darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge pull request #151 from DarkKirb/add-native-aarch64-builder

Browse source 
fix stuff
This commit is contained in:
Charlotte 🦝 Delenk 2023-01-14 22:33:23 +01:00 committed by GitHub
commit 61fb98399e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 22 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
config/default.nix
View file

@ -74,10 +74,17 @@
key = "aws/credentials";
path = "/root/.aws/credentials";
};
sops.secrets."ssh/builder_id_ed25519" = {
sops.secrets."root/ssh/builder_id_ed25519" = {
sopsFile = ../secrets/shared.yaml;
owner = "root";
key = "ssh/builder_id_ed25519";
path = "/root/.ssh/builder_id_ed25519";
};
sops.secrets."darkkirb/ssh/builder_id_ed25519" = {
sopsFile = ../secrets/shared.yaml;
owner = "darkkirb";
key = "ssh/builder_id_ed25519";
path = "/home/darkkirb/.ssh/builder_id_ed25519";
};
networking.nameservers = ["fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49" "fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];

2
config/nix.nix
View file

@ -22,7 +22,7 @@ in {
nix = {
settings = {
sandbox = true;
trusted-users = ["@wheel"];
trusted-users = ["@wheel" "remote-build"];
require-sigs = true;
builders-use-substitutes = true;
substituters = [

8
config/programs/builders.nix
View file

@ -1,25 +1,25 @@
_: {
{config, ...}: {
programs.ssh = {
enable = true;
matchBlocks = {
"build-nas" = {
hostname = "nas.int.chir.rs";
identitiesOnly = true;
identityFile = "/run/secrets/builder_id_ed25519";
identityFile = "${config.home.homeDirectory}/.ssh/builder_id_ed25519";
port = 22;
user = "remote-build";
};
"build-pc" = {
hostname = "nutty-noon.int.chir.rs";
identitiesOnly = true;
identityFile = "/run/secrets/builder_id_ed25519";
identityFile = "${config.home.homeDirectory}/.ssh/builder_id_ed25519";
port = 22;
user = "remote-build";
};
"build-aarch64" = {
hostname = "instance-20221213-1915.int.chir.rs";
identitiesOnly = true;
identityFile = "/run/secrets/builder_id_ed25519";
identityFile = "${config.home.homeDirectory}/.builder_id_ed25519";
port = 22;
user = "remote-build";
};

3
config/programs/ssh.nix
View file

@ -1,4 +1,7 @@
_: {
imports = [
./builders.nix
];
programs.ssh = {
controlMaster = "auto";
controlPersist = "10m";

7
config/services/hydra.nix
View file

@ -122,5 +122,10 @@ in {
};
};
nix.settings.trusted-users = ["@hydra"];
sops.secrets."ssh/builder_id_ed25519".owner = lib.mkForce "hydra";
sops.secrets."hydra/ssh/builder_id_ed25519" = {
sopsFile = ../../secrets/shared.yaml;
owner = "hydra";
key = "ssh/builder_id_ed25519";
path = "/var/lib/hydra/.ssh/builder_id_ed25519";
};
}