From 317d3fec488656fbef7df0c2bbc8c202ee33feca Mon Sep 17 00:00:00 2001 From: Skyler Grey Date: Sun, 10 Aug 2025 12:09:20 +0000 Subject: [PATCH] ci: remote build on midnight Our CI jobs are taking way too long and commonly running out of space. If we can build on midnight, there'll be no need to repeatedly download our cache for CI. Additionally, we're much less likely to run out of space --- .github/workflows/nixos.yml | 28 +++++++++++++++++++++------- systems/midnight/default.nix | 1 + systems/midnight/remoteBuilds.nix | 8 ++++++++ systems/teal/headscale.nix | 5 +++++ 4 files changed, 35 insertions(+), 7 deletions(-) create mode 100644 systems/midnight/remoteBuilds.nix diff --git a/.github/workflows/nixos.yml b/.github/workflows/nixos.yml index c19cc4db..9981ae2c 100644 --- a/.github/workflows/nixos.yml +++ b/.github/workflows/nixos.yml @@ -22,12 +22,18 @@ jobs: runs-on: ubuntu-latest steps: - - name: Clean up runner + - name: Setup Tailscale + uses: tailscale/github-action@84a3f23bb4d843bcf4da6cf824ec1be473daf4de + with: + authkey: "${{ secrets.TAILSCALE_PREAUTHKEY }}" + args: "--login-server=https://vpn.clicks.codes" + + - name: Write out SSH key + env: + MIDNIGHT_SSH_KEY: ${{ secrets.MIDNIGHT_SSH_KEY }} run: | - # Commands taken from https://github.com/easimon/maximize-build-space/blob/master/action.yml - sudo rm -rf /usr/local/lib/android - sudo rm -rf /usr/share/dotnet - sudo rm -rf /opt/hostedtoolcache/CodeQL + echo "$MIDNIGHT_SSH_KEY" > ../midnight_ssh_key + chmod 600 ../midnight_ssh_key - uses: actions/checkout@v4 @@ -52,10 +58,18 @@ jobs: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 - name: Build all systems - run: nix build -f ./nilla.nix packages.allNixOSSystems.result.x86_64-linux --show-trace + run: | + nix build \ + -f ./nilla.nix packages.allNixOSSystems.result.x86_64-linux \ + --eval-store auto --store "ssh-ng://remoteBuilds@midnight?ssh-key=$(realpath ../midnight_ssh_key)&base64-ssh-public-host-key=c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5wbnFKeDlBTGVSS0k0ekVvZnNIL0ZZMFJLaTVsWWtDRVMvR2NWbHNSWncgcm9vdEBhMWQyCg==" \ + --show-trace - name: Build all homes - run: nix build -f ./nilla.nix packages.allHomes.result.x86_64-linux --show-trace + run: | + nix build \ + -f ./nilla.nix packages.allHomes.result.x86_64-linux \ + --eval-store auto --store "ssh-ng://remoteBuilds@midnight?ssh-key=$(realpath ../midnight_ssh_key)&base64-ssh-public-host-key=c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5wbnFKeDlBTGVSS0k0ekVvZnNIL0ZZMFJLaTVsWWtDRVMvR2NWbHNSWncgcm9vdEBhMWQyCg==" \ + --show-trace - if: github.event_name == 'push' name: Push to release branch diff --git a/systems/midnight/default.nix b/systems/midnight/default.nix index 4fd1620e..b4594b23 100644 --- a/systems/midnight/default.nix +++ b/systems/midnight/default.nix @@ -6,5 +6,6 @@ imports = [ ./hardware-configuration.nix ./hostname.nix + ./remoteBuilds.nix ]; } diff --git a/systems/midnight/remoteBuilds.nix b/systems/midnight/remoteBuilds.nix new file mode 100644 index 00000000..062ab959 --- /dev/null +++ b/systems/midnight/remoteBuilds.nix @@ -0,0 +1,8 @@ +# SPDX-FileCopyrightText: 2025 FreshlyBakedCake +# +# SPDX-License-Identifier: MIT +{ + users.users.remoteBuilds.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOCmfKIvQ6ZClOWi3jHKC8HTQ5Ewo4Kzw6VCJCzrn4ih ci" + ]; +} diff --git a/systems/teal/headscale.nix b/systems/teal/headscale.nix index 623b3669..307e6172 100644 --- a/systems/teal/headscale.nix +++ b/systems/teal/headscale.nix @@ -51,6 +51,11 @@ let src = [ "mostlyturquoise" ]; dst = [ "tag:mostlyturquoise-minecraft-server:*" ]; } # Used to let mostlyturquoise and their friends access their minecraft servers without giving people too many permissions + { + action = "accept"; + src = [ "tag:ci" ]; + dst = [ "midnight:*" ]; + } # Used to let CI remotely build on midnight ]; acls = [