rp5: finally working nix-sdcard, enableing remote build on the nix system now

2024-11-25 15:52:10 +01:00 · 2024-11-25 15:52:10 +01:00 · 965aa569ff
parent b99a02b7a2
commit 965aa569ff
4 changed files with 73 additions and 23 deletions
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@ -45,6 +45,10 @@ in
      nixfmt-rfc-style
      nix-prefetch-git
      nix-du
+
+      nix-weather
+      nix-index
+      nix-output-monitor
    ];

    nix =
--- a/modules/nixos/submodules/basics/default.nix
+++ b/modules/nixos/submodules/basics/default.nix
@ -36,6 +36,9 @@ in
      nix = {
        enable = true;
        extra-substituters = {
+          "https://cache.lix.systems" = {
+            key = "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=";
+          };
          "https://nix-community.cachix.org" = {
            key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
          };
--- a/systems/aarch64-linux/nixberry/default.nix
+++ b/systems/aarch64-linux/nixberry/default.nix
@ -3,7 +3,6 @@
  lib,
  modulesPath,
  namespace,
-  pkgs,
  ...
 }:

@ -17,8 +16,63 @@ in
    raspberry-pi-5
  ];

-  raspberry-pi-nix.board = "bcm2711";
+  users.users.remotebuild = {
+    isNormalUser = true;
+    createHome = false;
+    group = "remotebuild";

+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
+    ];
+  };
+
+  users.groups.remotebuild = { };
+
+  nix = {
+    nrBuildUsers = 64;
+    settings = {
+      trusted-users = [ "remotebuild" ];
+
+      min-free = 10 * 1024 * 1024;
+      max-free = 200 * 1024 * 1024;
+
+      max-jobs = "auto";
+      cores = 0;
+    };
+  };
+
+  systemd.services.nix-daemon.serviceConfig = {
+    MemoryAccounting = true;
+    MemoryMax = "90%";
+    OOMScoreAdjust = 500;
+  };
+
+  networking = {
+    interfaces.wlan0 = {
+      ipv4.addresses = [
+        {
+          address = "192.168.178.2";
+          prefixLength = 24;
+        }
+      ];
+    };
+    defaultGateway = {
+      address = "192.168.178.1";
+      interface = "wlan0";
+    };
+
+    wireless = {
+      enable = true;
+      networks = {
+        "Slow Internet" = {
+          pskRaw = "521b6d766b27276c29c7b6bec5b495b1c52bf88b0682277e65b37dc649b630de";
+        };
+      };
+    };
+  };
+
+  # Pi specific stuff  
+  raspberry-pi-nix.board = "bcm2712";
  hardware = {
    raspberry-pi = {
      config = {
@ -53,19 +107,14 @@ in
  };

  ${namespace} = {
-    submodules = {
-      basics = enabled;
-    };
-
-    apps.cli-apps.helix = {
-      pkg = pkgs.helix;
-    };
+    submodules.basics = enabled;

    system = {
-      boot = {
-        # Raspberry Pi requires a specific bootloader.
-        enable = mkForce false;
-      };
+      # cachemiss for webkit gtk
+      hardware.networking.enable = mkForce false;
+
+      # rasberry pi uses alternative boot settings
+      boot.enable = mkForce false;
    };

    user.trustedPublicKeys = [
--- a/systems/x86_64-linux/yggdrasil/default.nix
+++ b/systems/x86_64-linux/yggdrasil/default.nix
@ -33,9 +33,11 @@ in
  };

  nix = {
+    distributedBuilds = true;
+    settings.builders-use-substitutes = true;
    buildMachines = [
      {
-        hostName = "pi";
+        hostName = "nixberry";
        sshUser = "remotebuild";
        sshKey = "/root/.ssh/remotebuild";
        systems = [ "aarch64-linux" ];
@ -44,18 +46,10 @@ in
        supportedFeatures = [
          "nixos-test"
          "big-parallel"
+          "kvm"
        ];
      }
    ];
-
-    distributedBuilds = true;
-    settings = {
-      trusted-users = [
-        "@wheel"
-        "remotebuild"
-      ];
-      trusted-public-keys = [ "nixberry:25s8/rxsolAXg4skjnecCeqcfkxYE9FGCPG5UcXsFlw=" ];
-    };
  };

  ${namespace} = {