merge: harmonia
This commit is contained in:
32
features/harmonia/cache-builder.sh
Normal file
32
features/harmonia/cache-builder.sh
Normal file
@@ -0,0 +1,32 @@
|
||||
#!/usr/bin/env bash
|
||||
set -uo pipefail
|
||||
|
||||
build() {
|
||||
local name="$1" ref="$2" link="$3"
|
||||
echo "building $name..." >&2
|
||||
if nix build "$ref" --out-link "$link"; then
|
||||
return 0
|
||||
else
|
||||
echo "FAILED: $name" >&2
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
mkdir -p "$GC_ROOT_DIR"
|
||||
local failed=0
|
||||
|
||||
for host in $HOSTS; do
|
||||
build "$host" \
|
||||
"$FLAKE_REF#nixosConfigurations.$host.config.system.build.toplevel" \
|
||||
"$GC_ROOT_DIR/$host" || failed=1
|
||||
done
|
||||
|
||||
build "ephvm-image" \
|
||||
"$FLAKE_REF#nixosConfigurations.ephvm.config.system.build.images.qemu" \
|
||||
"$GC_ROOT_DIR/ephvm-image" || failed=1
|
||||
|
||||
return $failed
|
||||
}
|
||||
|
||||
main "$@"
|
||||
51
features/harmonia/default.nix
Normal file
51
features/harmonia/default.nix
Normal file
@@ -0,0 +1,51 @@
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
hosts = [
|
||||
"fw16"
|
||||
"tower"
|
||||
"cube"
|
||||
"floo"
|
||||
"ephvm"
|
||||
];
|
||||
flakeRef = inputs.self.outPath;
|
||||
in
|
||||
{
|
||||
services.harmonia = {
|
||||
enable = true;
|
||||
signKeyPaths = [ config.sops.secrets.nix-signing-key.path ];
|
||||
};
|
||||
|
||||
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 5000 ];
|
||||
|
||||
systemd.services.cache-builder = {
|
||||
description = "Build all host closures for binary cache";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.bash}/bin/bash ${./cache-builder.sh}";
|
||||
};
|
||||
environment = {
|
||||
FLAKE_REF = flakeRef;
|
||||
HOSTS = builtins.concatStringsSep " " hosts;
|
||||
GC_ROOT_DIR = "/nix/var/nix/gcroots/cache-builder";
|
||||
};
|
||||
path = [ config.nix.package ];
|
||||
};
|
||||
|
||||
systemd.timers.cache-builder = {
|
||||
description = "Periodically build all host closures";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnUnitActiveSec = "15min";
|
||||
OnBootSec = "5min";
|
||||
Persistent = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -61,6 +61,7 @@ in
|
||||
"neovim"
|
||||
"dev"
|
||||
"claude"
|
||||
"harmonia"
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
6
nix.nix
6
nix.nix
@@ -7,8 +7,14 @@
|
||||
];
|
||||
download-buffer-size = 2 * 1024 * 1024 * 1024;
|
||||
warn-dirty = false;
|
||||
substituters = [
|
||||
"https://cache.nixos.org"
|
||||
"https://nix-community.cachix.org?priority=45"
|
||||
"http://tower:5000?priority=50"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"matej.nix-1:TdbemLVYblvAxqJcwb3mVKmmr3cfzXbMcZHE5ILnZDE="
|
||||
];
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user