forked from emily/nixfiles
added hydra and attic
This commit is contained in:
parent
60f1cff5d7
commit
ade23eeb45
7 changed files with 214 additions and 8 deletions
|
@ -3,8 +3,6 @@
|
|||
../../common
|
||||
../../profiles/builder.nix
|
||||
../../profiles/headless.nix
|
||||
../../services/forgejo.nix
|
||||
../../services/nginx.nix
|
||||
./hardware-configuration.nix
|
||||
./disko.nix
|
||||
];
|
||||
|
|
|
@ -5,11 +5,15 @@
|
|||
../../profiles/headless.nix
|
||||
../../profiles/kartoffel.nix
|
||||
../../profiles/lxc.nix
|
||||
../../services/nginx.nix
|
||||
../../services/attic.nix
|
||||
../../services/hydra.nix
|
||||
];
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
||||
|
||||
networking = {
|
||||
hostName = "seras";
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
address = [
|
||||
|
|
44
config/services/attic.nix
Normal file
44
config/services/attic.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
{ config, inputs, ... }: {
|
||||
imports = [
|
||||
inputs.attic.nixosModules.atticd
|
||||
];
|
||||
sops.secrets."services/attic/credentialsFile" = {
|
||||
sopsFile = ../../secrets/services/attic.yaml;
|
||||
};
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
credentialsFile = config.sops.secrets."services/attic/credentialsFile".path;
|
||||
settings = {
|
||||
listen = "[::1]:8080";
|
||||
allowed-hosts = [ "cache.kyouma.net" ];
|
||||
api-endpoint = "https://cache.kyouma.net/";
|
||||
chunking = {
|
||||
nar-size-threshold = 1024 * 128;
|
||||
min-size = 1024 * 64;
|
||||
avg-size = 1024 * 128;
|
||||
max-size = 1024 * 256;
|
||||
};
|
||||
database.url = "postgresql:///atticd?host=/run/postgresql";
|
||||
garbage-collection = {
|
||||
interval = "12 hours";
|
||||
default-retention-period = "3 months";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "atticd" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "atticd";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
kyouma.nginx.virtualHosts."cache.kyouma.net" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:8080";
|
||||
};
|
||||
};
|
||||
security.acme.certs."cache.kyouma.net" = {};
|
||||
}
|
41
config/services/hydra.nix
Normal file
41
config/services/hydra.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ config, ... }: {
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "https://hydra.kyouma.net";
|
||||
listenHost = "localhost";
|
||||
notificationSender = "hydra@hydra.kyouma.net";
|
||||
minimumDiskFree = 2;
|
||||
useSubstitutes = true;
|
||||
};
|
||||
nix.buildMachines = [
|
||||
{
|
||||
hostName = "localhost";
|
||||
maxJobs = 40;
|
||||
speedFactor = 40;
|
||||
systems = [ "x86_64-linux" "x86_64-darwin" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
}
|
||||
{
|
||||
hostName = "integra.kyouma.net";
|
||||
sshUser = "build";
|
||||
maxJobs = 4;
|
||||
speedFactor = 8;
|
||||
systems = [ "aarch64-linux" "aarch64-darwin" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
}
|
||||
];
|
||||
nix.settings.allowed-uris = [
|
||||
"github:"
|
||||
"git+https://"
|
||||
"git+ssh://"
|
||||
];
|
||||
programs.ssh = {
|
||||
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
|
||||
};
|
||||
kyouma.nginx.virtualHosts."hydra.kyouma.net" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3000";
|
||||
};
|
||||
};
|
||||
security.acme.certs."hydra.kyouma.net" = {};
|
||||
}
|
92
flake.lock
92
flake.lock
|
@ -1,5 +1,31 @@
|
|||
{
|
||||
"nodes": {
|
||||
"attic": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711742460,
|
||||
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16": {
|
||||
"inputs": {
|
||||
"fromYaml": "fromYaml"
|
||||
|
@ -163,6 +189,27 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"attic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1702918879,
|
||||
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"devshell": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
|
@ -251,6 +298,22 @@
|
|||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
|
@ -264,7 +327,7 @@
|
|||
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
|
@ -280,7 +343,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake-compat_4": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
|
@ -522,6 +585,22 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1711460390,
|
||||
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1711819797,
|
||||
"narHash": "sha256-tNeB6emxj74Y6ctwmsjtMlzUMn458sBmwnD35U5KIM4=",
|
||||
|
@ -556,7 +635,7 @@
|
|||
"nixvim": {
|
||||
"inputs": {
|
||||
"devshell": "devshell",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts",
|
||||
"home-manager": [
|
||||
"home-manager"
|
||||
|
@ -583,7 +662,7 @@
|
|||
},
|
||||
"pre-commit-hooks": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": [
|
||||
|
@ -611,6 +690,7 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"attic": "attic",
|
||||
"disko": "disko",
|
||||
"dns": "dns",
|
||||
"fernglas": "fernglas",
|
||||
|
@ -629,7 +709,7 @@
|
|||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711855048,
|
||||
|
@ -656,7 +736,7 @@
|
|||
"base16-kitty": "base16-kitty",
|
||||
"base16-tmux": "base16-tmux",
|
||||
"base16-vim": "base16-vim",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"gnome-shell": "gnome-shell",
|
||||
"home-manager": [
|
||||
"home-manager"
|
||||
|
|
|
@ -4,6 +4,11 @@
|
|||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
attic = {
|
||||
url = "github:zhaofengli/attic";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
34
secrets/services/attic.yaml
Normal file
34
secrets/services/attic.yaml
Normal file
|
@ -0,0 +1,34 @@
|
|||
services:
|
||||
attic:
|
||||
credentialsFile: ENC[AES256_GCM,data:9w+wf4g2DJLzbZOXIy3Gjz9iaFuP5q7F5Up91WgnU8djueFEDOWcIeyGvxEXNUG/lQvLuYwnGzIQ875NaHd5FyaGOCOrkBfleBg4Z/zBwAiHqAb1yI88AZ1VpE7aaoQVk8Ddo2JEi2WvNC5N1U1uJaIrVOVS6nMB8vcZP6YUqff0,iv:0wk2qObmHteJzEChE4Ay/E+SBwvtXXyblsRCOUYiYhE=,tag:Qtom826Rm92+oBRQ3TVbIQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0bUIyN0FmWjBhWlh5a3dO
|
||||
NGFtdE5hWUtEdXE5SDhGRFRib3lwRzhyWkJvCm16dGx3eEJwYzBkaURCK2U2QmpV
|
||||
Qmpqb3RYT1hWTmJ2djJaL0haeWxhcTgKLS0tIGQ3bjZ0a0FBam8yM1lwRi9xSGtS
|
||||
Q29GdXMvSDhrak5aNVpJaEZjYmozdFEKyHO/0mD5Kj715WwekkbcCG0x0fpWUIxf
|
||||
80epOEma+/osKWej3bQHyltMM6x6sqobotoOYV7s/GiPINMN6yc26A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-20T18:41:53Z"
|
||||
mac: ENC[AES256_GCM,data:iuy5JcShAVYbSe5tEWfNZI7sLzrBdu/UWtYLKCPgxKP3aCNHMjPUErlsn/w73KrKVRxi/BogvMi1XHjxx7oYVKQMIQufmLZDXF9eMyv7/I/YsvZ6nmlYRJQ9uOKMJwTaZb4ywBF/m1nOMahBNeMl4rZDBHdsPKT+jPMzkfpnc8I=,iv:h08X9FYnnRPao/joFX5zqmQtcctgJUUg2GxMHUWzeMU=,tag:zUbrCyZ1uEG+WzjnhrRvIQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-04-20T18:39:08Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4D1GtNSlou/HkSAQdAn2OOgqkcyShSUKYNBkO6guqEHVAhFyb1q9jdPIq/VmUw
|
||||
5EZjRVp7K88/vvoUGKD7fdcBwYWMgy+L8b0dlRE4jCR6frrVByiNeCTlnboM0rXP
|
||||
0l4B8OPnSgPPOWzUKK8fl20zGRoFFcWx4FeRtNdKfX3LCqA7wcFUOwH+ibtCIBcF
|
||||
JO9KifMFSFnFUN1Ce6DCoNXeKhPtI5xeXDaWhR5YQpIYwjhrv040nFFGn2u7xuA4
|
||||
=HrNg
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
Loading…
Reference in a new issue