Rename nix-serve to nix-cache
parent
81159cd989
commit
b86bb8d067
GPG Key ID:
3AF5A43A3EECC2E5
|
|
@ -47,8 +47,8 @@ For every host that has a `nixosConfiguration` in our Flake, there are two scrip
|
|||
To use the cache from hydra set the following nix options similar to enabling flakes:
|
||||
|
||||
```
|
||||
trusted-public-keys = nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
|
||||
trusted-substituters = https://nix-serve.hq.c3d2.de
|
||||
trusted-public-keys = nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
|
||||
trusted-substituters = https://nix-cache.hq.c3d2.de
|
||||
```
|
||||
|
||||
### Checking for updates
|
||||
|
|
|
|||
|
|
@ -92,11 +92,11 @@
|
|||
experimental-features = "nix-command flakes";
|
||||
fallback = true;
|
||||
trusted-public-keys = [
|
||||
"nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
|
||||
"nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
|
||||
];
|
||||
# don't self feed hydra
|
||||
substituters = lib.mkIf (config.networking.hostName != "hydra") (
|
||||
lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
|
||||
lib.mkBefore [ "https://nix-cache.hq.c3d2.de" ]
|
||||
);
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@
|
|||
description = "C3D2 NixOS configurations";
|
||||
|
||||
nixConfig = {
|
||||
extra-substituters = [ "https://nix-serve.hq.c3d2.de" ];
|
||||
extra-trusted-public-keys = [ "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ];
|
||||
extra-substituters = [ "https://nix-cache.hq.c3d2.de" ];
|
||||
extra-trusted-public-keys = [ "nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ];
|
||||
};
|
||||
|
||||
inputs = {
|
||||
|
|
|
|||
|
|
@ -194,31 +194,34 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
nginx =
|
||||
let
|
||||
hydraVhost = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"hydra.hq.c3d2.de" = {
|
||||
default = true;
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
|
||||
serverAliases = [
|
||||
"hydra-ca.hq.c3d2.de"
|
||||
"hydra.serv.zentralwerk.org"
|
||||
];
|
||||
};
|
||||
# "hydra-ca.hq.c3d2.de" = {
|
||||
# enableACME = true;
|
||||
# forceSSL = true;
|
||||
# locations."/".proxyPass = "http://192.168.100.2:3001";
|
||||
# };
|
||||
"nix-cache.hq.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
|
||||
};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"hydra.hq.c3d2.de" = hydraVhost // {
|
||||
default = true;
|
||||
};
|
||||
# "hydra-ca.hq.c3d2.de" = hydraVhost // {
|
||||
# locations."/".proxyPass = "http://192.168.100.2:3001";
|
||||
# };
|
||||
"hydra.serv.zentralwerk.org" = hydraVhost;
|
||||
"nix-serve.hq.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://localhost:${toString cachePort}";
|
||||
};
|
||||
locations."/".proxyPass = "http://localhost:${toString cachePort}";
|
||||
serverAliases = [
|
||||
"nix-serve.hq.c3d2.de"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
portunus.addToHosts = true;
|
||||
|
||||
|
|
@ -326,6 +329,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# allow reading nix-serve secret
|
||||
# allow reading harmonia secret
|
||||
users.users.harmonia.extraGroups = [ "hydra" ];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@ machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:
|
|||
nix:
|
||||
access-tokens: ENC[AES256_GCM,data:6qYsInpdUwkWCFroA9AMUIHfu2/XoKfHPtwLRyaIffrcAa9KaHfgO7fKAvsySkaQ7mc9yImZxC5/AurN6zDMTOe1YQ4tVxcsDcBOtjEF+EBJjY2gS5LmxkreIr5+I8TYHSO0Bj7CZQAZOdtQW7mZ6CQ=,iv:NW4moujf3yCEbmLIW5lp+Zc0IMAy1W8xsVXgaCIpNUY=,tag:GkQNy8IarFWPkCTIxbn1gw==,type:str]
|
||||
signing-key:
|
||||
publicKey: ENC[AES256_GCM,data:OV549m0+BA0BkYHQu0wx0d4XYkxwq9aNU7k6lLZ82blI5tf90UlKlCbVmA0wK5aVoGEBvQtBdntBMgubsH1GHJc=,iv:H/upNu0xCDKHPivYTYySKZ6a+XVJWV1vvRwfwKomJLU=,tag:xkFTTGyNS/UCQ5fmlLnnDA==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:CMEER5Pcv2T0dYrgcrEH10uC6BM1pUOdAaQWA95lNQ3giuHdXzslFq3FTsk8hYODngNdNt/0ZOe67iWdJMjqSPKO2oTDofGtUL9GVordjnRpEtSgFkLbEjJ8kZff/IbXJzScdHEM676UhIdC3g==,iv:yVqWLuXFCCGjaiVHIKQbaagCxasqpVhS+4JnQWdecPk=,tag:F7zPgTzOxUiAJggmZAnaIg==,type:str]
|
||||
publicKey: ENC[AES256_GCM,data:uCu93uTpOjgu0y41mduuP+wthq21Ywren0fwps2KF/7dnuOBbZ7N47khgemZV0mLzk0UTWqdcceRP1V12olpCRM=,iv:m+5kJdcGG+F+Wk2vjmNk/BAka8al6VVsjnP7eqq9VJI=,tag:hID2IX5WU+iRiQnHS9IW1w==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:o9GEuqRQff4G7sv8f8OVr1tuvMQK97w3+l6MxHGy6ZAzklRQfrGmGCsKi5LVqpRXcc39VPp4kQZ7Iqlv4ZeaAM9p3FneXyPdyWyumsZVjPV8ChY9myQypXhngK/RD1+c+Wuzqlf8t5UnHY3F4Q==,iv:RBjPusXr46YQvuq2P/EenTcQJOutvCUheGya+zEnPHA=,tag:bXKzk4yRIktpZ1/w+6qsug==,type:str]
|
||||
ldap:
|
||||
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
|
||||
ssh-keys:
|
||||
|
|
@ -40,8 +40,8 @@ sops:
|
|||
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
|
||||
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-06T23:28:11Z"
|
||||
mac: ENC[AES256_GCM,data:2+jeXXMS5ZwEXULBHHpFosXW9Z5CAC165QQ7iJ0uY7JRoeAgBYgrYX3LDU56BMY10eiiYoUyqGh5XdLy3dJud3qTQosMo4fgO1THgBa2xtxUNHgVnH8yqJl3ncNiIgPbusa4f3KVaar30Zs31nbuomLDBfbrI6k63QpTz3Kp2xE=,iv:MUt+G1/HRps6GokWAUalA5LbC9tnfN3PpzwBqZ69m30=,tag:HbvuMLTvEbEIDk8t/63O9w==,type:str]
|
||||
lastmodified: "2023-04-03T18:30:22Z"
|
||||
mac: ENC[AES256_GCM,data:dy18dqKru8/ytsg44j2W+dAkW1yRcAHdvQIkVlPid5Kg/yu4c4Ba47p3idEhySmN7JQaqZmVKhrsU3VyJ/vURXyaP+vlkXdIfed2dTd97I07pTpI7+NA2ekN3teDvh/hmuxnUZwNjIY3WbaR1Yyu4zMJ4qPJMKDR59BORy2iigk=,iv:K1X8yjJJI0l6VJnBBUZs8onomILB9QfNtuVk3ToONtw=,tag:ORMFr4XRojlaro2aP9apNQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-26T19:10:03Z"
|
||||
enc: |
|
||||
|
|
|
|||
|
|
@ -77,6 +77,7 @@
|
|||
hostNames = [
|
||||
"hydra.hq.c3d2.de"
|
||||
"hydra-ca.hq.c3d2.de"
|
||||
"nix-cache.hq.c3d2.de"
|
||||
"nix-serve.hq.c3d2.de"
|
||||
];
|
||||
proxyTo.host = hostRegistry.hydra.ip4;
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
if [ "$OLD" != "$NEW" ]; then
|
||||
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
|
||||
# this should fetch the new system from the binary cache
|
||||
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
|
||||
nix copy --from https://nix-cache.hq.c3d2.de "$NEW"
|
||||
if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
|
||||
echo "Switch to the new system..."
|
||||
nix-env -p /nix/var/nix/profiles/system --set $NEW
|
||||
|
|
@ -92,7 +92,7 @@
|
|||
if [ "$OLD" != "$NEW" ]; then
|
||||
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
|
||||
# this should fetch the new system from the binary cache
|
||||
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
|
||||
nix copy --from https://nix-cache.hq.c3d2.de "$NEW"
|
||||
echo "Switch to the new system..."
|
||||
nix-env -p /nix/var/nix/profiles/system --set $NEW
|
||||
"$NEW/bin/switch-to-configuration" switch
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@
|
|||
cd /var/lib/microvms/$NAME
|
||||
if [ "$(cat flake)" = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update" ]; then
|
||||
NEW=$(curl -sLH "Accept: application/json" https://hydra.hq.c3d2.de/job/c3d2/nix-config/$NAME/latest | ${pkgs.jq}/bin/jq -er .buildoutputs.out.path)
|
||||
nix copy --from https://nix-serve.hq.c3d2.de $NEW
|
||||
nix copy --from https://nix-cache.hq.c3d2.de $NEW
|
||||
|
||||
if [ -e booted ]; then
|
||||
nix store diff-closures $(readlink booted) $NEW
|
||||
|
|
|
|||
|
|
@ -141,7 +141,7 @@ lib.attrsets.mapAttrs
|
|||
ssh ${target} -- bash -e <<EOF
|
||||
[[ \$(cat /etc/hostname) == ${name} ]]
|
||||
echo Copying data from Hydra to ${name}
|
||||
nix copy --from https://nix-serve.hq.c3d2.de \
|
||||
nix copy --from https://nix-cache.hq.c3d2.de \
|
||||
$TOPLEVEL
|
||||
echo Activation on ${name}: "$@"
|
||||
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
|
||||
|
|
|
|||
Loading…
Reference in New Issue