFB6Mxmy/2BNIb5XLKn4sWQoMG5pHK+q8KRV9XYpzoau+RtM3+Y7JYULLl9laDRdvY5akPIdwYPEVLcFnfvkeTxb2ZUwm3kmkkNiqQNfFubDuEEtIwPbs5S8bVFaXto5+PElpTKtmrU1xiIRa+xZ2KhKJYsnLK9BlC4aRKGR5HDmFxfSKg+sif4=,iv:Aw02ogS30lI3rRGREaeOBFN9RR+KOvWQ0ZIzQNgCVK0=,tag:p8PYkQ8wB6cUDzMP60+dzQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1jf5pg2x6ta8amj40xdy0stvcvrdlkwc2nrwtmkpymu0qclk0eg5qmm9kns",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZG5leDR3SjhWcFFHMlpX\nNkZxc3cyWFRCazZqdEl2NVAxKzJhbkNQREJJClo2V01GYVpEN0tqOEIzSVVSU0hW\nNzFVMjhnSkcyQzFFSlpXSkpLWXJQVk0KLS0tIHFZM0V6Q2FWc1RhTWt5c0RGcXVB\nUVVSOEpNcllnM0pDSThjekpZcVc3TlEKYaYylNY/0gnWCaon0SrMDsVNTp7pXxOw\nr9+yYlaD/JQjOqZxuLYDZ27PxLwhAzRA2uVnHan2QcA1Yr84xMVNlg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hpgg6psejh4y6jcdd34wxuml75fnweqpe0kh8376yqsctsfn9qxs037kk6",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUEllejRyUU9kZHA5MmlU\ndG5xUElFZG1OTzNGUytVb0Z4TE5zL3ZrejAwCnZaT1VTdWZxbVFOU2ZZMXMwc0VX\nTGp6WFMzSk1sV2xOejJ2VjR6QnFpWEEKLS0tIEk2dEdXaDhsV3FnSmhXQlhUc21I\nY3pMNVExc0tDV1crazIvODg5WUNYdG8KliiK+R1cIYw9IBYOxdpC/oZNKQqdbUBR\nDnMjZVqL8zn3UsA0glCBcz3gER99Pzg40r94/qAg5t6T4YJ5ByzJBg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tp7th3rrv3x0l6jl76n0hjqjp223w2y586pkgr0hcjwdm254jd5shkj6a8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjdGg3QS93dHd1N3ZmMUpl\nVSt1NWplR0RoVEpTRTFMNDdxbVloclJUR0NjClgzalltamFtV0lYUHI5bUdpb1N1\nY0Y2NkxNRnVVMkJpNHZVdCtFdUdYRlkKLS0tIE1CNVYwbFFDUVJsRVFZR2c3cndU\nNTJncVZ2NkdXRnhKR1ZSdGcrWXVrK28K9pUGqIy3hT7VZ5JRcLaAZtGG1VxEPOlG\npDcrDoTRmZjAtaTLXu4bgQTUQaDa3iRWlm9gfRzAa7jSlu3M3OTcOw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-06-28T15:14:52Z",
"mac": "ENC[AES256_GCM,data:tAX/KU/iqeBr6AC4kLOqEF9NV6hfQNre8Yg1wPgJEryUGjPykXWh/NhdyoM1if3smSHJ+v+5DcPdsJDhWnl+ULgznka8IHdSTNBdAoZl5AzgmowIt1vAIALP4XwgbCVIo+wzqtcmdzCowQYatSTa+4mue4t6stdotue/j/b9EUM=,iv:xw4d83AHpxmaJi6vB5pnaHGcuPzKyYSw1BljYmUenM4=,tag:FHWq3uMktMvurSpFvi85bg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}