dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2025-12-26 23:14:57 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

gr: add readme

Browse source
This commit is contained in:
Sridhar Ratnakumar 2024-03-26 17:11:24 -04:00
parent cda20a3348
commit 5b903f0471
1 changed files with 10 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

48
clusters/github-runner/README.md
View file

@ -1,50 +1,22 @@
# Self-Hosted CI on Macbook Pro
**WARNING: WIP Notes**. Expect final version in nixos.asia as a blog post.
## `github-runner.nix`
## Approach
Create a classic token, and store it impurely:
While we could use the `nix-darwin` module for Github Runners, we do it the other way. First, create a aarch64-linux NixOS VM (I use Parallels Desktop) and do everything there. Then, setup distributed builds to have the VM do aarch64-darwin builds remotely on the host machine (the Macbook Pro). The former is done buy `./nixos-module.nix`, while the latter is done by `./darwin-module.nix`.
```sh
sudo sh -c "echo 'ghp_...' > /run/github-token-ci"
```
### Facts
Setup github-runner.nix for first time, and then:
- I use 1Password (managed by colmena secrets) to store the GitHUb classic PAT.
- On macOS, go to Remote Login and allow SSH access for the `github-runner` user, or allow for all users; otherwise our Linux VM won't be able to remote build on the Mac.
- The Linux VM's `/etc/ssh/ssh_host_ed25519_key` is used to authorize itself to connect to the Mac.
- The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can.
```sh
sudo chown _github-runner:_github-runner /run/github-token-ci
```
## Usage
## Linux Builder
The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can.
### Via Parallels
- Create new VM, installing NixOS: https://nixos.asia/en/nixos-install-disko
- Name it parallels-linux-builder`
- CPU: 6; RAM 16GB; Disk 1TB; Use Rosetta
- Post install
- `sudo nano /etc/nixos/configuration.nix` and `services.openssh.enable = true;` and `sudo nixos-rebuild switch`
- If you are not using disko, you must copy over `hardware-configuration.nix`
- `ssh-copy-id` your keys to both parallels@ and root@
- `ssh-copy-id -o PubkeyAuthentication=no -o PreferredAuthentications=password parallels@parallels-linux-builder`
- `ssh parallels@parallels-linux-builder` and `sudo sh -c 'cp /home/parallels/.ssh/authorized_keys /root/.ssh'`
- Verify `ssh root@parallels-linux-builder` works.
- `service gdm stop` (we don't need)
- Adjust the mac host keys
```
j remote-install
```
As root, run `ssh -i /etc/ssh/ssh_host_ed25519_key srid@parallels-linux-builder ` to access it as known host.
### Via linux-builder
See `nix-darwin/linux-builder`. Follow the instructions.
- `/systems/darwin.nix` (macOS config)
- `/systems/github-runner.nix` (NixOS Linux VM config)
## See also