👷 use macos-builder

2023-06-07 15:17:07 -04:00 · 2023-06-07 15:17:07 -04:00 · 5a855b7eaa
commit 5a855b7eaa
parent baad77a1ab
2 changed files with 64 additions and 14 deletions
--- a/flake.lock
+++ b/flake.lock
@ -676,11 +676,11 @@
        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
-        "lastModified": 1685999310,
-        "narHash": "sha256-gaRMZhc7z4KeU/xS3IWv3kC+WhVcAXOLXXGKLe5zn1Y=",
+        "lastModified": 1686142265,
+        "narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "28614ed7a1e3ace824c122237bdc0e5e0b62c5c3",
+        "rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5",
        "type": "github"
      },
      "original": {
@ -1324,11 +1324,11 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1685938391,
-        "narHash": "sha256-96Jw6TbWDLSopt5jqCW8w1Fc1cjQyZlhfBnJ3OZGpME=",
+        "lastModified": 1686089707,
+        "narHash": "sha256-LTNlJcru2qJ0XhlhG9Acp5KyjB774Pza3tRH0pKIb3o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "31cd1b4afbaf0b1e81272ee9c31d1ab606503aed",
+        "rev": "af21c31b2a1ec5d361ed8050edd0303c31306397",
        "type": "github"
      },
      "original": {
--- a/modules/builder/default.nix
+++ b/modules/builder/default.nix
@ -1,11 +1,61 @@
-_:
+{ config, nixpkgs, pkgs, ... }:
+let
+  dataDir = "/var/lib/darwin-builder";
+  port = 33022;
+
+  darwin-builder = nixpkgs.lib.nixosSystem {
+    system = "aarch64-linux";
+    modules = [
+      "${nixpkgs}/nixos/modules/profiles/macos-builder.nix"
+      {
+        boot.binfmt.emulatedSystems = [ "x86_64-linux" ];
+        system.nixos.revision = nixpkgs.lib.mkForce null;
+        virtualisation.host.pkgs = pkgs;
+        virtualisation.darwin-builder.hostPort = port;
+        virtualisation.darwin-builder.workingDirectory = dataDir;
+      }
+    ];
+  };
+in
 {
  nix.distributedBuilds = true;
-  nix.buildMachines = [{
-    hostName = "plato";
-    systems = [ "x86_64-linux" "aarch64-linux" ];
-    maxJobs = 12;
-    speedFactor = 2;
-    supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-  }];
+  nix.buildMachines = [
+    {
+      hostName = "ssh://builder";
+      systems = [ "x86_64-linux" "aarch64-linux" ];
+      maxJobs = 4;
+      speedFactor = 2;
+      supportedFeatures = [ "kvm" "benchmark" "big-parallel" ];
+    }
+    {
+      hostName = "ssh://plato";
+      systems = [ "x86_64-linux" "aarch64-linux" ];
+      maxJobs = 6;
+      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+    }
+  ];
+
+  # We can't/want to edit /var/root/.ssh/config so instead we create the config at another location and tell ssh to use that instead by modifying NIX_SSHOPTS
+  environment.etc."nix/ssh_config".text = ''
+    Host builder
+      User builder
+      HostName 127.0.0.1
+      Port ${toString port}
+      IdentityFile ${dataDir}/keys/builder_ed25519
+    Host plato
+      IdentityFile /var/root/.ssh/id_plato
+  '';
+
+  # Tell nix-daemon to use our custom SSH config
+  nix.envVars = { NIX_SSHOPTS = "-F /etc/nix/ssh_config"; };
+
+  launchd.daemons.darwin-builder = {
+    command = "${darwin-builder.config.system.build.macos-builder-installer}/bin/create-builder";
+    serviceConfig = {
+      KeepAlive = true;
+      RunAtLoad = true;
+      StandardOutPath = "/var/log/darwin-builder.log";
+      StandardErrorPath = "/var/log/darwin-builder.log";
+    };
+  };
 }