Enable rudimentary remote builds

author: Ben Sima <ben@bsima.me> 2020-11-28 09:25:29 -0500
committer: Ben Sima <ben@bsima.me> 2020-11-28 13:07:42 -0500
commit: 90badda2f8ef96069fae3a00d1726237783b0209 (patch)
tree: c2b703573d8288deaac56dc6a403deffce468f06 /Biz
parent: 8f871af38d05a73065ce3041dd448424d8bb625a (diff)
3 files changed, 67 insertions, 29 deletions
diff --git a/Biz/Bild.hs b/Biz/Bild.hs
index 169fd6f..3334952 100644
--- a/Biz/Bild.hs
+++ b/Biz/Bild.hs
@@ -8,7 +8,7 @@
 -- Not all of the below design is implemented. Currently:
 --
 -- - with a nix build, results are linked in _/bild/nix/<target>
--- - for a dev build, results are stored in _/bild/dev/<target>
+-- - with a dev build, results are stored in _/bild/dev/<target>
 --
 -- -----------------------------------------------------------------------------
 --
@@ -55,7 +55,7 @@
 --
 -- == Example Commands
 --
--- > bild [-spt] <target..>
+-- > bild [opts] <target..>
 --
 -- The general scheme is to build the things described by the targets. A target
 -- is a namespace. You can list as many as you want, but you must list at least
@@ -100,23 +100,17 @@
 --
 -- > -- : out my-ap.js
 --
--- When multiple compilers are possible (e.g. ghc vs ghcjs) we chose ghcjs when
--- the target @out@ ends in .js.
+-- When multiple compilers are possible (e.g. ghc vs ghcjs) we use the @out@
+-- extension, for example we chose ghcjs when the target @out@ ends in .js. If
+-- @out@ does not have an extension, each build type falls back to a default,
+-- usually an executable binary.
 --
 -- This method of setting metadata in the module comments works pretty well,
 -- and really only needs to be done in the entrypoint module anyway.
 --
--- Local module deps are included by just giving the repo root to the compiler
--- that bild calls out to.
---
--- == Questions
---
---    * how to handle multiple output formats?
---
---        * e.g. that ghcjs and ghc take the same input files...
---
---        * say you have a .md file, you want to bild it to pdf, html, and more. What
---          do?
+-- Local module deps are included by just giving the repo root to the underlying
+-- compiler for the target, and the compiler does work of walking the source
+-- tree.
 module Biz.Bild where
 
 import Alpha hiding (sym, (<.>))
@@ -158,12 +152,15 @@ data Target = Target
     -- | Parsed/detected dependencies
     deps :: [Dep],
     -- | Which compiler should we use?
-    compiler :: Compiler
+    compiler :: Compiler,
+    -- | Where is this machine being built? Schema: user@location
+    builder :: String
   }
   deriving (Show)
 
 analyze :: String -> IO Target
 analyze s = do
+  user <- Env.getEnv "USER"
   root <- Env.getEnv "BIZ_ROOT"
   cwd <- Dir.getCurrentDirectory
   let path = cwd </> s
@@ -183,6 +180,7 @@ analyze s = do
                 |> List.stripPrefix "."
                 >>= Regex.match metaNamespace,
             deps = content /> Regex.match metaDep |> catMaybes,
+            builder = user <> "@localhost",
             ..
           }
     ".nix" ->
@@ -192,7 +190,15 @@ analyze s = do
             path = path,
             deps = [],
             compiler = Nix,
-            out = ""
+            out = "",
+            builder =
+              join
+                [ "ssh://",
+                  user,
+                  "@dev.simatime.com?ssh-key=/home/",
+                  user,
+                  "/.ssh/id_rsa"
+                ]
           }
     e -> panic <| "bild does not know this extension: " <> Text.pack e
 
@@ -201,9 +207,10 @@ build Target {..} = do
   root <- Env.getEnv "BIZ_ROOT"
   case compiler of
     Ghc -> do
-      putText <| "bild: ghc: " <> Text.pack namespace
-      let devOut = root </> "_/bild/dev/bin"
-      Dir.createDirectoryIfMissing True devOut
+      putText <| "bild: dev: ghc: " <> Text.pack namespace
+      let outDir = root </> "_/bild/dev/bin"
+      Dir.createDirectoryIfMissing True outDir
+      putText <| "bild: dev: local: " <> Text.pack builder
       Process.callProcess
         "ghc"
         [ "-Werror",
@@ -217,12 +224,13 @@ build Target {..} = do
           "-main-is",
           namespace,
           "-o",
-          devOut </> out
+          outDir </> out
         ]
     Ghcjs -> do
-      putText <| "bild: ghcjs: " <> Text.pack namespace
-      let devOut = root </> "_/bild/dev/static"
-      Dir.createDirectoryIfMissing True devOut
+      putText <| "bild: dev: ghcjs: " <> Text.pack namespace
+      let outDir = root </> "_/bild/dev/static"
+      Dir.createDirectoryIfMissing True outDir
+      putText <| "bild: dev: local: " <> Text.pack builder
       Process.callProcess
         "ghcjs"
         [ "-Werror",
@@ -236,19 +244,21 @@ build Target {..} = do
           "-main-is",
           namespace,
           "-o",
-          devOut </> out
+          outDir </> out
         ]
     Nix -> do
       putText <| "bild: nix: " <> Text.pack namespace
       cwd <- Dir.getCurrentDirectory
-      let nixOut = root </> "_/bild/nix"
-      Dir.createDirectoryIfMissing True nixOut
+      let outDir = root </> "_/bild/nix"
+      Dir.createDirectoryIfMissing True outDir
       let qualifiedTarget = reps root "" cwd </> namespace
+      putText <| "bild: nix: remote: " <> Text.pack builder
       Process.callProcess
         "nix-build"
         [ path,
           "-o",
-          nixOut </> qualifiedTarget,
+          outDir </> qualifiedTarget,
+          -- Set default arguments to nix functions
           "--arg",
           "bild",
           "import " <> root
@@ -259,7 +269,10 @@ build Target {..} = do
             <> "; }",
           "--arg",
           "lib",
-          "(import " <> root </> "Biz/Bild/Nixpkgs.nix).lib"
+          "(import " <> root </> "Biz/Bild/Nixpkgs.nix).lib",
+          -- Specify remote builders
+          "--builders",
+          builder
         ]
 
 metaNamespace :: Regex.RE Char Namespace
diff --git a/Biz/Dev.md b/Biz/Dev.md
index 6d793c9..f2aef0e 100644
--- a/Biz/Dev.md
+++ b/Biz/Dev.md
@@ -27,6 +27,8 @@ Jump into a development shell:
 
 Then run  `help` to see the dev commands.
 
+# Repository organization
+
 The source tree maps to the module namespace, and roughly follows the
 Haskell namespace hierarchy (although nothing is enforced). The main
 'common' space is `Biz`, other namespaces should be related to their
@@ -59,3 +61,25 @@ handle the file. So for example:
   this, but we use them to make plans and such
 - `.jnl` is a journal for accounting, the build system will check our
   balances, make sure we're profitable
+
+# Setting up remote builds
+
+The Biz.Dev machine acts as a remote build server and Nix cache. To use it from
+your local machine, your public key must be at `Biz/Keys/$USER.pub` and your
+user added to `Biz/Users.nix`, then bild will automatically use your key to run
+builds on Biz.Dev.
+
+To use distributed builds for all nix commands, add the following to your NixOS
+configuration:
+
+    nix = {
+      distributedBuilds = true;
+      buildMachines = [
+        {
+          hostName = "dev.simatime.com";
+          sshUser = "yourUserName";
+          sshKey = "/path/to/your/private/key";
+          system = "x86_64-linux";
+        }
+      ];
+    };
diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix
index 0ba3fca..bf29ada 100644
--- a/Biz/OsBase.nix
+++ b/Biz/OsBase.nix
@@ -20,5 +20,6 @@
   services.openssh.openFirewall = true;
   services.openssh.forwardX11 = true;
   services.openssh.passwordAuthentication = false;
+  services.openssh.permitRootLogin = "prohibit-password";
   system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
 }
author	Ben Sima <ben@bsima.me>	2020-11-28 09:25:29 -0500
committer	Ben Sima <ben@bsima.me>	2020-11-28 13:07:42 -0500
commit	90badda2f8ef96069fae3a00d1726237783b0209 (patch)
tree	c2b703573d8288deaac56dc6a403deffce468f06 /Biz
parent	8f871af38d05a73065ce3041dd448424d8bb625a (diff)