Compare commits
3 Commits
7ead072e53
...
8ba55f1049
Author | SHA1 | Date | |
---|---|---|---|
8ba55f1049 | |||
c7769eaecb | |||
2d45cb826b |
36
hosts/hydra-1/build-machines.nix
Normal file
36
hosts/hydra-1/build-machines.nix
Normal file
@ -0,0 +1,36 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
|
||||
nix = {
|
||||
distributedBuilds = true;
|
||||
buildMachines = [
|
||||
{
|
||||
hostName = "hydra-1.net.clerie.de";
|
||||
sshUser = "root";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"armv6l-linux"
|
||||
"armv7l-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
sshKey = "/var/lib/hydra/id_ed25519";
|
||||
}
|
||||
{
|
||||
hostName = "hydra-2.net.clerie.de";
|
||||
sshUser = "root";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"armv6l-linux"
|
||||
"armv7l-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
sshKey = "/var/lib/hydra/id_ed25519";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
|
||||
programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
|
||||
|
||||
}
|
@ -6,6 +6,10 @@
|
||||
./hardware-configuration.nix
|
||||
../../configuration/proxmox-vm
|
||||
../../configuration/hydra-build-machine
|
||||
|
||||
./build-machines.nix
|
||||
./hydra.nix
|
||||
./nix-cache.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
@ -26,86 +30,7 @@
|
||||
networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; };
|
||||
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
|
||||
|
||||
nix = {
|
||||
distributedBuilds = true;
|
||||
buildMachines = [
|
||||
{
|
||||
hostName = "hydra-1.net.clerie.de";
|
||||
sshUser = "root";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"armv6l-linux"
|
||||
"armv7l-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
sshKey = "/var/lib/hydra/id_ed25519";
|
||||
}
|
||||
{
|
||||
hostName = "hydra-2.net.clerie.de";
|
||||
sshUser = "root";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"armv6l-linux"
|
||||
"armv7l-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
sshKey = "/var/lib/hydra/id_ed25519";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
|
||||
programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
|
||||
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
port = 3001;
|
||||
hydraURL = "https://hydra.clerie.de";
|
||||
listenHost = "localhost";
|
||||
notificationSender = "noreply@hydra.clerie.de";
|
||||
useSubstitutes = true;
|
||||
extraConfig = ''
|
||||
binary_cache_public_uri = https://nix-cache.clerie.de
|
||||
'';
|
||||
};
|
||||
|
||||
services.harmonia = {
|
||||
enable = true;
|
||||
settings.bind = "[::1]:5005";
|
||||
signKeyPath = config.sops.secrets.nix-cache-key.path;
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
services.nginx.virtualHosts = {
|
||||
"hydra.clerie.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://localhost:3001";
|
||||
};
|
||||
};
|
||||
};
|
||||
"nix-cache.clerie.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."= /" = {
|
||||
return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n nix.settings = {\n substituters = [\n "https://nix-cache.clerie.de"\n ];\n trusted-public-keys = [\n "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n ];\n }\n\nTry:\n\n nix build --substituters "https://nix-cache.clerie.de" \\\n --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' '';
|
||||
extraConfig = ''
|
||||
types { } default_type "text/plain; charset=utf-8";
|
||||
'';
|
||||
};
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:5005";
|
||||
extraConfig = ''
|
||||
proxy_redirect http:// https://;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
|
28
hosts/hydra-1/hydra.nix
Normal file
28
hosts/hydra-1/hydra.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
port = 3001;
|
||||
hydraURL = "https://hydra.clerie.de";
|
||||
listenHost = "localhost";
|
||||
notificationSender = "noreply@hydra.clerie.de";
|
||||
useSubstitutes = true;
|
||||
extraConfig = ''
|
||||
binary_cache_public_uri = https://nix-cache.clerie.de
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"hydra.clerie.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://localhost:3001";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
33
hosts/hydra-1/nix-cache.nix
Normal file
33
hosts/hydra-1/nix-cache.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
services.harmonia = {
|
||||
enable = true;
|
||||
settings.bind = "[::1]:5005";
|
||||
signKeyPath = config.sops.secrets.nix-cache-key.path;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"nix-cache.clerie.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."= /" = {
|
||||
return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n nix.settings = {\n substituters = [\n "https://nix-cache.clerie.de"\n ];\n trusted-public-keys = [\n "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n ];\n }\n\nTry:\n\n nix build --substituters "https://nix-cache.clerie.de" \\\n --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' '';
|
||||
extraConfig = ''
|
||||
types { } default_type "text/plain; charset=utf-8";
|
||||
'';
|
||||
};
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:5005";
|
||||
extraConfig = ''
|
||||
proxy_redirect http:// https://;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user