From 8c6cb6364985dcec2f49439ccf3db8ee5dcd716e Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Tue, 26 Mar 2024 17:05:26 -0400 Subject: [PATCH] Clean up old runner --- .../ci => clusters/github-runner}/README.md | 0 clusters/github-runner/nixos-module.nix | 19 +++- flake.nix | 3 - nix-darwin/ci/github-runner.nix | 100 ------------------ nix-darwin/ci/linux-builder.nix | 33 ------ systems/darwin.nix | 1 - .../parallels-vm/linux-builder/default.nix | 45 -------- systems/parallels-vm/linux-builder/dev.nix | 11 -- .../linux-builder/hardware-configuration.nix | 38 ------- systems/parallels-vm/linux-builder/use.nix | 15 --- 10 files changed, 17 insertions(+), 248 deletions(-) rename {nix-darwin/ci => clusters/github-runner}/README.md (100%) delete mode 100644 nix-darwin/ci/github-runner.nix delete mode 100644 nix-darwin/ci/linux-builder.nix delete mode 100644 systems/parallels-vm/linux-builder/default.nix delete mode 100644 systems/parallels-vm/linux-builder/dev.nix delete mode 100644 systems/parallels-vm/linux-builder/hardware-configuration.nix delete mode 100644 systems/parallels-vm/linux-builder/use.nix diff --git a/nix-darwin/ci/README.md b/clusters/github-runner/README.md similarity index 100% rename from nix-darwin/ci/README.md rename to clusters/github-runner/README.md diff --git a/clusters/github-runner/nixos-module.nix b/clusters/github-runner/nixos-module.nix index 4ef58b4..db1fc7d 100644 --- a/clusters/github-runner/nixos-module.nix +++ b/clusters/github-runner/nixos-module.nix @@ -18,15 +18,29 @@ let enable = true; replace = true; extraPackages = with pkgs; [ - coreutils + # Standard nix tools nixci + cachix + + # For nixos-flake + sd + + # Tools already available in standard GitHub Runners; so we provide + # them here: + coreutils + which + jq + # https://github.com/actions/upload-pages-artifact/blob/56afc609e74202658d3ffba0e8f6dda462b719fa/action.yml#L40 + (pkgs.runCommandNoCC "gtar" { } '' + mkdir -p $out/bin + ln -s ${lib.getExe pkgs.gnutar} $out/bin/gtar + '') ]; url = "https://github.com/${user}/${repoName}"; }))); hostIP = "10.37.129.2"; # Find out using `ifconfig` on host, looking for bridge101 in { - # User users.users.${user} = { inherit group; @@ -38,6 +52,7 @@ in # Runners services.github-runners = mkPersonalRunners "srid" { perpetuum.num = 2; + haskell-flake.num = 2 * 7; }; # macOS remote builder diff --git a/flake.nix b/flake.nix index 9df1765..442e464 100644 --- a/flake.nix +++ b/flake.nix @@ -91,9 +91,6 @@ # Configuration for a NixOS VM (running on my Mac) nixosConfigurations = { - parallels-linux-builder = - self.nixos-flake.lib.mkLinuxSystem - ./systems/parallels-vm/linux-builder; github-runner = self.nixos-flake.lib.mkLinuxSystem ./systems/github-runner.nix; }; diff --git a/nix-darwin/ci/github-runner.nix b/nix-darwin/ci/github-runner.nix deleted file mode 100644 index 40d3eae..0000000 --- a/nix-darwin/ci/github-runner.nix +++ /dev/null @@ -1,100 +0,0 @@ -# TODO: Remove in favour of systems/github-runner.nix -{ flake, pkgs, lib, ... }: - -{ - # Choose one or the other. - imports = [ - ../../systems/parallels-vm/linux-builder/use.nix - # ./linux-builder.nix - ]; - - services.github-runners = - let - srid = { - common = { - enable = true; - replace = true; - # TODO: Document instructions - # - chmod og-rwx; chown github-runner - # TODO: Use a secret manager. 1Password? https://github.com/LnL7/nix-darwin/issues/882 - # > OAuth app tokens and personal access tokens (classic) need the - # > admin:org scope to use this endpoint. If the repository is private, - # > the repo scope is also required. - # https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#list-self-hosted-runners-for-an-organization - tokenFile = "/run/github-token-ci"; - extraPackages = with pkgs; [ - # Standard nix tools - nixci - cachix - - # For nixos-flake - sd - - # Tools already available in standard GitHub Runners; so we provide - # them here: - coreutils - which - jq - # https://github.com/actions/upload-pages-artifact/blob/56afc609e74202658d3ffba0e8f6dda462b719fa/action.yml#L40 - (pkgs.runCommandNoCC "gtar" { } '' - mkdir -p $out/bin - ln -s ${lib.getExe pkgs.gnutar} $out/bin/gtar - '') - ]; - }; - repos = { - emanote = { - url = "https://github.com/srid/emanote"; - num = 2; - }; - ema = { - url = "https://github.com/srid/ema"; - num = 3; - }; - dioxus-desktop-template = { - url = "https://github.com/srid/dioxus-desktop-template"; - num = 2; - }; - nixos-config = { - url = "https://github.com/srid/nixos-config"; - num = 2; - }; - nixci = { - url = "https://github.com/srid/nixci"; - num = 2; - }; - nixos-flake = { - url = "https://github.com/srid/nixos-flake"; - num = 2 * 5; - }; - haskell-flake = { - url = "https://github.com/srid/haskell-flake"; - num = 2 * 7; - }; - heist-extra = { - url = "https://github.com/srid/heist-extra"; - num = 2; - }; - unionmount = { - url = "https://github.com/srid/unionmount"; - num = 2; - }; - commonmark-wikilink = { - url = "https://github.com/srid/commonmark-wikilink"; - num = 2; - }; - }; - }; - in - lib.listToAttrs (lib.concatLists (lib.flip lib.mapAttrsToList srid.repos - (k: { url, num }: - lib.flip builtins.map (lib.range 1 num) (idx: - let - name = "${k}-${builtins.toString idx}"; - value = srid.common // { - inherit url; - }; - in - lib.nameValuePair name value) - ))); -} diff --git a/nix-darwin/ci/linux-builder.nix b/nix-darwin/ci/linux-builder.nix deleted file mode 100644 index 13cc09c..0000000 --- a/nix-darwin/ci/linux-builder.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, ... }: - -{ - # To build Linux derivations whilst on macOS. - # - # NOTES: - # - For first `nix run`, comment out all but the `enable` option, so binary cache is used. You may have to `sudo pkill nix-daemon` first. - # - After this, uncomment the configuration and `nix run`; this time, it will use the remote builder. - # - To SSH, `sudo su -` and then `ssh -i /etc/nix/builder_ed25519 builder@linux-builder`. - # Unfortunately, a simple `ssh linux-builder` will not work (Too many authentication failures). - # - To update virtualisation configuration, you have to disable; delete - # /private/var/lib/darwin-builder/ and re-enable. - nix.linux-builder = { - enable = true; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - config = { pkgs, lib, ... }: { - boot.binfmt.emulatedSystems = [ "x86_64-linux" ]; - nix.settings.experimental-features = "nix-command flakes repl-flake"; - environment.systemPackages = with pkgs; [ - htop - ]; - virtualisation = { - # Larger linux-builder cores, ram, and disk. - cores = 6; - memorySize = lib.mkForce (1024 * 16); - diskSize = lib.mkForce (1024 * 1024 * 1); # In MB. - }; - }; - }; -} diff --git a/systems/darwin.nix b/systems/darwin.nix index 610b17a..c721e3f 100644 --- a/systems/darwin.nix +++ b/systems/darwin.nix @@ -7,7 +7,6 @@ in { imports = [ self.darwinModules.default - "${self}/nix-darwin/ci/github-runner.nix" "${self}/nix-darwin/zsh-completion-fix.nix" "${self}/clusters/github-runner/darwin-module.nix" ]; diff --git a/systems/parallels-vm/linux-builder/default.nix b/systems/parallels-vm/linux-builder/default.nix deleted file mode 100644 index 3b2c067..0000000 --- a/systems/parallels-vm/linux-builder/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -/* My Linux VM running on macOS - - ## Using Parallels to create a NixOS VM - - - Boot into a NixOS graphical installer - - Open terminal, and set a root password using `sudo su -` and `passwd root` - - Authorize yourself to login to the root user using `ssh-copy-id -o PreferredAuthentications=password root@linux-builder` - - Run nixos-anywhere (see justfile; `j remote-deploy`) -*/ -{ flake, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ./hardware-configuration.nix - ../../../nixos/self/primary-as-admin.nix - ../../../nixos/server/harden/basics.nix - ../../../nixos/current-location.nix - ../../../nixos/parallels-vm.nix - # Dev - ./dev.nix - ]; - - # Basics - system.stateVersion = "23.11"; - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - swraid.mdadmConf = '' - MAILADDR srid@srid.ca - ''; - }; - networking = { - hostName = "parallels-linux-builder"; - }; - - # Distributed Builder - nixpkgs.hostPlatform = "aarch64-linux"; - boot.binfmt.emulatedSystems = [ "x86_64-linux" ]; # For cross-compiling - services.openssh.enable = true; - users.users.${flake.config.people.myself}.openssh.authorizedKeys.keys = [ - # macos /etc/ssh/ssh_host_ed25519_key.pub - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICra+ZidiwrHGjcGnyqPvHcZDvnGivbLMayDyecPYDh0" - ]; -} diff --git a/systems/parallels-vm/linux-builder/dev.nix b/systems/parallels-vm/linux-builder/dev.nix deleted file mode 100644 index 34e2858..0000000 --- a/systems/parallels-vm/linux-builder/dev.nix +++ /dev/null @@ -1,11 +0,0 @@ -# Stuff I need for development (not required for CI per se) -{ flake, ... }: { - imports = [ - flake.inputs.self.nixosModules.home-manager - flake.inputs.self.nixosModules.my-home - ../../../nixos/nix.nix - ../../../nixos/docker.nix - ]; - - programs.nix-ld.enable = true; # For vscode-server -} diff --git a/systems/parallels-vm/linux-builder/hardware-configuration.nix b/systems/parallels-vm/linux-builder/hardware-configuration.nix deleted file mode 100644 index a5b318f..0000000 --- a/systems/parallels-vm/linux-builder/hardware-configuration.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/eb7e394a-1c20-4996-a392-efa3b69665ed"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/423B-8BF8"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; - hardware.parallels.enable = true; - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "prl-tools" ]; -} diff --git a/systems/parallels-vm/linux-builder/use.nix b/systems/parallels-vm/linux-builder/use.nix deleted file mode 100644 index 86fad75..0000000 --- a/systems/parallels-vm/linux-builder/use.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ flake, ... }: - -{ - # If not using linux-builder, use a VM - nix.distributedBuilds = true; - nix.buildMachines = [{ - hostName = "parallels-linux-builder"; - systems = [ "aarch64-linux" "x86_64-linux" ]; - supportedFeatures = [ "kvm" "benchmark" "big-parallel" ]; - maxJobs = 6; # 6 cores - protocol = "ssh-ng"; - sshUser = flake.config.people.myself; - sshKey = "/etc/ssh/ssh_host_ed25519_key"; - }]; -}