From 285f5e858eb204ecf08a60c40a99aee1d2dc7bd1 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Wed, 7 Jun 2023 12:39:27 +1000 Subject: [PATCH] darwin.builder: use port 31022 by default --- doc/builders/special/darwin-builder.section.md | 14 ++++++++++---- nixos/modules/profiles/macos-builder.nix | 10 +++++----- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/doc/builders/special/darwin-builder.section.md b/doc/builders/special/darwin-builder.section.md index b5b6ab8971e..7c5c38bf85e 100644 --- a/doc/builders/special/darwin-builder.section.md +++ b/doc/builders/special/darwin-builder.section.md @@ -4,9 +4,6 @@ This requires macOS version 12.4 or later. -This also requires that port 22 on your machine is free (since Nix does not -permit specifying a non-default SSH port for builders). - You will also need to be a trusted user for your Nix installation. In other words, your `/etc/nix/nix.conf` should have something like: @@ -50,12 +47,21 @@ To delegate builds to the remote builder, add the following options to your ``` # - Replace ${ARCH} with either aarch64 or x86_64 to match your host machine # - Replace ${MAX_JOBS} with the maximum number of builds (pick 4 if you're not sure) -builders = ssh-ng://builder@localhost ${ARCH}-linux /etc/nix/builder_ed25519 ${MAX_JOBS} - - - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo= +builders = ssh-ng://builder@linux-builder ${ARCH}-linux /etc/nix/builder_ed25519 ${MAX_JOBS} - - - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo= # Not strictly necessary, but this will reduce your disk utilization builders-use-substitutes = true ``` +To allow Nix to connect to a builder not running on port 22, you will also need to create a new file at `/etc/ssh/ssh_config.d/100-linux-builder.conf`: + +``` +Host linux-builder + Hostname localhost + HostKeyAlias linux-builder + Port 31022 +``` + … and then restart your Nix daemon to apply the change: ```ShellSession diff --git a/nixos/modules/profiles/macos-builder.nix b/nixos/modules/profiles/macos-builder.nix index 768c673e7f3..f1c991d6ffa 100644 --- a/nixos/modules/profiles/macos-builder.nix +++ b/nixos/modules/profiles/macos-builder.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let keysDirectory = "/var/keys"; @@ -67,9 +67,9 @@ in ''; }; hostPort = mkOption { - default = 22; + default = 31022; type = types.int; - example = 31022; + example = 22; description = '' The localhost host port to forward TCP to the guest port. ''; @@ -139,13 +139,13 @@ in hostPkgs = config.virtualisation.host.pkgs; - script = hostPkgs.writeShellScriptBin "create-builder" ( + script = hostPkgs.writeShellScriptBin "create-builder" ( # When running as non-interactively as part of a DarwinConfiguration the working directory # must be set to a writeable directory. (if cfg.workingDirectory != "." then '' ${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}" cd "${cfg.workingDirectory}" - '' else "") + '' + '' else "") + '' KEYS="''${KEYS:-./keys}" ${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}" PRIVATE_KEY="''${KEYS}/${user}_${keyType}"