build{01,02}: add aarch64 builder

2022-08-13 18:02:08 +02:00 · 2022-08-13 18:02:08 +02:00 · 557af34cfc
commit 557af34cfc
parent 399db233f2
6 changed files with 80 additions and 4 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -9,7 +9,7 @@ keys:
 # scan new hosts like this:
 # $ nix-shell -p ssh-to-age --run 'ssh-keyscan buildXX.nix-community.org | ssh-to-age'
 creation_rules:
-  - path_regex: secrets.yaml$
+  - path_regex: ^secrets.yaml$
    key_groups:
    - age:
      - *mic92
--- a/build01/configuration.nix
+++ b/build01/configuration.nix
@ -17,6 +17,7 @@
    ../roles/hetzner-network.nix
    ../roles/raid.nix
    ../roles/builder
+    ../roles/aarch64-builder.nix
  ];

  # /boot is a mirror raid
--- a/build01/secrets.yaml
+++ b/build01/secrets.yaml
@ -0,0 +1,54 @@
+id_buildfarm: ENC[AES256_GCM,data:wurbDcsLfwjIkif2swmCcM35xYdUgoFRDuFnYmD6YUjRa96wfjec6/IlTM7uWODcFf1E1tPG45fTNGKYtbcegHeR6xTj1EYnz8Mfketyy1okcI5E80BeK+zcDRJyMPt0yHpB3y7bgJaea0yFlBbOsJ8bIr1Qe7IcZ9sovYGFsVZ6yY7KZ7JvQH+kY2UlMaJbIathc8aS3GRdAYVjO6FopO8y421Dn/o6SdM/qswPgmhxdDsXjcxLzv6STeFJ/98ZE2XOKTYe/w96AuXlOEXM3vj7wfjmqk3H/qWim+LCHkvYtPkql+WbsU+O6octITwHkZ6dz0rdFofurybqwbyWC3UE59FvFEV6BnIAeOvn+4lpmhWZHAH+9JxQscxtGxlmW7AH8mfBVtoxBu9YRHRfPR+r6YPDEhCLn7EdlQoJXmKBUrt3UkZSstgwukeG3A4ieGAiW+DkD7m9QdY0OsAzZSkJtauGhbopCWSA7iQOOlYlVFaY65jZY+l1Jg82AgBIJxqB1Vl0Dj/CxUl2LZB+QBaeLb564EqM4v2y,iv:H5vFFf/giiA0IXtH7xGFz+txcAphIl/jsxngJo/kDxI=,tag:fAfUjdjR5D/x+GK0RiwVDg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSFdCUTY2QXltNGZ3dVFS
+            RGllVk5mVE5mSzV4UkFGNHRTWUNhU1BIckdNCkMxMHQzWCs1MlkxM3hCdlNhMU5t
+            Ulk0ak1NdUNBSGZmaUZJc0plY1hzZlUKLS0tIFF2ZVZpMzNtZ2h6Vi82cUt6dHBK
+            aTRNQ1VCVitOSGFHSUl3RVVvcHE1YTAKpvcWCuzycacKv/wjCvigjLqMDRP/vsmY
+            otC3lZb9jXH5tDNYqj+XrnXDI8rV2uSRU9Rv8kpZ9vLZYBB7cyEAIw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2M3paTm9jaEp4L2VLU215
+            WE5Rb0RBMERXeDRIV1FDNVo0cW1uRDFCY2dZCjZ0N0RuUzFOeGlucmVRNUczUXB4
+            UTRzR2h2Z1hpa3UyMGdaRHB4dWo4anMKLS0tIEVQem9Pdk83b01nR2kvMVhPaWQ3
+            QkpPN1NHZEtNUlhFbG9nT0NlSUNzK2MKHQPRjJnorBHUI5OSmOUAwVpTGv4WOTyH
+            3Z5XtQJ+v/P6acPqw7oGDM5fBmUUlp2HP2Rp6D2H+ckoylr+9VQQhA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM1UzQVNXK0p4WUJKWkFl
+            eEpiQTJDcjNzdWxtUlkzTFQ3Yy9CUEtlTXl3CmZyUWZ2ME1uNWVvTHZ4NDVDeDJl
+            ci8xR1RvMDFPZHdxK2Vlc3BMamRHaEEKLS0tIG9zN3JrSXFTSGVpclhlTlk3cUlY
+            YzVzd2pDLzhhSkVVYVFjanpveDg3aFEKeid/qAhJe3Xd9JjNmBli/bXuWRZG6xJW
+            A/SwH+mIVyldWqYO4At3yIdYYoFhMXWkookCVStZPl1CG+Upcue6iQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-08-13T15:45:11Z"
+    mac: ENC[AES256_GCM,data:2siK3B3NTLfwkHSryGG26DszJ2AjyJtHvLmTPaOQWiwtfWnSli4p0oOmKgI3jeL84078sn+vLkcnq6nLcjBTeDAwUSJqZFm0IyW/fviFx4vjp6fP93+WfHDwqpMMQT+Aocjp1wBtQMK6SpubkFpVXwliU2SlbxSNODRSbfDvaTw=,iv:O4BdKVKA/0G73M9mOe7Vj/Vvt7Eh1vUEE26edPCd+A4=,tag:aIj+XGnbeaiUYC1KRsta2g==,type:str]
+    pgp:
+        - created_at: "2022-08-13T16:00:18Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMA3tEuTsG48KkAQf/ScyGrcq+zCnOGz7x6IUZH3gzVlHebpJKqNVrXq5ERu5V
+            wBIc9W69bmTNZ4+/FI3Y1gZio92xpPoOIOMIhb23Aqaflrr0jyT9zUVXaIhTOa8b
+            iUvGUeNUS7lBlg7CRYFCy/8q/AU+a5OxjNgcM0Da4Kylujqf7rl1iS77er5S7jZY
+            VNdJ3udSFIyRHZSkV/F3jFuTNwlQLePGEE9yMdi/tQM7XYyGRXedBjPkJZLF0zVo
+            2TIUrqPZqoJkNzHSkMeW1GeGGJLjmtH8UYJY3cf0F5cM6955sGk+N2W/I2y5WNID
+            TnuMwdD2GWz5w/jhSNzhLT1HtGf0Pe50JxYbG/IQ8NJeAVo0fuf70ciRVPum+VsJ
+            kcDRqomHgyMc7k4mR447kbjcN9WIsFiqrvoKIzFuVw9z5QOmtlCQ0hXtvNE7A4Ra
+            G23rUXarLeMaPynNp/qlXJA687vFu7hPwRRtY2/Hxw==
+            =zN0A
+            -----END PGP MESSAGE-----
+          fp: 260353B993F8CE16752EF48C71BAF6D40C1D63D7
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/build02/configuration.nix
+++ b/build02/configuration.nix
@ -8,6 +8,7 @@
    ../roles/hercules-ci
    ../roles/nginx.nix
    ../roles/raid.nix
+    ../roles/aarch64-builder.nix
  ];

  # /boot is a mirror raid
--- a/build02/secrets.yaml
+++ b/build02/secrets.yaml
@ -1,6 +1,7 @@
 github-r-ryantm-key: ENC[AES256_GCM,data:Z6kGGGGLClFWxBu4RpPw3F/QrkLVIgkvLzi5ALUAjD/xUvrKvgylRoJVTBWEK6bVoZePxzXbdzNo7JzDvheRnDx4x/qQNiLjCixObzIqsIAEIqj2orJmNVRks2gLmFOCR3MS++tOV/tb3iRmjRSnzzSCdZE4Fzo/iUXVRZpTcO5ONxwTXd0i9Hlk9D6An0mbJD7cR93eBtWpyZM0LwYN5aEukUW/HYfsHKtqj43OlaaaBylIX3cMQzOT9Gup0uYb3yWVsvfqKC0WekAgakn6V1JM0wUJiO/dPQe6Su7nP5gEAxLXd6J8Y6lRT6KnWsQDf5GaIs5FoCJb3QXu1Pkv61fx5X8rdmKCbggp9cbtIcpGFhKM9vyLZnILdpCGGYLJGhNh/7XQvQLeaLuyi456m/fCm2j1vQ9uhON5caQMeFwNuvnaDErrZtNyTKUDcxgY6gtXIqmd7s2c+o1AQqC+dJf0jy/z2tYFwJrXety80CA4yc/yyvlfRLO+tPfhfsQPTbSMIof8oZhcHZNjPj6IjPpn5NbhWbFvtYbER5fSRhyvvwG5jPNtUnAK+k9OIOHo68tjbm7t8B55nm7Kd7gv3eajNl8V2M7jEidIhaIAW7SWhL0/FiRJWosHAq4p/G+URB1Ll9Ay/hKZ/78+hh4M2UQKT8HnoFleevxWFeMmmZDmk3YTGW5WWogrAQ3bA361/ggQwhs+07Bbl2e0VIMdY/gMvY1ppOuGHvoXhvfIQHLdOlgOMQW5MYBMwleMffrPJpsxGBMgwmXP0CmEwTE3Zg7G7cuNFxhR0z6W27ck06tLbn68P9z9GKh9TLnrbRsQHZVYr1eFt9ewr71vAs5t4iqGr5yzVT7fJRO1BZaifwybEDKRFScCJXEeEEu6l3/eqaq/tTHvJ/0TSl2udMuxzgtpUxx26RPvSJFWB7ACyFpMMJncUVKTxyr2vzP3WNLbqvAjEL1AmGVucHxi7zUfvDPw1gCeAgit8u0xuDH2T6Ws4kF6AuXqo5qC1MmIA8d8T3aw9q9iWj58/PMWC85uYwf3Od8WAD9BK3nb74v4TsthgxaY5JVOspnG1vKDZQKfjzHQk3kvT08sGgs438KFj+58Fe+9vqKNLH2DBizEKF4aJ8drbTBOItn/RFpoDtAdGKByeWjd3+0UDCJ1bI+6JB2PZo1CvpEz7GkjcK7y3vaEOnMyqGOzjnfVmfLQhVX3Vnx6mC1Z54slNlKTKTaeqoWrpqCT78NnC44c/Jqt7r6wuH/jqZt/uBXvENNyEn8kf8qbMcCjEtHZkzMoDuaoPbdlDCzOJbCiTEmyI/zvPC1qMxI2GfjNUSRNZIbKU5d47sgMqHJ40KN9paJZRt6hxLduk0BouzSF3DK1eV1x96Mi+lydOyLt34k/TlZzpVG3P3K/BIjlGQipNw7iRKxxF7QRvJJl6GjiHNIw3krHTvR5PPxBWL2BtQY6kemlenwVvpOfXSKVwTcMzq6V5gDrf2ks9DrzG8TD0zoPu3xw5SMoEq8DjE4MSvriw3jlgkAp9uxfqlksUXCayEqbuJpwa9O43LwwVVJbUFKlA/iWPU0zc4ejIBSyufnePcEZv7yYoPQEZIphPHKumqySND5p0WbmToNqYZgF7sdrxaIc2zh/jucE0TTI3jwn5i1D2RUpxvGOCjtPw29n7j8clRlrRQHK22628eKV1WpO4BI+jDZbNrkjDr43hhOKmJ0HTTkDkRP8CGjBV2qdnBWDKL98ksqfs2aXprtB9B4TrS0unUzHz1WH1R9BrAEOF/WoTKo/TXNc7AiwPxCm+FdGLgWsoMLuzwdq66QmdGAMIbtrzRHq/J1lHubt9ht9xYYJP/JwNuFjFoFOUubw/1ZkdFUrLaN7pN0Ll0ImoU/CudU8ehcwIyXx1dSYT8pcKNXp55Kw7MlydpcZvRVO7PJ0/HWMD+sLfm6OPTIPX/lFLo9NQwe/3xgfM0EJopQi7KFn2xoU0BGqsaSoO1UyOJr6NCDsXih58bPSbv2ho8ffIQxU289h1SjSQbxmVbH3R6sCN0YIJM7YmJ5oaZMJOCFX/Qg2RrtzN0dOp47GZQA+AXRwiccPaiJf+AlBODl0TUJHhqsCNbfp9mSz40wrrtxlXzbpelyzRNqyed8x5vFzEnLXUWGiQX6kh43anHpPO7rJOliWIudUo5R2Mi5sajZv04Og1V4BBcchjoW7ApnpsHOoIYeMtb7TsKxvAakAXrXwG0f1jr2/Wvi3k1/nLb9jv77IIlMqSejmPnkAjDmmDiFXwhu6WWw0tXCa4jQRu6PanpgTCOgt/UhdUpRC+CDM0EnLpkS2+TCspE/X75emx3VRaDo/aFKuF05FVS0U1nnH495ityljx141ztYnRlrzJyGS/Ps9v9NWR6CdTJBw1gOLCb2EwhBgJL6KZutkHir3uQfzRcBdw4O5QZ0VUPeUhMlUwtay6O/33RqAMpQIiLe0f/cRil/Ib3Xa05Gfdm2hLUgBsIl8ceScduMvl7bFnk18SFcWVWYU5CFaDuhsgD9vZE3BYjcCmAyKTqHhFyMZMZEnWE3vu/8u+0VgoUe0B2n4F8/vWSW7AEQ27hTpePNiUpTpI9ZtWUae/ZrBnbRV09SIfceZCrgCce7EtrHiILC5k6/HGsaoYFWT0B/cpBDJ5XnNNkbH8oOFd/yaNDHxcDhERje6Y5H9bRgPaZPt/H0xKBXxIYb6V9JZ4rc4qWaXWlZwyuNpjvwcm4GRTDyIp2Hdof6nBdn7AQrP5O0AXH3P1qqqIxEhx7uy4CNesFkbvt9zCtJQ9Od7kAWXWNp3YTRqKmmHQ00Tq5MYPwO3yybNRl2DiiBaA0a+l0CFNfGIgUwUvioZZ5p9yk+/CkqWuymkgbb+ChvXEZMskkkTJveZNhgNR4iFEHdMjaZhdMNPnfaFKf2rvu8pfAh7BFoWJOYNwkRXqI2eJNkXCVLbOuyez6Rcs0rDeCz5tgEGO5zPTTZg/VFD3p8dV5PyDSz+mIpe9M54I/FX0He4ws++u5AyDnN0CL//1rdZjyaEL2ZAD7l1yhH1WPttjikb9XS+SQ0kyxEnx/HMD0aNcIpVLbubRY/ll4JvkPG1KBKZfrm+cs8iaVTmyHcsfIPwnDOVTiVoHPoBH4Z35ULxVfNGzdw1S/qLuNLHCph+UNIrk/Ck8L27eobVetjzxqtBcdewVAZT7pOm34BKpukUvhe/zzUStUDZoMWdV005eLC76FH0JJyz8TCVrW1y1eHQzX8rMeBZEdoBseQqbU5LlptamZ7rUOJhkC/QLnZW0lSDOj17awQDxAFS5R7cewFo55Pe8XVu0fGZVdXO59biBuFOgtYiMrKoxGondhuiOTggjSQt1HLA7eAgRRrPG6npubPUAgpdwMsqRT6BS47WVL75vRu4TliPVKjElqWN3iQSze4ZwF71zNS775PqjaDXLRPKYMszpNgX7OMPbSb6EAiCQyT6R7gvPOgIVOrERCEF/0Vm7HjNHqTLOfW1M8um7e8gntYokVZtdGew/x2Dmb2PTj58gnYowH00ZrWbOw7DwW3nq0vpcAwB4Yo+H618dThdk3HDd+zOKHBJmoDP70QvNDyD5wDX+GkMTAL8/kfvZs98yvn3T7kw+qIm/pPfNJaigqutEmRFE7CRCewoohzQ0z/Glt0D1kh+OOnULIPrT2Pfq3nDhivJXC3HQZ1PFn9cKNwR/hl0Cslphm2sOwK3gpbba0vNvqXjh3w7TkJ3gTYQa81qiJbRwKvCOlAi3pt+KZalQ/DdG6/DBqVyYKqsJmAj/Y6NVQGpDBBn9uqlZ3G/nRZWaVEDKTdTXh4lPFMKU+o6b3fKsco4Bln4LfqB8BJU8xawTXx1sb6lHAcVZjEoWDU+u9VaGNNtI47jjxev0oeT+oID63xqz19ZY8pkJGSXtTbo/6jEkvSTx/l9v1mfSCytxMV6gney0Cx+QHAta7VHzKymgXcq0N1pt6XVoExLQTOIkPjIg2KUF9JPUg99WCsXZfLtqoinEYUZ/Alq7HOYKOdpjH+huID7Y2vda5Ivk8UuZpIeseQ4yhSoqA45QO+RQxX09xSUBjzLa8f6CJTfci5M0gY5P4QhmEdkYdMq14XG1dE3gK3Qw7FcpOB11GEamki5VT6+f512QH0h2V4dIf8sJFTHCYxHt16mXWv5HkmZAgv2QxchXq40aheKXwtMGmo/Ofi9iyX0qae6/t0XpRaXZiz0EJALZ8LXXfV0B8KUKe2o6RthDrhNXYzB2BZydWjf7yF1GWEc9a4TSTl1AUPAx5ExhayNATF0NMKRvanJVjJXRSZaN8QZnP0EKQycDwTmbHTXNg44oPx1cxGnBTfdSoB4n3XbDjOn8sSfMyllPe3k6dSGtJx3vHnVIjafdWcsRdUnSxu8rGg0HEIEwBkp6MsLbT9OTVYpqO4XoYe6KMaGJeWfAiaPSQTyZZkisblAGzAx5NnM51Rudo8hysu9BXlJtSvxHqXKdIGuF3/3gyZmxqezeHskbi0=,iv:Qg8SdZVOeOA1rHt/CCo1Fj9sqUvq5zhaetboYUIe2co=,tag:UNGFeWqBY46lK6/cEr4/Kg==,type:str]
 github-r-ryantm-token: ENC[AES256_GCM,data:X77cQQQDFcUe9VcHZwbhZdyg6wFsAEwRMDaDojWYyHJf4RxWwRm8Vg==,iv:/PxtdHM1eTbRZb0KrjuSSutxBVwmFaSejp62qb+/D10=,tag:K/EH8Rl6CeZcigftKO3hNw==,type:str]
 github-token-with-username: ENC[AES256_GCM,data:9k+TaxVIQ6BUASckGTAAdDsSS1OQ7WfF6oUdY8t/24VU5bK3M2Uozbfh6qUtmZFLcA==,iv:4AE/eoXHm1/gd3SdRYY+LyI56YFod8YD7ZKZ6uG840k=,tag:fboN3lX6vKVZHEtaZ+C8Gw==,type:str]
+id_buildfarm: ENC[AES256_GCM,data:4Oq/x3xuWH9FsCFjRgg978X4bJMd/JwxtIVSQBEMEurL9o5WqACBhpd8HXOPnFs3p4XL2Mfi+if1zzWai2LmiySuyU4VGAn+c+IK29C7nvgjFF1ywuu0ivWKMHCx7slDgsGzEO4AQ6IdxcVoRpANaChz9HF33ebZcwiasu2ZxPouSjKp7vpXUv7ZiCkagDxpLGRwkwsWdGHkBJsWli0PVwttXyy+UG6CajOQbPkk0CPcQLsgi2NFOrfbUXth5gcFF94WSoHElsU5BETZcHKJnXu6s0rdR1gsV1b4nzHlyTgDD2R47B/4ly+ocnQw4k7Nm9U0aei3DSoGxXdfYCFyL3N3w5ZHjkwm5Nl3RpI+6Zv1LHhHYROnfE+/E0GyBWQ33l9OqkrDHcxMnn0R7hvDkGjxEmrXyw2JD89xkDuOERMasBm6Th3cJ/1kVaxnw8b+8HsYX10Wx1PuYEagTEvlXL+bXBj2Rv+u+l1VLU04L6useL10yW2+Kop+T37w69Dc01FB98xm1UJF8SfMg2pgKqp4Ze+8bUk6ITrf,iv:KlHLfglujK0WnUW9K7ePwXAtoFsb0l4TeKk5OUVlr5U=,tag:IAZb34yvAjneJWI9XOi1Ug==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -34,8 +35,8 @@ sops:
            YUdLTHVHSStMTkZTZTNqdkJUaE1TSVEKhv77j3JwuTNClRg1oLGxYoakgmfaWDUy
            SRFuTKXkEjeR+NmjgXu9rI9+6jWkhA8K67rudZhTXiOyK2NyjjKtVg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2021-12-05T18:29:19Z"
-    mac: ENC[AES256_GCM,data:UAwJeNEI4mhkFlFX1+24Ph8FAVZklBkef8yC9Qyw8HBY4VE1zTsAYkBnKiJjrlYbe+VhbxupQf44Vj9zDz3BPOrliEl2nOLutCGJ61zC2o3FEy22dVZKiMuidn6tS1gUTd0FAViOv1UwmM0m8gRpVsaofjC9qf8wTPrjFVa2PfM=,iv:HySj3rFzwnuMlnxm4yHIj8mRdl/YQVyV8KG6YrwhW/Y=,tag:MLeaQPDkJU+06AodjIfZyQ==,type:str]
+    lastmodified: "2022-08-13T16:01:35Z"
+    mac: ENC[AES256_GCM,data:0wv2yGprOR7vS0cN6n4/ZjbFaWu89nQsodJD0CnqpVIZ2XpvJX5KkgIhQ3RObDTW1h+zJlfBMApOsBaaUcd8rLhkSIiuZwXV5h317cI5kiE8wEdEAdAmErBUPHnpkR1XYOmvfgojOu8grWJLG9CBtd+QRnYudrNxlCwakHo6zek=,iv:EOLclMgS0L1Y8ZEvanAJ/9w0yDHrnnCd4xn0/RzPUOE=,tag:cK0zBeYE7BggamLI3bE3dw==,type:str]
    pgp:
        - created_at: "2021-10-23T22:58:39Z"
          enc: |
@ -53,4 +54,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: 260353B993F8CE16752EF48C71BAF6D40C1D63D7
    unencrypted_suffix: _unencrypted
-    version: 3.7.1
+    version: 3.7.3
--- a/roles/aarch64-builder.nix
+++ b/roles/aarch64-builder.nix
@ -0,0 +1,19 @@
+{ config, ... }:
+{
+  nix.distributedBuilds = true;
+  nix.buildMachines = [
+    {
+      hostName = "aarch64.nixos.community";
+      maxJobs = 4;
+      sshKey = config.sops.secrets.id_buildfarm.path;
+      sshUser = "ssh-ng://nix";
+      system = "aarch64-linux";
+      supportedFeatures = [
+        "big-parallel"
+        "kvm"
+        "nixos-test"
+      ];
+    }
+  ];
+  sops.secrets.id_buildfarm = {};
+}