hscloud/ops/README.md

Operations
===

Deploying NixOS machines
---

Machine configurations are in `ops/machines.nix`.

Wrapper script to show all available machines and provision a single machine:

     $ $(nix-build -A ops.provision)
     Available machines:
      - bc01n01.hswaw.net
      - bc01n02.hswaw.net
      - dcr01s22.hswaw.net
      - dcr01s24.hswaw.net
      - edge01.waw.bgp.wtf

     $ $(nix-build -A ops.provision) edge01.waw.bgp.wtf

This can be slow, as it evaluates/builds all machines' configs. If you just want to deploy one machine and possible iterate faster:

    $ $(nix-build -A 'ops.machines."edge01.waw.bgp.wtf".config.passthru.hscloud.provision')

Remote Builders (cross-compiling)
---

If you're attempting to deploy a machine which has a system architecture other
than your host machine (eg. are deploying an Aarch64 Raspberry Pi4 from an
Intel machine), you'll need to use a remote builder which has that target
architecture.

Any machine of that target architecture running Nix(OS) will do, even the
machine you're deploing. But we also have some dedicated build machines:

| Name                    | Architecture | CPUs | RAM   |
|-------------------------|--------------|------|-------|
| larrythebuilder.q3k.org |      AArch64 |    4 | 24GiB |

To use a machine `$name` as a remote builder:

1. Make sure you have access to the machine. `ssh $username@$name` should work. If not, file a CR to get your key added to the machine and ask someone to review and deploy it. The machines' key confiurations are in hscloud.

2. Check `nix store ping --store ssh-ng://$username@$name`. It should work.

3. On NixOS, configure builders in your system configuration.nix and rebuild, eg.:

```
nix.buildMachines = [
  {
    system = "aarch64-linux";
    sshUser = "root";
    sshKey = "/home/q3k/.ssh/id_ed25519";
    maxJobs = 4;
    hostName = "larrythebuilder.q3k.org";
  }
];
nix.distributedBuilds = true;
```

4. On non-NixOS, configure builders in your nix.conf, eg. `builders = ssh://$username@$name aarch64-linux` in your system/user nix.conf. Your nix-daemon should also specify that the local user is trusted.

We should automate this some day.
ops, cluster: consolidate NixOS provisioning This moves the diff-and-activate logic from cluster/nix/provision.nix into ops/{provision,machines}.nix that can be used for both cluster machines and bgpwtf machines. The provisioning scripts now live per-NixOS-config, and anything under ops.machines.$fqdn now has a .passthru.hscloud.provision derivation which is that script. When ran, it will attempt to deploy onto the target machine. There's also a top-level tool at `ops.provision` which builds all configurations / machines and can be called with the machine name/fqdn to call the corresponding provisioner script. clustercfg is changed to use the new provisioning logic. Change-Id: I258abce9e8e3db42af35af102f32ab7963046353 2021-09-10 22:27:24 +00:00			`Operations`
			`===`

			`Deploying NixOS machines`
			`---`

			Machine configurations are in `ops/machines.nix`.

			`Wrapper script to show all available machines and provision a single machine:`

			`$ $(nix-build -A ops.provision)`
			`Available machines:`
			`- bc01n01.hswaw.net`
			`- bc01n02.hswaw.net`
			`- dcr01s22.hswaw.net`
			`- dcr01s24.hswaw.net`
			`- edge01.waw.bgp.wtf`

			`$ $(nix-build -A ops.provision) edge01.waw.bgp.wtf`

			`This can be slow, as it evaluates/builds all machines' configs. If you just want to deploy one machine and possible iterate faster:`

			`$ $(nix-build -A 'ops.machines."edge01.waw.bgp.wtf".config.passthru.hscloud.provision')`
hswaw/machines: add tv1, larrythebuilder This adds two brand new AArch64 machines: a generic builder (and instructions on how to use it) and tv1.waw, an RPi4 acting as digital signage in the space. Change-Id: I8d38344ec35f99f4b872cf9526f6e6771fbffc43 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1330 Reviewed-by: informatic <informatic@hackerspace.pl> 2022-07-05 22:31:35 +00:00
			`Remote Builders (cross-compiling)`
			`---`

			`If you're attempting to deploy a machine which has a system architecture other`
			`than your host machine (eg. are deploying an Aarch64 Raspberry Pi4 from an`
			`Intel machine), you'll need to use a remote builder which has that target`
			`architecture.`

			`Any machine of that target architecture running Nix(OS) will do, even the`
			`machine you're deploing. But we also have some dedicated build machines:`

			`\| Name \| Architecture \| CPUs \| RAM \|`
			`\|-------------------------\|--------------\|------\|-------\|`
			`\| larrythebuilder.q3k.org \| AArch64 \| 4 \| 24GiB \|`

			To use a machine `$name` as a remote builder:

			1. Make sure you have access to the machine. `ssh $username@$name` should work. If not, file a CR to get your key added to the machine and ask someone to review and deploy it. The machines' key confiurations are in hscloud.

			2. Check `nix store ping --store ssh-ng://$username@$name`. It should work.

			`3. On NixOS, configure builders in your system configuration.nix and rebuild, eg.:`

			```
			`nix.buildMachines = [`
			`{`
			`system = "aarch64-linux";`
			`sshUser = "root";`
			`sshKey = "/home/q3k/.ssh/id_ed25519";`
			`maxJobs = 4;`
			`hostName = "larrythebuilder.q3k.org";`
			`}`
			`];`
			`nix.distributedBuilds = true;`
			```

			4. On non-NixOS, configure builders in your nix.conf, eg. `builders = ssh://$username@$name aarch64-linux` in your system/user nix.conf. Your nix-daemon should also specify that the local user is trusted.

			`We should automate this some day.`