Server7: stop building with other hydra, new nix-serve keys
This commit is contained in:
parent
c03a6ea7c0
commit
65bff74538
|
@ -5,7 +5,6 @@ in {
|
|||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
../../lib
|
||||
../../lib/hq.nix
|
||||
../../lib/default-gateway.nix
|
||||
../../lib/emery.nix
|
||||
../../lib/windsleep.nix
|
||||
|
@ -26,6 +25,14 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
statusPage = true;
|
||||
};
|
||||
|
||||
# Route IPv6
|
||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||
# Obtain global IPv6 despite being a router myself
|
||||
|
@ -54,21 +61,7 @@ in {
|
|||
package = pkgs.nixFlakes;
|
||||
extraOptions = "experimental-features = nix-command flakes ca-references";
|
||||
gc.automatic = true;
|
||||
distributedBuilds = true;
|
||||
buildMachines = [
|
||||
{
|
||||
hostName = "localhost";
|
||||
system = "x86_64-linux";
|
||||
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
|
||||
maxJobs = 8;
|
||||
}
|
||||
{
|
||||
hostName = "hydra.hq";
|
||||
system = "x86_64-linux";
|
||||
sshUser = "buildfarmer";
|
||||
sshKey = "/etc/hydra.id_ed25519"; # shit is dumb
|
||||
}
|
||||
];
|
||||
optimise.automatic = true;
|
||||
};
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
|
|
@ -162,22 +162,27 @@ in { config, pkgs, ... }: {
|
|||
users.users.root.password = "k-ot";
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "https://flakes.hq.c3d2.de";
|
||||
hydraURL = "https://server7.hq.c3d2.de";
|
||||
logo = ./hydra.svg;
|
||||
notificationSender = "hydra@spam.works";
|
||||
package = hydraFlakes pkgs;
|
||||
listenHost = "127.0.0.1";
|
||||
};
|
||||
|
||||
nix.buildMachines = [{
|
||||
hostName = "localhost";
|
||||
system = "x86_64-linux";
|
||||
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
|
||||
maxJobs = 8;
|
||||
}];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
virtualHosts = {
|
||||
"flakes.hq.c3d2.de" = {
|
||||
"server7.hq.c3d2.de" = {
|
||||
default = true;
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass =
|
||||
"http://127.0.0.1:${toString config.services.hydra.port}";
|
||||
};
|
||||
|
|
|
@ -1,8 +1,24 @@
|
|||
{ ... }:
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
nix.sshServe.enable = true;
|
||||
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = "/var/cache-priv-key.pem";
|
||||
secretKeyFile = "/var/lib/nix-serve.key";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"cache.server7.hq.c3d2.de" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass =
|
||||
"http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -1,11 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
|
||||
];
|
||||
in {
|
||||
{
|
||||
|
||||
nix.trustedUsers = [ "emery" ];
|
||||
|
||||
|
@ -20,7 +15,11 @@ in {
|
|||
extraGroups = [ "users" "wheel" ];
|
||||
hashedPassword =
|
||||
"$6$ZgiLSFCQPW0DB0i$aPeZ9E62y2OvqRbNAEL.8IK30YgvyLy6UOitN6A.li.YmUrmYAh1ukB844MFp3KlTpYzi5e80hRIg1Vx1F0uO/";
|
||||
openssh.authorizedKeys = { inherit keys; };
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVmyXQNE5IhcFdAWNfd4Cgg+rc+z/uClSQdPcaAVbYf emery@nixos"
|
||||
];
|
||||
|
||||
shell = pkgs.fish;
|
||||
};
|
||||
|
||||
|
@ -31,4 +30,6 @@ in {
|
|||
users.users.buildfarmer.openssh = {
|
||||
inherit (config.users.users.emery.openssh) authorizedKeys;
|
||||
};
|
||||
|
||||
nix.sshServe.keys = config.users.users.emery.openssh.authorizedKeys.keys;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue