{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ../../configuration/proxmox-vm ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; boot.binfmt.emulatedSystems = [ "armv6l-linux" "armv7l-linux" "aarch64-linux" ]; networking.hostName = "hydra-1"; networking.useDHCP = false; networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffcb::a"; prefixLength = 64; } ]; networking.interfaces.ens19.ipv4.addresses = [ { address = "192.168.10.36"; prefixLength = 24; } ]; networking.defaultGateway6 = { address = "2001:638:904:ffcb::1"; interface = "ens18"; }; networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; }; networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ]; nix = { settings.allowed-uris = "http:// https://"; distributedBuilds = true; buildMachines = [ { hostName = "localhost"; systems = [ "x86_64-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" ]; } { hostName = "hydra-2.net.clerie.de"; sshUser = "root"; systems = [ "x86_64-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" ]; sshKey = "/var/lib/hydra/id_ed25519"; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSURaRUQ5UU0rcWU3c0I2UjZhdHZQNldOYUkyc0Mybmg3VFRzRDZrZ1JwbnIgcm9vdEBoeWRyYS0yCg=="; } ]; }; programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1"; programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2"; services.openssh.settings = { PermitRootLogin = "yes"; }; users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1" ]; services.hydra = { enable = true; port = 3001; hydraURL = "https://hydra.clerie.de"; listenHost = "localhost"; notificationSender = "noreply@hydra.clerie.de"; useSubstitutes = true; extraConfig = '' binary_cache_public_uri = https://nix-cache.clerie.de ''; }; services.nix-serve = { enable = true; port = 5005; bindAddress = "127.0.0.1"; secretKeyFile = config.age.secrets.nix-cache-key.path; # Workaround https://github.com/NixOS/nix/issues/7704#issuecomment-1409480909 package = pkgs.nix-serve-ng.override { nix = pkgs.nixVersions.nix_2_12; }; }; services.nginx.enable = true; services.nginx.virtualHosts = { "hydra.clerie.de" = { enableACME = true; forceSSL = true; locations = { "/" = { proxyPass = "http://localhost:3001"; }; }; }; "nix-cache.clerie.de" = { enableACME = true; forceSSL = true; locations."= /" = { return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n nix.settings = {\n substituters = [\n "https://nix-cache.clerie.de"\n ];\n trusted-public-keys = [\n "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n ];\n }\n\nTry:\n\n nix build --substituters "https://nix-cache.clerie.de" \\\n --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' ''; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; ''; }; locations."/" = { proxyPass = "http://127.0.0.1:5005"; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; clerie.monitoring = { enable = true; id = "210"; pubkey = "bA7b+vRlfvbGma74+Tz+FHGcRKPe+oAOfXmuqDR4+Sc="; }; system.stateVersion = "22.11"; }