forked from emily/nixfiles
added hydra sshkey to sops
This commit is contained in:
parent
ca8cbecec6
commit
e3ec78b937
3 changed files with 15 additions and 6 deletions
|
@ -1,4 +1,4 @@
|
||||||
{ config, inputs, ... }: {
|
{ config, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./nix-config.nix
|
./nix-config.nix
|
||||||
];
|
];
|
||||||
|
@ -6,6 +6,10 @@
|
||||||
owner = "hydra-queue-runner";
|
owner = "hydra-queue-runner";
|
||||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||||
};
|
};
|
||||||
|
sops.secrets."services/hydra/id_ed25519_hydra" = {
|
||||||
|
owner = "hydra-queue-runner";
|
||||||
|
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
services.hydra = {
|
services.hydra = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ ... }: {
|
{ config, ... }: {
|
||||||
nix.buildMachines = [
|
nix.buildMachines = [
|
||||||
{
|
{
|
||||||
hostName = "localhost";
|
hostName = "localhost";
|
||||||
|
@ -7,7 +7,7 @@
|
||||||
speedFactor = 40;
|
speedFactor = 40;
|
||||||
systems = [ "x86_64-linux" ];
|
systems = [ "x86_64-linux" ];
|
||||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
sshKey = "/var/lib/hydra/id_ed25519";
|
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostName = "integra.kyouma.net";
|
hostName = "integra.kyouma.net";
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
speedFactor = 8;
|
speedFactor = 8;
|
||||||
systems = [ "aarch64-linux" ];
|
systems = [ "aarch64-linux" ];
|
||||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
sshKey = "/var/lib/hydra/id_ed25519";
|
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
|
@ -27,7 +27,11 @@
|
||||||
"https://"
|
"https://"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
|
||||||
|
];
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
|
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
|
||||||
|
knownHosts."localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
services:
|
services:
|
||||||
hydra:
|
hydra:
|
||||||
signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str]
|
signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str]
|
||||||
|
id_ed25519_hydra: ENC[AES256_GCM,data:7dmdHA/bLBQunNjaCwT1zb2CmuLVdUiFunkGpaGJXvnzHsVnWOdy9O5p+zIAiGeg3awNjn8jlH9KJiUk5W5X55caPlhDnFOhx77zW684vJAWViHK3Iu84XJ/sL33a547c4lLPgT5dLTMY4JDtNQCk0hV1BdsRwU9rpDvkuGaT2mewu8xCpyueV++wwDfy6e3HXRxPlXHkvE77FCFgDXW5tCH/q+UDOS59WkERT8SFwy8t1ILTUt07rdyhIQmykPo5nPatrPuV9TD/60R9pcxA6w88HeZzi36q3GfJVEKJ/MdFdzvShX1ayhfojVkCRptMxwyu/9MYigqvENgOvnV6N+0JKbJWpkDUldUUEFCZFl2EAoSVb+QGP3S6Bro5x2b3AjHRDW5fUmldEQQUDG6UO+zbXnUeziH2kairqrQAj4UMyZSumiLV3P9d3LYZy7wCza68lklcupbhap5lxgXJhNAz1ScHOPgzQpmLw0bxiLDX1oHhPPZtBNc3t4wGlQyNuKUTXzhrn3L5dBdSmZ3,iv:Ftw3hBUcvY/nW9LiBFUbhHOpv7KIbkdEcIp3Si4oM1Q=,tag:QqUDYFcJ6bq2l2Q09klXdQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -16,8 +17,8 @@ sops:
|
||||||
enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ
|
enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ
|
||||||
YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ==
|
YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-05-11T09:08:54Z"
|
lastmodified: "2024-05-14T12:01:05Z"
|
||||||
mac: ENC[AES256_GCM,data:0bz8sifK6lwpLI7GYsLneXPw7f+bnskHdtzECKz9p7x+lMBz/LP+dSz9VOnULKI8b+Xk9YCWAqZuJyjeahsZji0QGLB/BSxo7FLjiWPpjwas0zBNqNwP10M9ZPtTEDTazzwT/MF7LZtypL6u66RORgSkLK47FcZoVKJjZDKBP4c=,iv:G9lAoE5vjSlWTHTd74/LIgLO85HdExCIDZz8giJr4ho=,tag:67ZHrw+SS/Nwrc+xRVfySw==,type:str]
|
mac: ENC[AES256_GCM,data:CvaqYz0wwU0i9tQ6DoLJwAfX5+IuPtnoc0tRtYAe1dLhszDqSv+VXRYtjwoM5jAIpYcHTN6w90pZkDXNEtluHDSmy1WlDEGhRo/rMuVi12le7iTPZ6G380/bUrE4PqKxYo6Kg2esAXZTXFdM0Om1oqcBfOywrCOPpx1ioIOxEQ8=,iv:l++0F1jTIjcqXUAKF5N63PJtNZgUeRQT7H3FV87/nZA=,tag:icTc376kY2+CPLtnvlaUUA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-05-10T18:05:16Z"
|
- created_at: "2024-05-10T18:05:16Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
Loading…
Reference in a new issue