Serge Bazanski
168f84b69b
Instead of waiting for backports or even rolling forward unstable, let's just patch the bug out. This has been deployed on: - dcr01s22.hswaw.net - dcr01s24.hswaw.net - dcr03s16.hswaw.net - snowflake.hswaw.net Change-Id: I0ad8ea37bd15bc9bd4e814cdf3eda7b2c47bb03e Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1988 Reviewed-by: implr <implr@hackerspace.pl> |
||
---|---|---|
.. | ||
ceph | ||
monitoring | ||
patches | ||
sso/kube | ||
exports.nix | ||
hive.nix | ||
README.md |
Operations
Deploying NixOS machines
Machine configurations are in ops/hive.nix
and are managed with colmena.
$ colmena -f ops/hive.nix eval -E '{ nodes, lib, ... }: lib.attrNames nodes'
[INFO ] Using configuration: .../hscloud/ops/hive.nix
["arcade.waw.hackerspace.pl","bc01n01.hswaw.net","bc01n02.hswaw.net","bc01n05.hswaw.net","customs.hackerspace.pl","dcr01s22.hswaw.net","dcr01s24.hswaw.net","dcr03s16.hswaw.net","edge01.waw.bgp.wtf","larrythebuilder.q3k.org","sound.waw.hackerspace.pl","tv1.waw.hackerspace.pl","tv2.waw.hackerspace.pl"]
$ colmena -f ops/hive.nix apply --on edge01.waw.bgp.wtf
Remote Builders (cross-compiling)
If you're attempting to deploy a machine which has a system architecture other than your host machine (eg. are deploying an Aarch64 Raspberry Pi4 from an Intel machine), you'll need to use a remote builder which has that target architecture.
Any machine of that target architecture running Nix(OS) will do, even the machine you're deploing. But we also have some dedicated build machines:
Name | Architecture | CPUs | RAM |
---|---|---|---|
larrythebuilder.q3k.org | AArch64 | 4 | 24GiB |
To use a machine $name
as a remote builder:
-
Make sure you have access to the machine.
ssh $username@$name
should work. If not, file a CR to get your key added to the machine and ask someone to review and deploy it. The machines' key confiurations are in hscloud. -
Check
nix store ping --store ssh-ng://$username@$name
. It should work. -
On NixOS, configure builders in your system configuration.nix and rebuild, eg.:
nix.buildMachines = [
{
system = "aarch64-linux";
sshUser = "root";
sshKey = "/home/q3k/.ssh/id_ed25519";
maxJobs = 4;
hostName = "larrythebuilder.q3k.org";
}
];
nix.distributedBuilds = true;
- On non-NixOS, configure builders in your nix.conf, eg.
builders = ssh://$username@$name aarch64-linux
in your system/user nix.conf. Your nix-daemon should also specify that the local user is trusted.
We should automate this some day.