forked from c3d2/nix-config
Rename nix-serve to nix-cache
This commit is contained in:
parent
81159cd989
commit
b86bb8d067
|
@ -47,8 +47,8 @@ For every host that has a `nixosConfiguration` in our Flake, there are two scrip
|
||||||
To use the cache from hydra set the following nix options similar to enabling flakes:
|
To use the cache from hydra set the following nix options similar to enabling flakes:
|
||||||
|
|
||||||
```
|
```
|
||||||
trusted-public-keys = nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
|
trusted-public-keys = nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
|
||||||
trusted-substituters = https://nix-serve.hq.c3d2.de
|
trusted-substituters = https://nix-cache.hq.c3d2.de
|
||||||
```
|
```
|
||||||
|
|
||||||
### Checking for updates
|
### Checking for updates
|
||||||
|
|
|
@ -92,11 +92,11 @@
|
||||||
experimental-features = "nix-command flakes";
|
experimental-features = "nix-command flakes";
|
||||||
fallback = true;
|
fallback = true;
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
|
"nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
|
||||||
];
|
];
|
||||||
# don't self feed hydra
|
# don't self feed hydra
|
||||||
substituters = lib.mkIf (config.networking.hostName != "hydra") (
|
substituters = lib.mkIf (config.networking.hostName != "hydra") (
|
||||||
lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
|
lib.mkBefore [ "https://nix-cache.hq.c3d2.de" ]
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
description = "C3D2 NixOS configurations";
|
description = "C3D2 NixOS configurations";
|
||||||
|
|
||||||
nixConfig = {
|
nixConfig = {
|
||||||
extra-substituters = [ "https://nix-serve.hq.c3d2.de" ];
|
extra-substituters = [ "https://nix-cache.hq.c3d2.de" ];
|
||||||
extra-trusted-public-keys = [ "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ];
|
extra-trusted-public-keys = [ "nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
|
|
|
@ -194,31 +194,34 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nginx =
|
nginx = {
|
||||||
let
|
enable = true;
|
||||||
hydraVhost = {
|
virtualHosts = {
|
||||||
|
"hydra.hq.c3d2.de" = {
|
||||||
|
default = true;
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
|
||||||
|
serverAliases = [
|
||||||
|
"hydra-ca.hq.c3d2.de"
|
||||||
|
"hydra.serv.zentralwerk.org"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# "hydra-ca.hq.c3d2.de" = {
|
||||||
|
# enableACME = true;
|
||||||
|
# forceSSL = true;
|
||||||
|
# locations."/".proxyPass = "http://192.168.100.2:3001";
|
||||||
|
# };
|
||||||
|
"nix-cache.hq.c3d2.de" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
|
locations."/".proxyPass = "http://localhost:${toString cachePort}";
|
||||||
};
|
serverAliases = [
|
||||||
in
|
"nix-serve.hq.c3d2.de"
|
||||||
{
|
];
|
||||||
enable = true;
|
|
||||||
virtualHosts = {
|
|
||||||
"hydra.hq.c3d2.de" = hydraVhost // {
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
# "hydra-ca.hq.c3d2.de" = hydraVhost // {
|
|
||||||
# locations."/".proxyPass = "http://192.168.100.2:3001";
|
|
||||||
# };
|
|
||||||
"hydra.serv.zentralwerk.org" = hydraVhost;
|
|
||||||
"nix-serve.hq.c3d2.de" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/".proxyPass = "http://localhost:${toString cachePort}";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
portunus.addToHosts = true;
|
portunus.addToHosts = true;
|
||||||
|
|
||||||
|
@ -326,6 +329,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# allow reading nix-serve secret
|
# allow reading harmonia secret
|
||||||
users.users.harmonia.extraGroups = [ "hydra" ];
|
users.users.harmonia.extraGroups = [ "hydra" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,8 +2,8 @@ machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:
|
||||||
nix:
|
nix:
|
||||||
access-tokens: ENC[AES256_GCM,data:6qYsInpdUwkWCFroA9AMUIHfu2/XoKfHPtwLRyaIffrcAa9KaHfgO7fKAvsySkaQ7mc9yImZxC5/AurN6zDMTOe1YQ4tVxcsDcBOtjEF+EBJjY2gS5LmxkreIr5+I8TYHSO0Bj7CZQAZOdtQW7mZ6CQ=,iv:NW4moujf3yCEbmLIW5lp+Zc0IMAy1W8xsVXgaCIpNUY=,tag:GkQNy8IarFWPkCTIxbn1gw==,type:str]
|
access-tokens: ENC[AES256_GCM,data:6qYsInpdUwkWCFroA9AMUIHfu2/XoKfHPtwLRyaIffrcAa9KaHfgO7fKAvsySkaQ7mc9yImZxC5/AurN6zDMTOe1YQ4tVxcsDcBOtjEF+EBJjY2gS5LmxkreIr5+I8TYHSO0Bj7CZQAZOdtQW7mZ6CQ=,iv:NW4moujf3yCEbmLIW5lp+Zc0IMAy1W8xsVXgaCIpNUY=,tag:GkQNy8IarFWPkCTIxbn1gw==,type:str]
|
||||||
signing-key:
|
signing-key:
|
||||||
publicKey: ENC[AES256_GCM,data:OV549m0+BA0BkYHQu0wx0d4XYkxwq9aNU7k6lLZ82blI5tf90UlKlCbVmA0wK5aVoGEBvQtBdntBMgubsH1GHJc=,iv:H/upNu0xCDKHPivYTYySKZ6a+XVJWV1vvRwfwKomJLU=,tag:xkFTTGyNS/UCQ5fmlLnnDA==,type:str]
|
publicKey: ENC[AES256_GCM,data:uCu93uTpOjgu0y41mduuP+wthq21Ywren0fwps2KF/7dnuOBbZ7N47khgemZV0mLzk0UTWqdcceRP1V12olpCRM=,iv:m+5kJdcGG+F+Wk2vjmNk/BAka8al6VVsjnP7eqq9VJI=,tag:hID2IX5WU+iRiQnHS9IW1w==,type:str]
|
||||||
secretKey: ENC[AES256_GCM,data:CMEER5Pcv2T0dYrgcrEH10uC6BM1pUOdAaQWA95lNQ3giuHdXzslFq3FTsk8hYODngNdNt/0ZOe67iWdJMjqSPKO2oTDofGtUL9GVordjnRpEtSgFkLbEjJ8kZff/IbXJzScdHEM676UhIdC3g==,iv:yVqWLuXFCCGjaiVHIKQbaagCxasqpVhS+4JnQWdecPk=,tag:F7zPgTzOxUiAJggmZAnaIg==,type:str]
|
secretKey: ENC[AES256_GCM,data:o9GEuqRQff4G7sv8f8OVr1tuvMQK97w3+l6MxHGy6ZAzklRQfrGmGCsKi5LVqpRXcc39VPp4kQZ7Iqlv4ZeaAM9p3FneXyPdyWyumsZVjPV8ChY9myQypXhngK/RD1+c+Wuzqlf8t5UnHY3F4Q==,iv:RBjPusXr46YQvuq2P/EenTcQJOutvCUheGya+zEnPHA=,tag:bXKzk4yRIktpZ1/w+6qsug==,type:str]
|
||||||
ldap:
|
ldap:
|
||||||
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
|
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
|
||||||
ssh-keys:
|
ssh-keys:
|
||||||
|
@ -40,8 +40,8 @@ sops:
|
||||||
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
|
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
|
||||||
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
|
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-01-06T23:28:11Z"
|
lastmodified: "2023-04-03T18:30:22Z"
|
||||||
mac: ENC[AES256_GCM,data:2+jeXXMS5ZwEXULBHHpFosXW9Z5CAC165QQ7iJ0uY7JRoeAgBYgrYX3LDU56BMY10eiiYoUyqGh5XdLy3dJud3qTQosMo4fgO1THgBa2xtxUNHgVnH8yqJl3ncNiIgPbusa4f3KVaar30Zs31nbuomLDBfbrI6k63QpTz3Kp2xE=,iv:MUt+G1/HRps6GokWAUalA5LbC9tnfN3PpzwBqZ69m30=,tag:HbvuMLTvEbEIDk8t/63O9w==,type:str]
|
mac: ENC[AES256_GCM,data:dy18dqKru8/ytsg44j2W+dAkW1yRcAHdvQIkVlPid5Kg/yu4c4Ba47p3idEhySmN7JQaqZmVKhrsU3VyJ/vURXyaP+vlkXdIfed2dTd97I07pTpI7+NA2ekN3teDvh/hmuxnUZwNjIY3WbaR1Yyu4zMJ4qPJMKDR59BORy2iigk=,iv:K1X8yjJJI0l6VJnBBUZs8onomILB9QfNtuVk3ToONtw=,tag:ORMFr4XRojlaro2aP9apNQ==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-12-26T19:10:03Z"
|
- created_at: "2022-12-26T19:10:03Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
|
@ -77,6 +77,7 @@
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"hydra.hq.c3d2.de"
|
"hydra.hq.c3d2.de"
|
||||||
"hydra-ca.hq.c3d2.de"
|
"hydra-ca.hq.c3d2.de"
|
||||||
|
"nix-cache.hq.c3d2.de"
|
||||||
"nix-serve.hq.c3d2.de"
|
"nix-serve.hq.c3d2.de"
|
||||||
];
|
];
|
||||||
proxyTo.host = hostRegistry.hydra.ip4;
|
proxyTo.host = hostRegistry.hydra.ip4;
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
if [ "$OLD" != "$NEW" ]; then
|
if [ "$OLD" != "$NEW" ]; then
|
||||||
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
|
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
|
||||||
# this should fetch the new system from the binary cache
|
# this should fetch the new system from the binary cache
|
||||||
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
|
nix copy --from https://nix-cache.hq.c3d2.de "$NEW"
|
||||||
if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
|
if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
|
||||||
echo "Switch to the new system..."
|
echo "Switch to the new system..."
|
||||||
nix-env -p /nix/var/nix/profiles/system --set $NEW
|
nix-env -p /nix/var/nix/profiles/system --set $NEW
|
||||||
|
@ -92,7 +92,7 @@
|
||||||
if [ "$OLD" != "$NEW" ]; then
|
if [ "$OLD" != "$NEW" ]; then
|
||||||
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
|
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
|
||||||
# this should fetch the new system from the binary cache
|
# this should fetch the new system from the binary cache
|
||||||
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
|
nix copy --from https://nix-cache.hq.c3d2.de "$NEW"
|
||||||
echo "Switch to the new system..."
|
echo "Switch to the new system..."
|
||||||
nix-env -p /nix/var/nix/profiles/system --set $NEW
|
nix-env -p /nix/var/nix/profiles/system --set $NEW
|
||||||
"$NEW/bin/switch-to-configuration" switch
|
"$NEW/bin/switch-to-configuration" switch
|
||||||
|
|
|
@ -82,7 +82,7 @@
|
||||||
cd /var/lib/microvms/$NAME
|
cd /var/lib/microvms/$NAME
|
||||||
if [ "$(cat flake)" = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update" ]; then
|
if [ "$(cat flake)" = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update" ]; then
|
||||||
NEW=$(curl -sLH "Accept: application/json" https://hydra.hq.c3d2.de/job/c3d2/nix-config/$NAME/latest | ${pkgs.jq}/bin/jq -er .buildoutputs.out.path)
|
NEW=$(curl -sLH "Accept: application/json" https://hydra.hq.c3d2.de/job/c3d2/nix-config/$NAME/latest | ${pkgs.jq}/bin/jq -er .buildoutputs.out.path)
|
||||||
nix copy --from https://nix-serve.hq.c3d2.de $NEW
|
nix copy --from https://nix-cache.hq.c3d2.de $NEW
|
||||||
|
|
||||||
if [ -e booted ]; then
|
if [ -e booted ]; then
|
||||||
nix store diff-closures $(readlink booted) $NEW
|
nix store diff-closures $(readlink booted) $NEW
|
||||||
|
|
|
@ -141,7 +141,7 @@ lib.attrsets.mapAttrs
|
||||||
ssh ${target} -- bash -e <<EOF
|
ssh ${target} -- bash -e <<EOF
|
||||||
[[ \$(cat /etc/hostname) == ${name} ]]
|
[[ \$(cat /etc/hostname) == ${name} ]]
|
||||||
echo Copying data from Hydra to ${name}
|
echo Copying data from Hydra to ${name}
|
||||||
nix copy --from https://nix-serve.hq.c3d2.de \
|
nix copy --from https://nix-cache.hq.c3d2.de \
|
||||||
$TOPLEVEL
|
$TOPLEVEL
|
||||||
echo Activation on ${name}: "$@"
|
echo Activation on ${name}: "$@"
|
||||||
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
|
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
|
||||||
|
|
Loading…
Reference in New Issue
Block a user