Server7: stop building with other hydra, new nix-serve keys

hosts/server7/configuration.nix

@@ -5,7 +5,6 @@ in {
   imports = [
     <nixpkgs/nixos/modules/profiles/minimal.nix>
     ../../lib
-    ../../lib/hq.nix
     ../../lib/default-gateway.nix
     ../../lib/emery.nix
     ../../lib/windsleep.nix
@@ -26,6 +25,14 @@ in {
     };
   };
 
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    statusPage = true;
+  };
+
   # Route IPv6
   boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
   # Obtain global IPv6 despite being a router myself
@@ -54,21 +61,7 @@ in {
     package = pkgs.nixFlakes;
     extraOptions = "experimental-features = nix-command flakes ca-references";
     gc.automatic = true;
-    distributedBuilds = true;
-    buildMachines = [
-      {
-        hostName = "localhost";
-        system = "x86_64-linux";
-        supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
-        maxJobs = 8;
-      }
-      {
-        hostName = "hydra.hq";
-        system = "x86_64-linux";
-        sshUser = "buildfarmer";
-        sshKey = "/etc/hydra.id_ed25519"; # shit is dumb
-      }
-    ];
+    optimise.automatic = true;
   };
 
   virtualisation.docker.enable = true;

hosts/server7/hydra.nix

@@ -162,22 +162,27 @@ in { config, pkgs, ... }: {
   users.users.root.password = "k-ot";
   services.hydra = {
     enable = true;
-    hydraURL = "https://flakes.hq.c3d2.de";
+    hydraURL = "https://server7.hq.c3d2.de";
     logo = ./hydra.svg;
     notificationSender = "hydra@spam.works";
     package = hydraFlakes pkgs;
     listenHost = "127.0.0.1";
   };
 
+  nix.buildMachines = [{
+    hostName = "localhost";
+    system = "x86_64-linux";
+    supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
+    maxJobs = 8;
+  }];
+
   services.nginx = {
     enable = true;
-    recommendedProxySettings = true;
-    recommendedGzipSettings = true;
     virtualHosts = {
-      "flakes.hq.c3d2.de" = {
+      "server7.hq.c3d2.de" = {
         default = true;
-        forceSSL = false;
-        enableACME = false;
+        addSSL = true;
+        enableACME = true;
         locations."/".proxyPass =
           "http://127.0.0.1:${toString config.services.hydra.port}";
       };

hosts/server7/nix-serve.nix

@@ -1,8 +1,24 @@
-{ ... }:
+{ config, ... }:
 
 {
+  nix.sshServe.enable = true;
+
   services.nix-serve = {
     enable = true;
-    secretKeyFile = "/var/cache-priv-key.pem";
+    secretKeyFile = "/var/lib/nix-serve.key";
   };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "cache.server7.hq.c3d2.de" = {
+        addSSL = true;
+        enableACME = true;
+        locations."/".proxyPass =
+            "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+      };
+    };
+  };
+
 }
+

lib/emery.nix

@@ -1,11 +1,6 @@
 { config, pkgs, ... }:
 
-let
-  keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
-  ];
-in {
+{
 
   nix.trustedUsers = [ "emery" ];
 
@@ -20,7 +15,11 @@ in {
     extraGroups = [ "users" "wheel" ];
     hashedPassword =
       "$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
-    openssh.authorizedKeys = { inherit keys; };
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
+    ];
+
     shell = pkgs.fish;
   };
 
@@ -31,4 +30,6 @@ in {
   users.users.buildfarmer.openssh = {
     inherit (config.users.users.emery.openssh) authorizedKeys;
   };
+
+  nix.sshServe.keys = config.users.users.emery.openssh.authorizedKeys.keys;
 }