c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

hydra: add github access token

This commit is contained in:
Sandro - 2023-01-07 00:55:15 +01:00
parent 6072dbca1b
commit 9d9cc81671
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
2 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/hydra/default.nix
View File

@ -35,6 +35,7 @@ in
supportedFeatures = [ "kvm" "nixos-test" ];
maxJobs = 1;
}];
checkConfig = config.nix.extraOptions == "";
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
daemonIOSchedPriority = 7;
@ -51,6 +52,9 @@ in
"nixos-test" "benchmark"
];
};
extraOptions = ''
include ${config.sops.secrets."nix/access-tokens".path}
'';
};
nixpkgs.config.allowUnfree = true;
@ -131,7 +135,7 @@ in
useSubstitutes = true;
extraConfig =
let
key = config.sops.secrets."nix-serve/secretKey".path;
key = config.sops.secrets."nix/signing-key/secretKey".path;
in
''
binary_cache_secret_key_file = ${key}
@ -205,7 +209,7 @@ in
workers = 20;
max_connection_rate = 1024;
priority = 50;
sign_key_path = config.sops.secrets."nix-serve/secretKey".path;
sign_key_path = config.sops.secrets."nix/signing-key/secretKey".path;
};
};
@ -264,7 +268,10 @@ in
mode = "444";
path = "/etc/machine-id";
};
"nix-serve/secretKey" = {
"nix/access-tokens" = {
mode = "444";
};
"nix/signing-key/secretKey" = {
mode = "440";
owner = config.users.users.hydra-queue-runner.name;
inherit (config.users.users.hydra-queue-runner) group;

12
hosts/hydra/secrets.yaml
View File

@ -1,7 +1,9 @@
machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:bBDMsChgDqVk47MHlP3ZeGq8pxurTwMxHDhXTWOXNB0=,tag:mlAljtHyp6LsK/xtnpBfYQ==,type:str]
nix-serve:
publicKey: ENC[AES256_GCM,data:sR5wk7yvH5+lLpSIP0zNqCLvDRRvR8ws4Q8rVcVJx8YkrywwPcvIsJ1h6mVEu3nc6SLoZlQsuxOGCyNGD98CBNY=,iv:fFV2D27hWoxGtqVt3EnS4hMlrqW5LnIZ3LB5k4xmFWs=,tag:g7R1ossy2On6B2nVfKC9iA==,type:str]
secretKey: ENC[AES256_GCM,data:cm84sA7E6AnzpVoYuaYepbHGWkRigLdD2RxN21UsXCe7FXQxeTQTxxbzVxJ3G9Lt3kRXuZnODntOo5EQKhs46+wzpO8YLKQxkJXrdluXoGVIWl3/6QFVq66XLJ2i6G4eBK9IH0DYJ+anj8/i8Q==,iv:GEM8Vmx0A8LfJo7QOl0N67Cgk+JqHpp7r+41VivmTg4=,tag:O4Kq4WKgbyt354HSa/7eQQ==,type:str]
nix:
access-tokens: ENC[AES256_GCM,data:6qYsInpdUwkWCFroA9AMUIHfu2/XoKfHPtwLRyaIffrcAa9KaHfgO7fKAvsySkaQ7mc9yImZxC5/AurN6zDMTOe1YQ4tVxcsDcBOtjEF+EBJjY2gS5LmxkreIr5+I8TYHSO0Bj7CZQAZOdtQW7mZ6CQ=,iv:NW4moujf3yCEbmLIW5lp+Zc0IMAy1W8xsVXgaCIpNUY=,tag:GkQNy8IarFWPkCTIxbn1gw==,type:str]
signing-key:
publicKey: ENC[AES256_GCM,data:OV549m0+BA0BkYHQu0wx0d4XYkxwq9aNU7k6lLZ82blI5tf90UlKlCbVmA0wK5aVoGEBvQtBdntBMgubsH1GHJc=,iv:H/upNu0xCDKHPivYTYySKZ6a+XVJWV1vvRwfwKomJLU=,tag:xkFTTGyNS/UCQ5fmlLnnDA==,type:str]
secretKey: ENC[AES256_GCM,data:CMEER5Pcv2T0dYrgcrEH10uC6BM1pUOdAaQWA95lNQ3giuHdXzslFq3FTsk8hYODngNdNt/0ZOe67iWdJMjqSPKO2oTDofGtUL9GVordjnRpEtSgFkLbEjJ8kZff/IbXJzScdHEM676UhIdC3g==,iv:yVqWLuXFCCGjaiVHIKQbaagCxasqpVhS+4JnQWdecPk=,tag:F7zPgTzOxUiAJggmZAnaIg==,type:str]
ldap:
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
ssh-keys:
@ -38,8 +40,8 @@ sops:
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-06T21:53:26Z"
mac: ENC[AES256_GCM,data:9DZDaGv7GDp0AqsxZ4AWYgUFa13nBisTk24Ftk6Fiwk/hSQo7zvYE1P4Nw9GzLtiwPzu8h0JznK1OdPoQyMaRW+i3cuCeWJsEJiJlJzYSDBRmONy/NdzCAgZ9X1KWkxKhq41FoEvsReEE0ftcxBobaCpCc8EuHDPoapKm9VDdg4=,iv:z+pp0EdOByM0pLLtFnI7QApnNYSqELGDQO8jHFH/9Uk=,tag:AuiqZ/e11tq+6nFn0FjPrw==,type:str]
lastmodified: "2023-01-06T23:28:11Z"
mac: ENC[AES256_GCM,data:2+jeXXMS5ZwEXULBHHpFosXW9Z5CAC165QQ7iJ0uY7JRoeAgBYgrYX3LDU56BMY10eiiYoUyqGh5XdLy3dJud3qTQosMo4fgO1THgBa2xtxUNHgVnH8yqJl3ncNiIgPbusa4f3KVaar30Zs31nbuomLDBfbrI6k63QpTz3Kp2xE=,iv:MUt+G1/HRps6GokWAUalA5LbC9tnfN3PpzwBqZ69m30=,tag:HbvuMLTvEbEIDk8t/63O9w==,type:str]
pgp:
- created_at: "2022-12-26T19:10:03Z"
enc: |