Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / refs/heads/master / . / ops
tree: 68a543d4b97f4566fd7140f38c486d12fe58278c [path history] [tgz]
  1. modules-common/
  2. monitoring/
  3. patches/
  4. sso/
  5. everything.jsonnet
  6. exports.nix
  7. hive.nix
  8. keys.nix
  9. README.md
ops/README.md

Operations

Deploying NixOS machines

Machine configurations are in ops/hive.nix and are managed with colmena.

 $ colmena -f ops/hive.nix apply --on edge01.waw.bgp.wtf

Listing machines

Use the following tounge-twister:

 $ colmena -f ops/hive.nix eval -E '{ nodes, ... }: attrNames nodes'
 [INFO ] Using configuration: .../hscloud/ops/hive.nix
 ["arcade.waw.hackerspace.pl","bc01n01.hswaw.net","bc01n02.hswaw.net","bc01n05.hswaw.net","customs.hackerspace.pl","dcr01s22.hswaw.net","dcr01s24.hswaw.net","dcr03s16.hswaw.net","edge01.waw.bgp.wtf","larrythebuilder.q3k.org","sound.waw.hackerspace.pl","tv1.waw.hackerspace.pl","tv2.waw.hackerspace.pl"]

Remote Builders (cross-compiling)

If you're attempting to deploy a machine which has a system architecture other than your host machine (eg. are deploying an Aarch64 Raspberry Pi4 from an Intel machine), you'll need to use a remote builder which has that target architecture.

Any machine of that target architecture running Nix(OS) will do, even the machine you're deploing. But we also have some dedicated build machines:

NameArchitectureCPUsRAM
larrythebuilder.q3k.orgAArch64424GiB

To use a machine $name as a remote builder:

  1. Make sure you have access to the machine. ssh $username@$name should work. If not, file a CR to get your key added to the machine and ask someone to review and deploy it. The machines' key confiurations are in hscloud.

  2. Check nix store ping --store ssh-ng://$username@$name. It should work.

  3. On NixOS, configure builders in your system configuration.nix and rebuild, eg.:

nix.buildMachines = [
  {
    system = "aarch64-linux";
    sshUser = "root";
    sshKey = "/home/q3k/.ssh/id_ed25519";
    maxJobs = 4;
    hostName = "larrythebuilder.q3k.org";
  }
];
nix.distributedBuilds = true;
  1. On non-NixOS, configure builders in your nix.conf, eg. builders = ssh://$username@$name aarch64-linux in your system/user nix.conf. Your nix-daemon should also specify that the local user is trusted.

We should automate this some day.

Colmena on macOS

You can use Colmena on macOS (including on arm64), however, you do need nix installed.

It is recommended to have nix-darwin installed, so that you can build for Linux on macOS. Just set nix.linux-builder.enable = true, and make sure you set enough maxJobs and config.virtualisation.cores for it to be fast.

However, you can do without nix-darwin by building on target machine (deployment.buildOnTarget = true / --build-on-target) or setting up a remote builder as described above.

For cross-compilation, again, build on target or use a remote builder. Building for aarch64-linux (e.g. raspberry pi) on aarch64 Macs should just work though.

If you're new to this, use this tutorial as a starting point, then this linux-builder tutorial as a follow up.

In hive.nix, make sure that nixpkgs set in meta.nodeNixpkgs have the appropriate system = "aarch64-linux"; or system = "x86_64-linux";. Otherwise, it might try to use host's system.