diff --git a/flake.lock b/flake.lock index db63510..5f75793 100644 --- a/flake.lock +++ b/flake.lock @@ -930,11 +930,11 @@ ] }, "locked": { - "lastModified": 1708737761, - "narHash": "sha256-sR/1cYjpgr71ZSrt6Kp5Dg4Ul3mo6pZIG400tuzYks8=", + "lastModified": 1710717205, + "narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bbde06bed1b72eddff063fa42f18644e90a0121e", + "rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5a59810..78c5ee9 100644 --- a/flake.nix +++ b/flake.nix @@ -72,9 +72,9 @@ ./systems/darwin.nix; # Configuration for a NixOS VM (running on my Mac) - nixosConfigurations.linux-builder = + nixosConfigurations.parallels-linux-builder = self.nixos-flake.lib.mkLinuxSystem - ./systems/linux-builder; + ./systems/parallels-vm/linux-builder; }; perSystem = { self', system, pkgs, lib, config, inputs', ... }: { diff --git a/justfile b/justfile index 42adace..1264a96 100644 --- a/justfile +++ b/justfile @@ -5,14 +5,14 @@ fmt: treefmt # Remote deploy to a host -remote-deploy host='linux-builder': +remote-deploy host='parallels-linux-builder': nixos-rebuild switch --fast --use-remote-sudo \ --flake .#{{host}} \ --target-host $USER@{{host}} \ --build-host $USER@{{host}} # First install on a remote machine -remote-install host='linux-builder': +remote-install host='parallels-linux-builder': nix run github:nix-community/nixos-anywhere \ -- \ --build-on-remote \ diff --git a/nix-darwin/ci/README.md b/nix-darwin/ci/README.md new file mode 100644 index 0000000..51d9ac0 --- /dev/null +++ b/nix-darwin/ci/README.md @@ -0,0 +1,49 @@ + +# Self-Hosted CI on Macbook Pro + +**WARNING: WIP Notes**. Expect final version in nixos.asia as a blog post. + +## `github-runner.nix` + +Create a classic token, and store it impurely: + +```sh +sudo sh -c "echo 'ghp_...' > /run/github-token-ci" +``` + +Setup github-runner.nix for first time, and then: + +```sh +sudo chown _github-runner:_github-runner /run/github-token-ci +``` + +## Linux Builder + +The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can. + +### Via Parallels + +- Create new VM, installing NixOS: https://nixos.asia/en/nixos-install-disko + - Name it parallels-linux-builder` + - CPU: 6; RAM 16GB; Disk 1TB; Use Rosetta + - Post install + - `sudo nano /etc/nixos/configuration.nix` and `services.openssh.enable = true;` and `sudo nixos-rebuild switch` + - If you are not using disko, you must copy over `hardware-configuration.nix` +- `ssh-copy-id` your keys to both parallels@ and root@ + - `ssh-copy-id -o PubkeyAuthentication=no -o PreferredAuthentications=password parallels@parallels-linux-builder` + - `ssh parallels@parallels-linux-builder` and `sudo sh -c 'cp /home/parallels/.ssh/authorized_keys /root/.ssh'` + - Verify `ssh root@parallels-linux-builder` works. + - `service gdm stop` (we don't need) +- Adjust the mac host keys + +``` +j remote-install +``` + +As root, run `ssh -i /etc/ssh/ssh_host_ed25519_key srid@parallels-linux-builder ` to access it as known host. + + + +### Via linux-builder + +See `nix-darwin/linux-builder`. Follow the instructions. diff --git a/nix-darwin/ci.nix b/nix-darwin/ci/github-runner.nix similarity index 65% rename from nix-darwin/ci.nix rename to nix-darwin/ci/github-runner.nix index 75164d7..c544084 100644 --- a/nix-darwin/ci.nix +++ b/nix-darwin/ci/github-runner.nix @@ -1,6 +1,12 @@ { flake, pkgs, lib, ... }: { + # Choose one or the other. + imports = [ + ../../systems/parallels-vm/nix-darwin/use.nix + # ./linux-builder.nix + ]; + # TODO: Refactor this into a module, like easy-github-runners.nix services.github-runners = let @@ -14,7 +20,7 @@ # > admin:org scope to use this endpoint. If the repository is private, # > the repo scope is also required. # https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#list-self-hosted-runners-for-an-organization - tokenFile = "/run/mykeys/gh-token-runner"; + tokenFile = "/run/github-token-ci"; extraPackages = with pkgs; [ # Standard nix tools nixci @@ -44,14 +50,19 @@ url = "https://github.com/srid/ema"; num = 3; }; - nixci = { - url = "https://github.com/srid/nixci"; + dioxus-desktop-template = { + url = "https://github.com/srid/dioxus-desktop-template"; num = 2; }; nixos-config = { url = "https://github.com/srid/nixos-config"; num = 2; }; + /* + nixci = { + url = "https://github.com/srid/nixci"; + num = 2; + }; nixos-flake = { url = "https://github.com/srid/nixos-flake"; num = 3; @@ -68,6 +79,7 @@ url = "https://github.com/srid/unionmount"; num = 2; }; + */ }; }; in @@ -82,43 +94,4 @@ in lib.nameValuePair name value) ))); - users.knownGroups = [ "github-runner" ]; - users.knownUsers = [ "github-runner" ]; - - # If not using linux-builder, use a VM - nix.distributedBuilds = true; - nix.buildMachines = [{ - hostName = "linux-builder"; - systems = [ "aarch64-linux" "x86_64-linux" ]; - supportedFeatures = [ "kvm" "benchmark" "big-parallel" ]; - maxJobs = 6; # 6 cores - protocol = "ssh-ng"; - sshUser = flake.config.people.myself; - sshKey = "/etc/ssh/ssh_host_ed25519_key"; - }]; - - # To build Linux derivations whilst on macOS. - # - # NOTES: - # - To SSH, `sudo su -` and then `ssh -i /etc/nix/builder_ed25519 builder@linux-builder`. - # Unfortunately, a simple `ssh linux-builder` will not work (Too many authentication failures). - # - To update virtualisation configuration, you have to disable, delete - # /private/var/lib/darwin-builder/ and re-enable. - nix.linux-builder = { - enable = false; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - config = { pkgs, lib, ... }: { - boot.binfmt.emulatedSystems = [ "x86_64-linux" ]; - nix.settings.experimental-features = "nix-command flakes repl-flake"; - virtualisation = { - # Larger linux-builder cores, ram, and disk. - cores = 6; - memorySize = lib.mkForce (1024 * 16); - diskSize = lib.mkForce (1024 * 1024 * 1); # In MB. - }; - }; - }; } diff --git a/nix-darwin/ci/linux-builder.nix b/nix-darwin/ci/linux-builder.nix new file mode 100644 index 0000000..13cc09c --- /dev/null +++ b/nix-darwin/ci/linux-builder.nix @@ -0,0 +1,33 @@ +{ lib, ... }: + +{ + # To build Linux derivations whilst on macOS. + # + # NOTES: + # - For first `nix run`, comment out all but the `enable` option, so binary cache is used. You may have to `sudo pkill nix-daemon` first. + # - After this, uncomment the configuration and `nix run`; this time, it will use the remote builder. + # - To SSH, `sudo su -` and then `ssh -i /etc/nix/builder_ed25519 builder@linux-builder`. + # Unfortunately, a simple `ssh linux-builder` will not work (Too many authentication failures). + # - To update virtualisation configuration, you have to disable; delete + # /private/var/lib/darwin-builder/ and re-enable. + nix.linux-builder = { + enable = true; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + config = { pkgs, lib, ... }: { + boot.binfmt.emulatedSystems = [ "x86_64-linux" ]; + nix.settings.experimental-features = "nix-command flakes repl-flake"; + environment.systemPackages = with pkgs; [ + htop + ]; + virtualisation = { + # Larger linux-builder cores, ram, and disk. + cores = 6; + memorySize = lib.mkForce (1024 * 16); + diskSize = lib.mkForce (1024 * 1024 * 1); # In MB. + }; + }; + }; +} diff --git a/systems/darwin.nix b/systems/darwin.nix index 11b23af..5935557 100644 --- a/systems/darwin.nix +++ b/systems/darwin.nix @@ -4,7 +4,7 @@ { imports = [ flake.inputs.self.darwinModules.default - # ../nix-darwin/ci.nix + ../nix-darwin/ci/github-runner.nix ../nix-darwin/zsh-completion-fix.nix ]; diff --git a/systems/linux-builder/default.nix b/systems/parallels-vm/linux-builder/default.nix similarity index 72% rename from systems/linux-builder/default.nix rename to systems/parallels-vm/linux-builder/default.nix index b91ee77..49f9654 100644 --- a/systems/linux-builder/default.nix +++ b/systems/parallels-vm/linux-builder/default.nix @@ -10,13 +10,13 @@ { flake, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - flake.inputs.disko.nixosModules.disko - ../../nixos/self/primary-as-admin.nix - ../../nixos/server/harden/basics.nix - ../../nixos/current-location.nix + ./hardware-configuration.nix + ../../../nixos/self/primary-as-admin.nix + ../../../nixos/server/harden/basics.nix + ../../../nixos/current-location.nix ./parallels-vm.nix # Dev - ./dev.nix + # ./dev.nix ]; # Basics @@ -30,10 +30,8 @@ MAILADDR srid@srid.ca ''; }; - disko.devices = import ../../nixos/disko/trivial.nix { device = "/dev/sda"; }; networking = { - hostName = "linux-builder"; - networkmanager.enable = true; + hostName = "parallels-linux-builder"; }; # Distributed Builder @@ -42,6 +40,6 @@ services.openssh.enable = true; users.users.${flake.config.people.myself}.openssh.authorizedKeys.keys = [ # macos /etc/ssh/ssh_host_ed25519_key.pub - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPGfskkyhM0wefy0Sex2t5GENEHTIZAWrb9LzRN0R9x" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICra+ZidiwrHGjcGnyqPvHcZDvnGivbLMayDyecPYDh0" ]; } diff --git a/systems/linux-builder/dev.nix b/systems/parallels-vm/linux-builder/dev.nix similarity index 81% rename from systems/linux-builder/dev.nix rename to systems/parallels-vm/linux-builder/dev.nix index da06c8a..34e2858 100644 --- a/systems/linux-builder/dev.nix +++ b/systems/parallels-vm/linux-builder/dev.nix @@ -3,8 +3,8 @@ imports = [ flake.inputs.self.nixosModules.home-manager flake.inputs.self.nixosModules.my-home - ../../nixos/nix.nix - ../../nixos/docker.nix + ../../../nixos/nix.nix + ../../../nixos/docker.nix ]; programs.nix-ld.enable = true; # For vscode-server diff --git a/systems/parallels-vm/linux-builder/hardware-configuration.nix b/systems/parallels-vm/linux-builder/hardware-configuration.nix new file mode 100644 index 0000000..a5b318f --- /dev/null +++ b/systems/parallels-vm/linux-builder/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/eb7e394a-1c20-4996-a392-efa3b69665ed"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/423B-8BF8"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + hardware.parallels.enable = true; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "prl-tools" ]; +} diff --git a/systems/linux-builder/parallels-vm.nix b/systems/parallels-vm/linux-builder/parallels-vm.nix similarity index 100% rename from systems/linux-builder/parallels-vm.nix rename to systems/parallels-vm/linux-builder/parallels-vm.nix diff --git a/systems/parallels-vm/nix-darwin/use.nix b/systems/parallels-vm/nix-darwin/use.nix new file mode 100644 index 0000000..86fad75 --- /dev/null +++ b/systems/parallels-vm/nix-darwin/use.nix @@ -0,0 +1,15 @@ +{ flake, ... }: + +{ + # If not using linux-builder, use a VM + nix.distributedBuilds = true; + nix.buildMachines = [{ + hostName = "parallels-linux-builder"; + systems = [ "aarch64-linux" "x86_64-linux" ]; + supportedFeatures = [ "kvm" "benchmark" "big-parallel" ]; + maxJobs = 6; # 6 cores + protocol = "ssh-ng"; + sshUser = flake.config.people.myself; + sshKey = "/etc/ssh/ssh_host_ed25519_key"; + }]; +}