From 22c98ff7edde7c420dd6f5e0eba7528a6859b06f Mon Sep 17 00:00:00 2001
From: Erik Mackdanz <erikmack@gmail.com>
Date: Thu, 14 Aug 2025 15:40:42 +0000
Subject: [PATCH] Add notes for creating worker containers with systemd-nspawn

---
 nspawn-worker.md | 90 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 nspawn-worker.md

diff --git a/nspawn-worker.md b/nspawn-worker.md
new file mode 100644
index 0000000..521ba35
--- /dev/null
+++ b/nspawn-worker.md
@@ -0,0 +1,90 @@
+# Do all this as root
+
+# Get a base image
+rawtree=stage3-amd64-systemd-20250803T163732Z
+importctl pull-tar --class machine --verify no https://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64-systemd/${rawtree}.tar.xz
+
+# Make a place to prep the worker files
+btrfs su snapshot /var/lib/machines/${rawtree} /var/lib/machines/prepworker
+
+# prep portage tree
+rsync -av /var/db/repos/gentoo /var/lib/machines/prepworker/var/db/repos
+
+# prep from within
+systemd-nspawn --machine prepworker sh -c "echo 'dev-lang/rust-bin clippy' >/etc/portage/package.use/rust"
+# waterslager needs clang
+systemd-nspawn --machine prepworker emerge --noreplace dev-python/pip dev-lang/rust-bin dev-vcs/git llvm-core/clang-runtime
+systemd-nspawn --machine prepworker pip install --break-system-packages buildbot-worker pyOpenSSL service-identity
+systemd-nspawn --machine prepworker sh -c "groupadd buildbot && useradd -g buildbot -m buildbot"
+systemd-nspawn --machine prepworker --user buildbot mkdir -p /home/buildbot/info
+systemd-nspawn --machine prepworker --user buildbot sh -c "echo 'Erik Mackdanz <erik@humopery.space>' >/home/buildbot/info/admin"
+systemd-nspawn --machine prepworker --user buildbot sh -c "echo 'Eriks laptop' >/home/buildbot/info/host"
+
+systemd-nspawn --machine prepworker --user buildbot sh -c "mkdir -p /home/buildbot/.ssh; chmod 700 /home/buildbot/.ssh"
+cat >/var/lib/machines/prepworker/home/buildbot/.ssh/config <<EOF
+Host lin0
+Hostname 198.74.61.195
+User bbpublish
+IdentityFile ~/.ssh/id_ed25519
+
+Host sra0
+Hostname mail.atxsra.org
+User buildbot
+IdentityFile ~/.ssh/id_ed25519
+EOF
+systemd-nspawn --machine prepworker sh -c "chown buildbot:buildbot /home/buildbot/.ssh/config"
+cat >/var/lib/machines/prepworker/home/buildbot/.ssh/known_hosts <<EOF
+198.74.61.195 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB4yptpTtCx+rlur5SCS0c6pDdErENPWFTqGCW/LbsbB
+mail.atxsra.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcy34oz//SEcZtt8GTdeSeipxB7JvGRahUEadJFUzwi
+EOF
+systemd-nspawn --machine prepworker sh -c "chown buildbot:buildbot /home/buildbot/.ssh/known_hosts"
+# systemd-nspawn --machine prepworker --user buildbot sh -c ""
+# systemd-nspawn --machine prepworker --user buildbot sh -c ""
+# systemd-nspawn --machine prepworker --user buildbot sh -c ""
+
+cat >/var/lib/machines/prepworker/etc/systemd/system/bbworker.service <<EOF
+[Unit]
+Description=Buildbot Worker
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+WorkingDirectory=/home/buildbot
+ExecStart=buildbot-worker start
+ExecStop=buildbot-worker stop
+ExecReload=buildbot-worker restart
+PIDFile=/home/buildbot/twistd.pid
+Type=forking
+UnsetEnvironment=_ COLORTERM DISPLAY JOURNAL_STREAM INVOCATION_ID LOGNAME LS_COLORS MAIL OLDPWD PS1 SHELL_SETS_TITLE SHLVL SUDO_COMMAND SUDO_GID SUDO_HOME SUDO_UID SUDO_USER SYSTEMD_EXEC_PID VIRTUAL_ENV_PROMPT
+User=buildbot
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemd-nspawn --machine prepworker systemctl enable bbworker.service
+
+
+# set root password
+systemd-nspawn --template /var/lib/machines/prepworker --machine worker1 passwd
+# don't need --template after the first one
+systemd-nspawn --machine worker1 passwd buildbot
+
+# Do worker1 specific things
+systemd-nspawn --machine worker1 --user buildbot ssh-keygen
+cat /var/lib/machines/worker1/home/buildbot/.ssh/id_ed25519.pub
+# ^^ and copy this into lin0/sra0 ~/.ssh/authorized_keys
+systemd-nspawn --machine worker1 --user buildbot buildbot-worker create-worker --connection-string ssl:bb.humopery.space:9989 --use-tls /home/buildbot bb.humopery.space:9989 carb-ns-1 Thaishu3ohQuieQu5che
+
+# start in foreground
+systemd-nspawn --machine worker1 --boot
+# or in the background
+systemctl enable systemd-nspawn@worker1.service
+systemctl start systemd-nspawn@worker1.service
+# with overrides in worker1.nspawn (/etc/systemd/nspawn or /var/lib/machines), see man systemd.nspawn
+
+# Either way, log in
+machinectl login worker1
+
+
+# Delete the worker
+machinectl remove worker1
-- 
2.52.0