From 90badda2f8ef96069fae3a00d1726237783b0209 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Sat, 28 Nov 2020 09:25:29 -0500 Subject: Enable rudimentary remote builds --- Biz/Bild.hs | 71 ++++++++++++++++++++++++++++++++++------------------------ Biz/Dev.md | 24 ++++++++++++++++++++ Biz/OsBase.nix | 1 + 3 files changed, 67 insertions(+), 29 deletions(-) (limited to 'Biz') diff --git a/Biz/Bild.hs b/Biz/Bild.hs index 169fd6f..3334952 100644 --- a/Biz/Bild.hs +++ b/Biz/Bild.hs @@ -8,7 +8,7 @@ -- Not all of the below design is implemented. Currently: -- -- - with a nix build, results are linked in _/bild/nix/ --- - for a dev build, results are stored in _/bild/dev/ +-- - with a dev build, results are stored in _/bild/dev/ -- -- ----------------------------------------------------------------------------- -- @@ -55,7 +55,7 @@ -- -- == Example Commands -- --- > bild [-spt] +-- > bild [opts] -- -- The general scheme is to build the things described by the targets. A target -- is a namespace. You can list as many as you want, but you must list at least @@ -100,23 +100,17 @@ -- -- > -- : out my-ap.js -- --- When multiple compilers are possible (e.g. ghc vs ghcjs) we chose ghcjs when --- the target @out@ ends in .js. +-- When multiple compilers are possible (e.g. ghc vs ghcjs) we use the @out@ +-- extension, for example we chose ghcjs when the target @out@ ends in .js. If +-- @out@ does not have an extension, each build type falls back to a default, +-- usually an executable binary. -- -- This method of setting metadata in the module comments works pretty well, -- and really only needs to be done in the entrypoint module anyway. -- --- Local module deps are included by just giving the repo root to the compiler --- that bild calls out to. --- --- == Questions --- --- * how to handle multiple output formats? --- --- * e.g. that ghcjs and ghc take the same input files... --- --- * say you have a .md file, you want to bild it to pdf, html, and more. What --- do? +-- Local module deps are included by just giving the repo root to the underlying +-- compiler for the target, and the compiler does work of walking the source +-- tree. module Biz.Bild where import Alpha hiding (sym, (<.>)) @@ -158,12 +152,15 @@ data Target = Target -- | Parsed/detected dependencies deps :: [Dep], -- | Which compiler should we use? - compiler :: Compiler + compiler :: Compiler, + -- | Where is this machine being built? Schema: user@location + builder :: String } deriving (Show) analyze :: String -> IO Target analyze s = do + user <- Env.getEnv "USER" root <- Env.getEnv "BIZ_ROOT" cwd <- Dir.getCurrentDirectory let path = cwd s @@ -183,6 +180,7 @@ analyze s = do |> List.stripPrefix "." >>= Regex.match metaNamespace, deps = content /> Regex.match metaDep |> catMaybes, + builder = user <> "@localhost", .. } ".nix" -> @@ -192,7 +190,15 @@ analyze s = do path = path, deps = [], compiler = Nix, - out = "" + out = "", + builder = + join + [ "ssh://", + user, + "@dev.simatime.com?ssh-key=/home/", + user, + "/.ssh/id_rsa" + ] } e -> panic <| "bild does not know this extension: " <> Text.pack e @@ -201,9 +207,10 @@ build Target {..} = do root <- Env.getEnv "BIZ_ROOT" case compiler of Ghc -> do - putText <| "bild: ghc: " <> Text.pack namespace - let devOut = root "_/bild/dev/bin" - Dir.createDirectoryIfMissing True devOut + putText <| "bild: dev: ghc: " <> Text.pack namespace + let outDir = root "_/bild/dev/bin" + Dir.createDirectoryIfMissing True outDir + putText <| "bild: dev: local: " <> Text.pack builder Process.callProcess "ghc" [ "-Werror", @@ -217,12 +224,13 @@ build Target {..} = do "-main-is", namespace, "-o", - devOut out + outDir out ] Ghcjs -> do - putText <| "bild: ghcjs: " <> Text.pack namespace - let devOut = root "_/bild/dev/static" - Dir.createDirectoryIfMissing True devOut + putText <| "bild: dev: ghcjs: " <> Text.pack namespace + let outDir = root "_/bild/dev/static" + Dir.createDirectoryIfMissing True outDir + putText <| "bild: dev: local: " <> Text.pack builder Process.callProcess "ghcjs" [ "-Werror", @@ -236,19 +244,21 @@ build Target {..} = do "-main-is", namespace, "-o", - devOut out + outDir out ] Nix -> do putText <| "bild: nix: " <> Text.pack namespace cwd <- Dir.getCurrentDirectory - let nixOut = root "_/bild/nix" - Dir.createDirectoryIfMissing True nixOut + let outDir = root "_/bild/nix" + Dir.createDirectoryIfMissing True outDir let qualifiedTarget = reps root "" cwd namespace + putText <| "bild: nix: remote: " <> Text.pack builder Process.callProcess "nix-build" [ path, "-o", - nixOut qualifiedTarget, + outDir qualifiedTarget, + -- Set default arguments to nix functions "--arg", "bild", "import " <> root @@ -259,7 +269,10 @@ build Target {..} = do <> "; }", "--arg", "lib", - "(import " <> root "Biz/Bild/Nixpkgs.nix).lib" + "(import " <> root "Biz/Bild/Nixpkgs.nix).lib", + -- Specify remote builders + "--builders", + builder ] metaNamespace :: Regex.RE Char Namespace diff --git a/Biz/Dev.md b/Biz/Dev.md index 6d793c9..f2aef0e 100644 --- a/Biz/Dev.md +++ b/Biz/Dev.md @@ -27,6 +27,8 @@ Jump into a development shell: Then run `help` to see the dev commands. +# Repository organization + The source tree maps to the module namespace, and roughly follows the Haskell namespace hierarchy (although nothing is enforced). The main 'common' space is `Biz`, other namespaces should be related to their @@ -59,3 +61,25 @@ handle the file. So for example: this, but we use them to make plans and such - `.jnl` is a journal for accounting, the build system will check our balances, make sure we're profitable + +# Setting up remote builds + +The Biz.Dev machine acts as a remote build server and Nix cache. To use it from +your local machine, your public key must be at `Biz/Keys/$USER.pub` and your +user added to `Biz/Users.nix`, then bild will automatically use your key to run +builds on Biz.Dev. + +To use distributed builds for all nix commands, add the following to your NixOS +configuration: + + nix = { + distributedBuilds = true; + buildMachines = [ + { + hostName = "dev.simatime.com"; + sshUser = "yourUserName"; + sshKey = "/path/to/your/private/key"; + system = "x86_64-linux"; + } + ]; + }; diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix index 0ba3fca..bf29ada 100644 --- a/Biz/OsBase.nix +++ b/Biz/OsBase.nix @@ -20,5 +20,6 @@ services.openssh.openFirewall = true; services.openssh.forwardX11 = true; services.openssh.passwordAuthentication = false; + services.openssh.permitRootLogin = "prohibit-password"; system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin } -- cgit v1.2.3