Rename nix-serve to nix-cache

This commit is contained in:
Sandro - 2023-04-03 20:34:04 +02:00
parent 81159cd989
commit b86bb8d067
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
9 changed files with 40 additions and 36 deletions

View File

@ -47,8 +47,8 @@ For every host that has a `nixosConfiguration` in our Flake, there are two scrip
To use the cache from hydra set the following nix options similar to enabling flakes:
```
trusted-public-keys = nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
trusted-substituters = https://nix-serve.hq.c3d2.de
trusted-public-keys = nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
trusted-substituters = https://nix-cache.hq.c3d2.de
```
### Checking for updates

View File

@ -92,11 +92,11 @@
experimental-features = "nix-command flakes";
fallback = true;
trusted-public-keys = [
"nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
"nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
];
# don't self feed hydra
substituters = lib.mkIf (config.networking.hostName != "hydra") (
lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
lib.mkBefore [ "https://nix-cache.hq.c3d2.de" ]
);
};
};

View File

@ -2,8 +2,8 @@
description = "C3D2 NixOS configurations";
nixConfig = {
extra-substituters = [ "https://nix-serve.hq.c3d2.de" ];
extra-trusted-public-keys = [ "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ];
extra-substituters = [ "https://nix-cache.hq.c3d2.de" ];
extra-trusted-public-keys = [ "nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ];
};
inputs = {

View File

@ -194,31 +194,34 @@ in
};
};
nginx =
let
hydraVhost = {
nginx = {
enable = true;
virtualHosts = {
"hydra.hq.c3d2.de" = {
default = true;
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
serverAliases = [
"hydra-ca.hq.c3d2.de"
"hydra.serv.zentralwerk.org"
];
};
# "hydra-ca.hq.c3d2.de" = {
# enableACME = true;
# forceSSL = true;
# locations."/".proxyPass = "http://192.168.100.2:3001";
# };
"nix-cache.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
};
in
{
enable = true;
virtualHosts = {
"hydra.hq.c3d2.de" = hydraVhost // {
default = true;
};
# "hydra-ca.hq.c3d2.de" = hydraVhost // {
# locations."/".proxyPass = "http://192.168.100.2:3001";
# };
"hydra.serv.zentralwerk.org" = hydraVhost;
"nix-serve.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${toString cachePort}";
};
locations."/".proxyPass = "http://localhost:${toString cachePort}";
serverAliases = [
"nix-serve.hq.c3d2.de"
];
};
};
};
portunus.addToHosts = true;
@ -326,6 +329,6 @@ in
};
};
# allow reading nix-serve secret
# allow reading harmonia secret
users.users.harmonia.extraGroups = [ "hydra" ];
}

View File

@ -2,8 +2,8 @@ machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:
nix:
access-tokens: ENC[AES256_GCM,data:6qYsInpdUwkWCFroA9AMUIHfu2/XoKfHPtwLRyaIffrcAa9KaHfgO7fKAvsySkaQ7mc9yImZxC5/AurN6zDMTOe1YQ4tVxcsDcBOtjEF+EBJjY2gS5LmxkreIr5+I8TYHSO0Bj7CZQAZOdtQW7mZ6CQ=,iv:NW4moujf3yCEbmLIW5lp+Zc0IMAy1W8xsVXgaCIpNUY=,tag:GkQNy8IarFWPkCTIxbn1gw==,type:str]
signing-key:
publicKey: ENC[AES256_GCM,data:OV549m0+BA0BkYHQu0wx0d4XYkxwq9aNU7k6lLZ82blI5tf90UlKlCbVmA0wK5aVoGEBvQtBdntBMgubsH1GHJc=,iv:H/upNu0xCDKHPivYTYySKZ6a+XVJWV1vvRwfwKomJLU=,tag:xkFTTGyNS/UCQ5fmlLnnDA==,type:str]
secretKey: ENC[AES256_GCM,data:CMEER5Pcv2T0dYrgcrEH10uC6BM1pUOdAaQWA95lNQ3giuHdXzslFq3FTsk8hYODngNdNt/0ZOe67iWdJMjqSPKO2oTDofGtUL9GVordjnRpEtSgFkLbEjJ8kZff/IbXJzScdHEM676UhIdC3g==,iv:yVqWLuXFCCGjaiVHIKQbaagCxasqpVhS+4JnQWdecPk=,tag:F7zPgTzOxUiAJggmZAnaIg==,type:str]
publicKey: ENC[AES256_GCM,data:uCu93uTpOjgu0y41mduuP+wthq21Ywren0fwps2KF/7dnuOBbZ7N47khgemZV0mLzk0UTWqdcceRP1V12olpCRM=,iv:m+5kJdcGG+F+Wk2vjmNk/BAka8al6VVsjnP7eqq9VJI=,tag:hID2IX5WU+iRiQnHS9IW1w==,type:str]
secretKey: ENC[AES256_GCM,data:o9GEuqRQff4G7sv8f8OVr1tuvMQK97w3+l6MxHGy6ZAzklRQfrGmGCsKi5LVqpRXcc39VPp4kQZ7Iqlv4ZeaAM9p3FneXyPdyWyumsZVjPV8ChY9myQypXhngK/RD1+c+Wuzqlf8t5UnHY3F4Q==,iv:RBjPusXr46YQvuq2P/EenTcQJOutvCUheGya+zEnPHA=,tag:bXKzk4yRIktpZ1/w+6qsug==,type:str]
ldap:
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
ssh-keys:
@ -40,8 +40,8 @@ sops:
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-06T23:28:11Z"
mac: ENC[AES256_GCM,data:2+jeXXMS5ZwEXULBHHpFosXW9Z5CAC165QQ7iJ0uY7JRoeAgBYgrYX3LDU56BMY10eiiYoUyqGh5XdLy3dJud3qTQosMo4fgO1THgBa2xtxUNHgVnH8yqJl3ncNiIgPbusa4f3KVaar30Zs31nbuomLDBfbrI6k63QpTz3Kp2xE=,iv:MUt+G1/HRps6GokWAUalA5LbC9tnfN3PpzwBqZ69m30=,tag:HbvuMLTvEbEIDk8t/63O9w==,type:str]
lastmodified: "2023-04-03T18:30:22Z"
mac: ENC[AES256_GCM,data:dy18dqKru8/ytsg44j2W+dAkW1yRcAHdvQIkVlPid5Kg/yu4c4Ba47p3idEhySmN7JQaqZmVKhrsU3VyJ/vURXyaP+vlkXdIfed2dTd97I07pTpI7+NA2ekN3teDvh/hmuxnUZwNjIY3WbaR1Yyu4zMJ4qPJMKDR59BORy2iigk=,iv:K1X8yjJJI0l6VJnBBUZs8onomILB9QfNtuVk3ToONtw=,tag:ORMFr4XRojlaro2aP9apNQ==,type:str]
pgp:
- created_at: "2022-12-26T19:10:03Z"
enc: |

View File

@ -77,6 +77,7 @@
hostNames = [
"hydra.hq.c3d2.de"
"hydra-ca.hq.c3d2.de"
"nix-cache.hq.c3d2.de"
"nix-serve.hq.c3d2.de"
];
proxyTo.host = hostRegistry.hydra.ip4;

View File

@ -38,7 +38,7 @@
if [ "$OLD" != "$NEW" ]; then
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
# this should fetch the new system from the binary cache
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
nix copy --from https://nix-cache.hq.c3d2.de "$NEW"
if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
echo "Switch to the new system..."
nix-env -p /nix/var/nix/profiles/system --set $NEW
@ -92,7 +92,7 @@
if [ "$OLD" != "$NEW" ]; then
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
# this should fetch the new system from the binary cache
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
nix copy --from https://nix-cache.hq.c3d2.de "$NEW"
echo "Switch to the new system..."
nix-env -p /nix/var/nix/profiles/system --set $NEW
"$NEW/bin/switch-to-configuration" switch

View File

@ -82,7 +82,7 @@
cd /var/lib/microvms/$NAME
if [ "$(cat flake)" = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update" ]; then
NEW=$(curl -sLH "Accept: application/json" https://hydra.hq.c3d2.de/job/c3d2/nix-config/$NAME/latest | ${pkgs.jq}/bin/jq -er .buildoutputs.out.path)
nix copy --from https://nix-serve.hq.c3d2.de $NEW
nix copy --from https://nix-cache.hq.c3d2.de $NEW
if [ -e booted ]; then
nix store diff-closures $(readlink booted) $NEW

View File

@ -141,7 +141,7 @@ lib.attrsets.mapAttrs
ssh ${target} -- bash -e <<EOF
[[ \$(cat /etc/hostname) == ${name} ]]
echo Copying data from Hydra to ${name}
nix copy --from https://nix-serve.hq.c3d2.de \
nix copy --from https://nix-cache.hq.c3d2.de \
$TOPLEVEL
echo Activation on ${name}: "$@"
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL