darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge pull request #151 from DarkKirb/add-native-aarch64-builder

Browse source 
fix stuff
This commit is contained in:
Charlotte 🦝 Delenk 2023-01-14 22:33:23 +01:00 committed by GitHub
commit 61fb98399e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 22 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
config/default.nix
View file

@ -74,10 +74,17 @@
key = "aws/credentials"; key = "aws/credentials";
path = "/root/.aws/credentials"; path = "/root/.aws/credentials";
}; };
sops.secrets."ssh/builder_id_ed25519" = { sops.secrets."root/ssh/builder_id_ed25519" = {
sopsFile = ../secrets/shared.yaml; sopsFile = ../secrets/shared.yaml;
owner = "root"; owner = "root";
key = "ssh/builder_id_ed25519"; key = "ssh/builder_id_ed25519";
path = "/root/.ssh/builder_id_ed25519";
};
sops.secrets."darkkirb/ssh/builder_id_ed25519" = {
sopsFile = ../secrets/shared.yaml;
owner = "darkkirb";
key = "ssh/builder_id_ed25519";
path = "/home/darkkirb/.ssh/builder_id_ed25519";
}; };
networking.nameservers = ["fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49" "fd0d:a262:1fa6:e621:746d:4523:5c04:1453"]; networking.nameservers = ["fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49" "fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];

2
config/nix.nix
View file

@ -22,7 +22,7 @@ in {
nix = { nix = {
settings = { settings = {
sandbox = true; sandbox = true;
trusted-users = ["@wheel"]; trusted-users = ["@wheel" "remote-build"];
require-sigs = true; require-sigs = true;
builders-use-substitutes = true; builders-use-substitutes = true;
substituters = [ substituters = [

8
config/programs/builders.nix
View file

@ -1,25 +1,25 @@
_: { {config, ...}: {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"build-nas" = { "build-nas" = {
hostname = "nas.int.chir.rs"; hostname = "nas.int.chir.rs";
identitiesOnly = true; identitiesOnly = true;
identityFile = "/run/secrets/builder_id_ed25519"; identityFile = "${config.home.homeDirectory}/.ssh/builder_id_ed25519";
port = 22; port = 22;
user = "remote-build"; user = "remote-build";
}; };
"build-pc" = { "build-pc" = {
hostname = "nutty-noon.int.chir.rs"; hostname = "nutty-noon.int.chir.rs";
identitiesOnly = true; identitiesOnly = true;
identityFile = "/run/secrets/builder_id_ed25519"; identityFile = "${config.home.homeDirectory}/.ssh/builder_id_ed25519";
port = 22; port = 22;
user = "remote-build"; user = "remote-build";
}; };
"build-aarch64" = { "build-aarch64" = {
hostname = "instance-20221213-1915.int.chir.rs"; hostname = "instance-20221213-1915.int.chir.rs";
identitiesOnly = true; identitiesOnly = true;
identityFile = "/run/secrets/builder_id_ed25519"; identityFile = "${config.home.homeDirectory}/.builder_id_ed25519";
port = 22; port = 22;
user = "remote-build"; user = "remote-build";
}; };

3
config/programs/ssh.nix
View file

@ -1,4 +1,7 @@
_: { _: {
imports = [
./builders.nix
];
programs.ssh = { programs.ssh = {
controlMaster = "auto"; controlMaster = "auto";
controlPersist = "10m"; controlPersist = "10m";

7
config/services/hydra.nix
View file

@ -122,5 +122,10 @@ in {
}; };
}; };
nix.settings.trusted-users = ["@hydra"]; nix.settings.trusted-users = ["@hydra"];
sops.secrets."ssh/builder_id_ed25519".owner = lib.mkForce "hydra"; sops.secrets."hydra/ssh/builder_id_ed25519" = {
sopsFile = ../../secrets/shared.yaml;
owner = "hydra";
key = "ssh/builder_id_ed25519";
path = "/var/lib/hydra/.ssh/builder_id_ed25519";
};
} }