clerie/nixfiles
1
0
Fork 0
Code

Update from updated-inputs-2024-04-23-01-03

Browse Source
This commit is contained in:
clerie 2024-04-23 03:04:05 +02:00
commit c3b8b09919
7 changed files with 122 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
configuration/hydra-build-machine/default.nix Normal file
View File

@ -0,0 +1,16 @@
{ ... }:
{
# Allow Hydra to fetch remote URLs in restricted mode
nix.settings.allowed-uris = "http: https: git+https: github:";
services.openssh.settings= {
PermitRootLogin = "yes";
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
];
}

6
flake.lock
View File

@ -283,11 +283,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1713537308, "lastModified": 1713714899,
"narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
"type": "github" "type": "github"
}, },
"original": { "original": {

36
hosts/hydra-1/build-machines.nix Normal file
View File

@ -0,0 +1,36 @@
{ ... }:
{
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "hydra-1.net.clerie.de";
sshUser = "root";
systems = [
"x86_64-linux"
"armv6l-linux"
"armv7l-linux"
"aarch64-linux"
];
sshKey = "/var/lib/hydra/id_ed25519";
}
{
hostName = "hydra-2.net.clerie.de";
sshUser = "root";
systems = [
"x86_64-linux"
"armv6l-linux"
"armv7l-linux"
"aarch64-linux"
];
sshKey = "/var/lib/hydra/id_ed25519";
}
];
};
programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
}

92
hosts/hydra-1/configuration.nix
View File

@ -5,6 +5,11 @@
[ [
./hardware-configuration.nix ./hardware-configuration.nix
../../configuration/proxmox-vm ../../configuration/proxmox-vm
../../configuration/hydra-build-machine
./build-machines.nix
./hydra.nix
./nix-cache.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -25,94 +30,7 @@
networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; }; networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; };
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ]; networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
nix = {
settings.allowed-uris = "http: https: git+https: github:";
distributedBuilds = true;
buildMachines = [
{
hostName = "localhost";
systems = [
"x86_64-linux"
"armv6l-linux"
"armv7l-linux"
"aarch64-linux"
];
}
{
hostName = "hydra-2.net.clerie.de";
sshUser = "root";
systems = [
"x86_64-linux"
"armv6l-linux"
"armv7l-linux"
"aarch64-linux"
];
sshKey = "/var/lib/hydra/id_ed25519";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSURaRUQ5UU0rcWU3c0I2UjZhdHZQNldOYUkyc0Mybmg3VFRzRDZrZ1JwbnIgcm9vdEBoeWRyYS0yCg==";
}
];
};
programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
services.openssh.settings = {
PermitRootLogin = "yes";
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
];
services.hydra = {
enable = true;
port = 3001;
hydraURL = "https://hydra.clerie.de";
listenHost = "localhost";
notificationSender = "noreply@hydra.clerie.de";
useSubstitutes = true;
extraConfig = ''
binary_cache_public_uri = https://nix-cache.clerie.de
'';
};
services.harmonia = {
enable = true;
settings.bind = "[::1]:5005";
signKeyPath = config.sops.secrets.nix-cache-key.path;
};
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts = {
"hydra.clerie.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:3001";
};
};
};
"nix-cache.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."= /" = {
return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n nix.settings = {\n substituters = [\n "https://nix-cache.clerie.de"\n ];\n trusted-public-keys = [\n "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n ];\n }\n\nTry:\n\n nix build --substituters "https://nix-cache.clerie.de" \\\n --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' '';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
locations."/" = {
proxyPass = "http://[::1]:5005";
extraConfig = ''
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];

28
hosts/hydra-1/hydra.nix Normal file
View File

@ -0,0 +1,28 @@
{ ... }:
{
services.hydra = {
enable = true;
port = 3001;
hydraURL = "https://hydra.clerie.de";
listenHost = "localhost";
notificationSender = "noreply@hydra.clerie.de";
useSubstitutes = true;
extraConfig = ''
binary_cache_public_uri = https://nix-cache.clerie.de
'';
};
services.nginx.virtualHosts = {
"hydra.clerie.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:3001";
};
};
};
};
}

33
hosts/hydra-1/nix-cache.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
services.harmonia = {
enable = true;
settings.bind = "[::1]:5005";
signKeyPath = config.sops.secrets.nix-cache-key.path;
};
services.nginx.virtualHosts = {
"nix-cache.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."= /" = {
return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n nix.settings = {\n substituters = [\n "https://nix-cache.clerie.de"\n ];\n trusted-public-keys = [\n "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n ];\n }\n\nTry:\n\n nix build --substituters "https://nix-cache.clerie.de" \\\n --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' '';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
locations."/" = {
proxyPass = "http://[::1]:5005";
extraConfig = ''
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
};
};
}

12
hosts/hydra-2/configuration.nix
View File

@ -5,6 +5,7 @@
[ [
./hardware-configuration.nix ./hardware-configuration.nix
../../configuration/proxmox-vm ../../configuration/proxmox-vm
../../configuration/hydra-build-machine
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -25,17 +26,6 @@
networking.defaultGateway = { address = "141.24.50.1"; interface = "ens18"; }; networking.defaultGateway = { address = "141.24.50.1"; interface = "ens18"; };
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ]; networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
# Allow Hydra to fetch remote URLs in restricted mode
nix.settings.allowed-uris = "http: https: git+https: github:";
services.openssh.settings= {
PermitRootLogin = "yes";
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
];
clerie.monitoring = { clerie.monitoring = {
enable = true; enable = true;
id = "211"; id = "211";