Server7: stop building with other hydra, new nix-serve keys
This commit is contained in:
parent
c03a6ea7c0
commit
65bff74538
|
@ -5,7 +5,6 @@ in {
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||||
../../lib
|
../../lib
|
||||||
../../lib/hq.nix
|
|
||||||
../../lib/default-gateway.nix
|
../../lib/default-gateway.nix
|
||||||
../../lib/emery.nix
|
../../lib/emery.nix
|
||||||
../../lib/windsleep.nix
|
../../lib/windsleep.nix
|
||||||
|
@ -26,6 +25,14 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
statusPage = true;
|
||||||
|
};
|
||||||
|
|
||||||
# Route IPv6
|
# Route IPv6
|
||||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||||
# Obtain global IPv6 despite being a router myself
|
# Obtain global IPv6 despite being a router myself
|
||||||
|
@ -54,21 +61,7 @@ in {
|
||||||
package = pkgs.nixFlakes;
|
package = pkgs.nixFlakes;
|
||||||
extraOptions = "experimental-features = nix-command flakes ca-references";
|
extraOptions = "experimental-features = nix-command flakes ca-references";
|
||||||
gc.automatic = true;
|
gc.automatic = true;
|
||||||
distributedBuilds = true;
|
optimise.automatic = true;
|
||||||
buildMachines = [
|
|
||||||
{
|
|
||||||
hostName = "localhost";
|
|
||||||
system = "x86_64-linux";
|
|
||||||
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
|
|
||||||
maxJobs = 8;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
hostName = "hydra.hq";
|
|
||||||
system = "x86_64-linux";
|
|
||||||
sshUser = "buildfarmer";
|
|
||||||
sshKey = "/etc/hydra.id_ed25519"; # shit is dumb
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
|
@ -162,22 +162,27 @@ in { config, pkgs, ... }: {
|
||||||
users.users.root.password = "k-ot";
|
users.users.root.password = "k-ot";
|
||||||
services.hydra = {
|
services.hydra = {
|
||||||
enable = true;
|
enable = true;
|
||||||
hydraURL = "https://flakes.hq.c3d2.de";
|
hydraURL = "https://server7.hq.c3d2.de";
|
||||||
logo = ./hydra.svg;
|
logo = ./hydra.svg;
|
||||||
notificationSender = "hydra@spam.works";
|
notificationSender = "hydra@spam.works";
|
||||||
package = hydraFlakes pkgs;
|
package = hydraFlakes pkgs;
|
||||||
listenHost = "127.0.0.1";
|
listenHost = "127.0.0.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nix.buildMachines = [{
|
||||||
|
hostName = "localhost";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
|
||||||
|
maxJobs = 8;
|
||||||
|
}];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"flakes.hq.c3d2.de" = {
|
"server7.hq.c3d2.de" = {
|
||||||
default = true;
|
default = true;
|
||||||
forceSSL = false;
|
addSSL = true;
|
||||||
enableACME = false;
|
enableACME = true;
|
||||||
locations."/".proxyPass =
|
locations."/".proxyPass =
|
||||||
"http://127.0.0.1:${toString config.services.hydra.port}";
|
"http://127.0.0.1:${toString config.services.hydra.port}";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,8 +1,24 @@
|
||||||
{ ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
nix.sshServe.enable = true;
|
||||||
|
|
||||||
services.nix-serve = {
|
services.nix-serve = {
|
||||||
enable = true;
|
enable = true;
|
||||||
secretKeyFile = "/var/cache-priv-key.pem";
|
secretKeyFile = "/var/lib/nix-serve.key";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts = {
|
||||||
|
"cache.server7.hq.c3d2.de" = {
|
||||||
|
addSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".proxyPass =
|
||||||
|
"http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,6 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
{
|
||||||
keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
|
|
||||||
];
|
|
||||||
in {
|
|
||||||
|
|
||||||
nix.trustedUsers = [ "emery" ];
|
nix.trustedUsers = [ "emery" ];
|
||||||
|
|
||||||
|
@ -20,7 +15,11 @@ in {
|
||||||
extraGroups = [ "users" "wheel" ];
|
extraGroups = [ "users" "wheel" ];
|
||||||
hashedPassword =
|
hashedPassword =
|
||||||
"$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
|
"$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
|
||||||
openssh.authorizedKeys = { inherit keys; };
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
|
||||||
|
];
|
||||||
|
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -31,4 +30,6 @@ in {
|
||||||
users.users.buildfarmer.openssh = {
|
users.users.buildfarmer.openssh = {
|
||||||
inherit (config.users.users.emery.openssh) authorizedKeys;
|
inherit (config.users.users.emery.openssh) authorizedKeys;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nix.sshServe.keys = config.users.users.emery.openssh.authorizedKeys.keys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue