-
Ludovic Courtès authored
* build-node.scm (cuirass-remote-worker-configuration)[cuirass]: New field.
Ludovic Courtès authored* build-node.scm (cuirass-remote-worker-configuration)[cuirass]: New field.
build-node.scm 4.60 KiB
;;; This is a template operating system configuration for the build nodes
;;; behind <https://guix.bordeaux.inria.fr>. It should be customized through
;;; inheritance.
(use-modules (gnu)
(srfi srfi-1))
(use-service-modules admin avahi base cuirass mcron networking
ssh virtualization)
(use-package-modules certs screen ssh)
(use-modules ((cuirass-package) #:prefix latest:))
(define %custom-base-services
(modify-services %base-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(use-substitutes? #t)
(substitute-urls '("https://guix.bordeaux.inria.fr"
"https://ci.guix.gnu.org"
"https://bordeaux.guix.gnu.org"))
(authorized-keys
;; Authorize substitutes from Ludo's laptop to allow
;; for offloading.
(append (list (local-file "./ribbon-export.pub")
(local-file "guix/keys/guix-hpc1.pub")
(local-file "guix/keys/guix-hpc3.pub")
(local-file "guix/keys/guix-hpc4.pub"))
(guix-configuration-authorized-keys config)))
(build-accounts 40)
;; We have 24 to 32 cores.
(extra-options '("--max-jobs=4" "--cores=8"))))))
(define garbage-collector-jobs
;; Collect garbage at 5AM every day, and make sure we're on track at 3PM.
(list #~(job '(next-hour '(5))
"guix gc -F 40G -d 2m")
#~(job '(next-hour '(15))
"guix gc -F 20G")))
(operating-system
(host-name "guix-hpc-build-node-template") ;placeholder
(timezone "Europe/Paris")
(locale "fr_FR.utf8")
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(targets '("/boot/efi"))))
(file-systems %base-file-systems) ;must be configured through inheritance
(users (append (load "admins.scm") %base-user-accounts))
;; Globally-installed packages.
(packages (cons* screen
openssh ;so that 'scp' works
nss-certs
%base-packages))
(services
;; Networking service must be added through inheritance.
(append (list (service openssh-service-type
(openssh-configuration
;; Allow root login with public key only to permit use
;; of 'guix deploy'.
(permit-root-login 'prohibit-password)
(authorized-keys
`(("ludo" ,(local-file "ludo.pub"))
("florent" ,(local-file "florent.pub"))
("eagullo" ,(local-file "manu.pub"))
("root" ,(local-file "ludo.pub"))))))
;; Start a Cuirass "worker".
(service cuirass-remote-worker-service-type
(cuirass-remote-worker-configuration
(cuirass latest:cuirass)
(workers 4)
;; XXX: We'd write "guix-hpc4.bordeaux.inria.fr"
;; but currently we have to (1) provide and IPv4
;; address, and (2) provide the port number.
(server "194.199.1.1:5555")
(systems (list "x86_64-linux"
"aarch64-linux"))))
(service avahi-service-type) ;for Cuirass
;; SSH and HTTP/HTTPS available over Tor.
(tor-hidden-service "http"
'((22 "127.0.0.1:22")
(80 "127.0.0.1:80")
(443 "127.0.0.1:443")))
(service ntp-service-type)
(service qemu-binfmt-service-type
(qemu-binfmt-configuration
(platforms (lookup-qemu-platforms "arm"
"aarch64"
"ppc64le"
"riscv64"))))
(simple-service 'gc-jobs mcron-service-type
garbage-collector-jobs))
%custom-base-services)))