leon/nix-config
leon/nix-config
1
0
Fork 0
forked from c3d2/nix-config
Code Pull Requests Activity

Add ca hydra

Browse Source
This commit is contained in:
Sandro - 2022-06-24 01:02:11 +02:00
parent cc49ecc2a8
commit 8013a2d09a
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
3 changed files with 127 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
flake.lock
View File

@ -109,6 +109,30 @@
"type": "github"
}
},
"hydra-ca": {
"inputs": {
"nix": "nix_2",
"nixpkgs": [
"hydra-ca",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1642687475,
"narHash": "sha256-jdzUBckbpckHVcllLxi5fIGD0ANmUR22mAKPmgiNcoY=",
"owner": "thufschmitt",
"repo": "hydra",
"rev": "cdff8067285336abbe4750ae15d0a7dcdda5fcb5",
"type": "github"
},
"original": {
"owner": "thufschmitt",
"ref": "nix-ca",
"repo": "hydra",
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
@ -125,6 +149,22 @@
"type": "github"
}
},
"lowdown-src_2": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils",
@ -224,6 +264,24 @@
"type": "github"
}
},
"nix_2": {
"inputs": {
"lowdown-src": "lowdown-src_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1642583127,
"narHash": "sha256-WyCL2SDApuIjQngO0UozOBI/iDUUoDW1QEQ/MUUu/Ec=",
"owner": "NixOS",
"repo": "nix",
"rev": "bc443511eb65420b51d10708e25427fe50de37a8",
"type": "github"
},
"original": {
"id": "nix",
"type": "indirect"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1655789751,
@ -334,6 +392,21 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1632864508,
"narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "82891b5e2c2359d7e58d08849e4c89511ab94234",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05-small",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1655910979,
"narHash": "sha256-vknkFY8AEA7aLdtvyQ3P+pPsp70w9XsDR6t4M94q9sI=",
@ -411,10 +484,11 @@
"fenix": "fenix",
"heliwatch": "heliwatch",
"hydra": "hydra",
"hydra-ca": "hydra-ca",
"microvm": "microvm",
"naersk": "naersk",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-mobilizon": "nixpkgs-mobilizon",
"nixpkgs-openwebrx": "nixpkgs-openwebrx",
"openwrt": "openwrt",

13
flake.nix
View File

@ -18,9 +18,8 @@
naersk.follows = "naersk";
};
};
hydra = {
url = "github:nixos/hydra";
};
hydra.url = "github:nixos/hydra";
hydra-ca.url = "github:thufschmitt/hydra/nix-ca";
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
@ -336,9 +335,9 @@
nixosConfigurations = let
nixosSystem' =
# Our custom NixOS builder
{ nixpkgs ? inputs.nixpkgs, modules, extraArgs ? {}, system ? "x86_64-linux" }:
{ nixpkgs ? inputs.nixpkgs, modules, extraArgs ? {}, specialArgs ? { }, system ? "x86_64-linux" }:
nixpkgs.lib.nixosSystem {
inherit system;
inherit specialArgs system;
modules = [
({ pkgs, ... }: {
@ -356,7 +355,6 @@
./config/stats.nix
./modules/pi-sensors.nix
] ++ modules;
};
in {
@ -495,6 +493,9 @@
sops.defaultSopsFile = "${secrets}/hosts/hydra/secrets.yaml";
}
];
specialArgs = {
hydra-ca = inputs.hydra-ca;
};
};
mucbot = nixosSystem' {

51
hosts/hydra/hydra.nix
View File

@ -1,5 +1,43 @@
{ hostRegistry, config, lib, pkgs, ... }:
{ hostRegistry, hydra-ca, config, lib, pkgs, ... }:
{
containers = {
hydra-ca = {
autoStart = true;
config = { ... }: {
imports = [
hydra-ca.nixosModules.hydra
];
networking.firewall.allowedTCPPorts = [ 3001 ];
nix.settings = {
substituters = [
"https://cache.ngi0.nixos.org/"
];
trusted-public-keys = [
"cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
];
};
services = {
hydra-dev = lib.recursiveUpdate config.services.hydra-dev {
hydraURL = "https://hydra-ca.hq.c3d2.de";
port = 3001;
};
};
};
hostAddress = "192.168.100.1";
localAddress = "192.168.100.2";
privateNetwork = true;
};
};
networking.nat = {
enable = true;
externalInterface = "serv";
internalInterfaces = [ "ve-hydra-ca" ];
};
nix = {
extraOptions = ''
allowed-uris = http:// https:// ssh://
@ -44,7 +82,6 @@
binary_cache_secret_key_file = ${key}
evaluator_workers = 4
evaluator_max_memory_size = 2048
max_output_size = 4294967296
store_uri = auto?secret-key=${key}&write-nar-listing=1&ls-compression=zstd&log-compression=zstd
upload_logs_to_binary_cache = true
'';
@ -55,8 +92,7 @@
hydraVhost = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://localhost:${toString config.services.hydra.port}";
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
};
in
{
@ -65,11 +101,14 @@
"hydra.hq.c3d2.de" = hydraVhost // {
default = true;
};
"hydra-ca.hq.c3d2.de" = hydraVhost // {
locations."/".proxyPass = "http://192.168.100.2:3001";
};
"hydra.serv.zentralwerk.org" = hydraVhost;
# TODO: remove
"nix-serve.hq.c3d2.de" = hydraVhost;
"nix-serve.hq.c3d2.de" = hydraVhost; # TODO: remove
};
};
resolved.enable = false;
};
sops.secrets."nix-serve/secretKey".mode = "0444";