Skip to content

Register nvws as builder for work profiles #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
booxter merged 7 commits into from
Feb 24, 2026
Merged

Register nvws as builder for work profiles #172

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7c9e88a
Register nvws as builder for work profiles
booxter Feb 23, 2026
a83906e
Use .local address for nvws builder
booxter Feb 23, 2026
fa50d40
Don't inject nixpkgs ssh into system env on work profiles
booxter Feb 23, 2026
7a31e79
Enable aarch64 emulation on nvws builder
booxter Feb 23, 2026
fda9160
update: use mDNS when updating work machines
booxter Feb 23, 2026
de05e38
Revert "Enable aarch64 emulation on nvws builder"
booxter Feb 23, 2026
e591200
Merge branch 'master' into nvws-as-builder
booxter Feb 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ around `nixmoxer`).
| --- | --- | --- | --- | --- |
| `pi5` | NixOS (Raspberry Pi) | DHCP and network services for the lab. | [nixos/pi5/default.nix](nixos/pi5/default.nix) | [common](common), [nixos](nixos) |
| `beast` | NixOS (x86_64-linux) | NAS storage + Jellyfin/Jellarr server. | [nixos/beast/default.nix](nixos/beast/default.nix) | [common](common), [nixos](nixos) |
| `nvws` | Proxmox host | Work Proxmox node configuration. Single node. | [nixos/nvws/default.nix](nixos/nvws/default.nix) | [common](common), [nixos](nixos) |
| `nvws` | Proxmox host | Work Proxmox node configuration. Single node. Also serves as a remote x86_64-linux builder for work machines. | [nixos/nvws/default.nix](nixos/nvws/default.nix) | [common](common), [nixos](nixos) |
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The README description states nvws serves as "a remote x86_64-linux builder", but the work-builders configuration in common/_mixins/work-builders/default.nix shows it supports both "x86_64-linux" and "aarch64-linux" systems. The description should be updated to accurately reflect that it supports both architectures, for example: "Also serves as a remote x86_64-linux and aarch64-linux builder for work machines."

Suggested change
| `nvws` | Proxmox host | Work Proxmox node configuration. Single node. Also serves as a remote x86_64-linux builder for work machines. | [nixos/nvws/default.nix](nixos/nvws/default.nix) | [common](common), [nixos](nixos) |
| `nvws` | Proxmox host | Work Proxmox node configuration. Single node. Also serves as a remote x86_64-linux and aarch64-linux builder for work machines. | [nixos/nvws/default.nix](nixos/nvws/default.nix) | [common](common), [nixos](nixos) |

Copilot uses AI. Check for mistakes.
| `prx1-lab` | Proxmox host | Lab Proxmox node (cluster leader). | [nixos/prx1-lab/default.nix](nixos/prx1-lab/default.nix) | [common](common), [nixos](nixos) |
| `prx2-lab` | Proxmox host | Lab Proxmox node (cluster member). | [nixos/prx2-lab/default.nix](nixos/prx2-lab/default.nix) | [common](common), [nixos](nixos) |
| `prx3-lab` | Proxmox host | Lab Proxmox node (cluster member). | [nixos/prx3-lab/default.nix](nixos/prx3-lab/default.nix) | [common](common), [nixos](nixos) |
Expand Down
0 common/_mixins/remote-builders/default.nix → common/_mixins/personal-builders/default.nix
View file
Open in desktop
File renamed without changes.
44 changes: 44 additions & 0 deletions common/_mixins/work-builders/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{
lib,
config,
username,
hostname,
...
}:
Comment on lines +1 to +7
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The work-builders module is missing the pkgs import in the function arguments and does not include openssh_gssapi in environment.systemPackages. The personal-builders module includes both (lines 4 and 56), and the community-builders module also includes openssh_gssapi. This package is likely needed for SSH connections to work properly with the builder. Consider adding pkgs to the function arguments and including environment.systemPackages = [ pkgs.openssh_gssapi ] to match the pattern in other builder configurations.

Copilot uses AI. Check for mistakes.
{
programs.ssh = {
knownHosts = {
"nvws.local" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfcwsYERqU04xrr6LY0lcbkmlcFuThaURac/AlvP8mR";
};
};
extraConfig =
let
identityFile = "${config.users.users.${username}.home}/.ssh/id_ed25519";
user = "ihrachyshka";
in
''
Host nvws.local
Hostname nvws.local
IdentityFile ${identityFile}
User ${user}
'';
};

nix.buildMachines = lib.optional (hostname != "nvws") {
hostName = "nvws.local";
system = "x86_64-linux";
protocol = "ssh-ng";
maxJobs = 4;
speedFactor = 100;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
};
Comment on lines +28 to +40
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nix.buildMachines is wrapped in lib.optional (hostname != "nvws"), but this module is already only imported when hostname != "nvws" (via canUseWorkBuilders in common/default.nix). Consider removing this extra guard to avoid having the same condition in two places.

Suggested change
nix.buildMachines = lib.optional (hostname != "nvws") {
hostName = "nvws.local";
system = "x86_64-linux";
protocol = "ssh-ng";
maxJobs = 4;
speedFactor = 100;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
};
nix.buildMachines = [
{
hostName = "nvws.local";
system = "x86_64-linux";
protocol = "ssh-ng";
maxJobs = 4;
speedFactor = 100;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];

Copilot uses AI. Check for mistakes.

nix.settings.builders-use-substitutes = true;
nix.distributedBuilds = true;
}
6 changes: 5 additions & 1 deletion common/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
}:
let
canUseBuilders = !isWork && (hostname == "mair" || hostname == "mmini" || hostname == "frame");
canUseWorkBuilders = isWork && hostname != "nvws";
workKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHt25mSiJLQjx2JECMuhTZEV6rlrOYk3CT2cUEdXAoYs ihrachyshka@ihrachyshka-mlt"
];
Expand All @@ -29,7 +30,10 @@ in
]
++ lib.optionals canUseBuilders [
./_mixins/community-builders
./_mixins/remote-builders
./_mixins/personal-builders
]
++ lib.optionals canUseWorkBuilders [
./_mixins/work-builders
];
Comment on lines 10 to 37
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

canUseWorkBuilders already excludes hostname == "nvws", and _mixins/work-builders also guards nix.buildMachines with (hostname != "nvws"). This duplicates the same policy in two places and risks divergence later. Prefer to keep the exclusion in only one place (either gate the import or gate the nix.buildMachines entry).

Copilot uses AI. Check for mistakes.

options.host.isWork = lib.mkOption {
Expand Down
23 changes: 15 additions & 8 deletions scripts/update-machines.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,32 +26,39 @@ SSH_HOST_OPTS=()

resolve_ssh_host() {
local host="$1"
local base_host
local base_host ssh_lookup_host
local ssh_config proxy_jump proxy_cmd
local resolved
base_host="$(resolve_base_host "$host")"
SSH_HOST_OPTS=()
ssh_lookup_host="$base_host"

ssh_config="$(ssh -G "$base_host" 2>/dev/null || true)"
# Work hosts are accessed over mDNS because corporate DNS policy blocks use
# of the LAN DNS server for these names.
if [[ "$MODE" == "work" && "$ssh_lookup_host" != *.* && ! "$ssh_lookup_host" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
ssh_lookup_host="${ssh_lookup_host}.local"
fi

ssh_config="$(ssh -G "$ssh_lookup_host" 2>/dev/null || true)"
proxy_jump="$(awk '$1=="proxyjump" {print $2; exit}' <<<"$ssh_config")"
proxy_cmd="$(awk '$1=="proxycommand" {print $2; exit}' <<<"$ssh_config")"
if [[ -n "$proxy_jump" && "$proxy_jump" != "none" ]]; then
printf '%s' "$base_host"
printf '%s' "$ssh_lookup_host"
return
fi
if [[ -n "$proxy_cmd" && "$proxy_cmd" != "none" ]]; then
printf '%s' "$base_host"
printf '%s' "$ssh_lookup_host"
return
fi

resolved="$(dig +short +time=1 +tries=1 "@${LAN_DNS_SERVER}" "$base_host" A | head -n1)"
resolved="$(dig +short +time=1 +tries=1 "@${LAN_DNS_SERVER}" "$ssh_lookup_host" A | head -n1)"
if [[ -n "$resolved" ]]; then
SSH_HOST_OPTS=(-o HostName="$resolved" -o HostKeyAlias="$base_host")
printf '%s' "$base_host"
SSH_HOST_OPTS=(-o HostName="$resolved" -o HostKeyAlias="$ssh_lookup_host")
printf '%s' "$ssh_lookup_host"
return
fi

printf '%s' "$base_host"
printf '%s' "$ssh_lookup_host"
}

ssh_base_opts=(
Expand Down
Loading