hscloud/ops
informatic c8d1d51c11 hswaw/machines/printmaster: cups server box
Change-Id: Ibf75d9bad789521bfab77fb17017b20030deed52
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1894
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-02-28 06:55:45 +00:00
..
ceph cluster: deploy NixOS-based ceph 2021-09-11 20:33:24 +00:00
monitoring ops/monitoring/lib/cluster.libsonnet: scrape based on annotations 2024-01-19 22:02:40 +00:00
sso/kube kube: clean up (various) 2023-12-04 20:33:31 +00:00
README.md ops: colmena integration 2024-02-07 18:12:12 +00:00
exports.nix cluster/clustercfg: rewrite it in Go 2023-06-19 22:23:52 +00:00
hive.nix hswaw/machines/printmaster: cups server box 2024-02-28 06:55:45 +00:00

README.md

Operations

Deploying NixOS machines

Machine configurations are in ops/hive.nix and are managed with colmena.

 $ colmena -f ops/hive.nix eval -E '{ nodes, lib, ... }: lib.attrNames nodes'
 [INFO ] Using configuration: .../hscloud/ops/hive.nix
 ["arcade.waw.hackerspace.pl","bc01n01.hswaw.net","bc01n02.hswaw.net","bc01n05.hswaw.net","customs.hackerspace.pl","dcr01s22.hswaw.net","dcr01s24.hswaw.net","dcr03s16.hswaw.net","edge01.waw.bgp.wtf","larrythebuilder.q3k.org","sound.waw.hackerspace.pl","tv1.waw.hackerspace.pl","tv2.waw.hackerspace.pl"]

 $ colmena -f ops/hive.nix apply --on edge01.waw.bgp.wtf

Remote Builders (cross-compiling)

If you're attempting to deploy a machine which has a system architecture other than your host machine (eg. are deploying an Aarch64 Raspberry Pi4 from an Intel machine), you'll need to use a remote builder which has that target architecture.

Any machine of that target architecture running Nix(OS) will do, even the machine you're deploing. But we also have some dedicated build machines:

Name Architecture CPUs RAM
larrythebuilder.q3k.org AArch64 4 24GiB

To use a machine $name as a remote builder:

  1. Make sure you have access to the machine. ssh $username@$name should work. If not, file a CR to get your key added to the machine and ask someone to review and deploy it. The machines' key confiurations are in hscloud.

  2. Check nix store ping --store ssh-ng://$username@$name. It should work.

  3. On NixOS, configure builders in your system configuration.nix and rebuild, eg.:

nix.buildMachines = [
  {
    system = "aarch64-linux";
    sshUser = "root";
    sshKey = "/home/q3k/.ssh/id_ed25519";
    maxJobs = 4;
    hostName = "larrythebuilder.q3k.org";
  }
];
nix.distributedBuilds = true;
  1. On non-NixOS, configure builders in your nix.conf, eg. builders = ssh://$username@$name aarch64-linux in your system/user nix.conf. Your nix-daemon should also specify that the local user is trusted.

We should automate this some day.