From 5b903f04711dc1afaa24d566e5755ce1dbebb2f3 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Tue, 26 Mar 2024 17:11:24 -0400 Subject: [PATCH] gr: add readme --- clusters/github-runner/README.md | 48 +++++++------------------------- 1 file changed, 10 insertions(+), 38 deletions(-) diff --git a/clusters/github-runner/README.md b/clusters/github-runner/README.md index 88e2127..1bc43b6 100644 --- a/clusters/github-runner/README.md +++ b/clusters/github-runner/README.md @@ -1,50 +1,22 @@ - # Self-Hosted CI on Macbook Pro **WARNING: WIP Notes**. Expect final version in nixos.asia as a blog post. -## `github-runner.nix` +## Approach -Create a classic token, and store it impurely: +While we could use the `nix-darwin` module for Github Runners, we do it the other way. First, create a aarch64-linux NixOS VM (I use Parallels Desktop) and do everything there. Then, setup distributed builds to have the VM do aarch64-darwin builds remotely on the host machine (the Macbook Pro). The former is done buy `./nixos-module.nix`, while the latter is done by `./darwin-module.nix`. -```sh -sudo sh -c "echo 'ghp_...' > /run/github-token-ci" -``` +### Facts -Setup github-runner.nix for first time, and then: +- I use 1Password (managed by colmena secrets) to store the GitHUb classic PAT. +- On macOS, go to Remote Login and allow SSH access for the `github-runner` user, or allow for all users; otherwise our Linux VM won't be able to remote build on the Mac. + - The Linux VM's `/etc/ssh/ssh_host_ed25519_key` is used to authorize itself to connect to the Mac. +- The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can. -```sh -sudo chown _github-runner:_github-runner /run/github-token-ci -``` +## Usage -## Linux Builder - -The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can. - -### Via Parallels - -- Create new VM, installing NixOS: https://nixos.asia/en/nixos-install-disko - - Name it parallels-linux-builder` - - CPU: 6; RAM 16GB; Disk 1TB; Use Rosetta - - Post install - - `sudo nano /etc/nixos/configuration.nix` and `services.openssh.enable = true;` and `sudo nixos-rebuild switch` - - If you are not using disko, you must copy over `hardware-configuration.nix` -- `ssh-copy-id` your keys to both parallels@ and root@ - - `ssh-copy-id -o PubkeyAuthentication=no -o PreferredAuthentications=password parallels@parallels-linux-builder` - - `ssh parallels@parallels-linux-builder` and `sudo sh -c 'cp /home/parallels/.ssh/authorized_keys /root/.ssh'` - - Verify `ssh root@parallels-linux-builder` works. - - `service gdm stop` (we don't need) -- Adjust the mac host keys - -``` -j remote-install -``` - -As root, run `ssh -i /etc/ssh/ssh_host_ed25519_key srid@parallels-linux-builder ` to access it as known host. - -### Via linux-builder - -See `nix-darwin/linux-builder`. Follow the instructions. +- `/systems/darwin.nix` (macOS config) +- `/systems/github-runner.nix` (NixOS Linux VM config) ## See also