clerie/nixfiles
1
0
Fork 0
Code
77d10e4835
nixfiles/hosts/hydra-1/configuration.nix

98 lines
3.3 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../../configuration/proxmox-vm
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "hydra-1";
networking.useDHCP = false;
networking.interfaces.ens18.ipv6.addresses = [ { address = "2001:638:904:ffcb::a"; prefixLength = 64; } ];
networking.interfaces.ens19.ipv4.addresses = [ { address = "192.168.10.36"; prefixLength = 24; } ];
networking.defaultGateway6 = { address = "2001:638:904:ffcb::1"; interface = "ens18"; };
networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; };
networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
nix = {
settings.allowed-uris = "http:// https://";
distributedBuilds = true;
buildMachines = [
{
hostName = "hydra-2.net.clerie.de";
sshUser = "root";
system = "x86_64-linux";
sshKey = "/var/lib/hydra/id_ed25519";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSURaRUQ5UU0rcWU3c0I2UjZhdHZQNldOYUkyc0Mybmg3VFRzRDZrZ1JwbnIgcm9vdEBoeWRyYS0yCg==";
}
];
};
programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
services.hydra = {
enable = true;
port = 3001;
hydraURL = "https://hydra.clerie.de";
listenHost = "localhost";
notificationSender = "noreply@hydra.clerie.de";
useSubstitutes = true;
extraConfig = ''
binary_cache_public_uri = https://nix-cache.clerie.de
'';
};
services.nix-serve = {
enable = true;
port = 5005;
bindAddress = "127.0.0.1";
secretKeyFile = "/var/src/secrets/nix-serve/secret-key.key";
# Workaround https://github.com/NixOS/nix/issues/7704#issuecomment-1409480909
package = pkgs.nix-serve-ng.override {
nix = pkgs.nixVersions.nix_2_12;
};
};
services.nginx.enable = true;
services.nginx.virtualHosts = {
"hydra.clerie.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:3001";
};
};
};
"nix-cache.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."= /" = {
return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n nix.settings = {\n substituters = [\n "https://nix-cache.clerie.de"\n ];\n trusted-public-keys = [\n "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n ];\n }\n\nTry:\n\n nix build --substituters "https://nix-cache.clerie.de" \\\n --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' '';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
locations."/" = {
proxyPass = "http://127.0.0.1:5005";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
clerie.monitoring = {
enable = true;
id = "210";
pubkey = "bA7b+vRlfvbGma74+Tz+FHGcRKPe+oAOfXmuqDR4+Sc=";
};
system.stateVersion = "22.11";
}
View Git Blame Copy Permalink