magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-25 17:46:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add nix signing key to hydra

Browse source 
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
magic_rb 2023-11-18 14:09:40 +01:00
parent a62e03f81b
commit 3fc53def4d
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
2 changed files with 122 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
nixng/containers/hydra/hydra.nix
View file

@ -1,13 +1,19 @@
{ makeSystem {
, nixpkgs makeSystem,
, hydra nixpkgs,
hydra,
}: }:
makeSystem { makeSystem {
system = "x86_64-linux"; system = "x86_64-linux";
name = "nixng-hydra"; name = "nixng-hydra";
inherit nixpkgs; inherit nixpkgs;
config = { pkgs, config, lib, nglib, ... }: config = {
{ pkgs,
config,
lib,
nglib,
...
}: {
config = { config = {
dumb-init = { dumb-init = {
enable = true; enable = true;
@ -35,6 +41,7 @@ makeSystem {
builders-use-substitutes = true; builders-use-substitutes = true;
builders = "@/etc/nix/machines"; builders = "@/etc/nix/machines";
secret-key-files = "/secrets/nix-key.private";
extra-platforms = ["i686-linux" "aarch64-linux"]; extra-platforms = ["i686-linux" "aarch64-linux"];
}; };
}; };
@ -72,19 +79,19 @@ makeSystem {
}; };
services.crond.crontabs.autogc = { services.crond.crontabs.autogc = {
jobs = jobs = let
let storegc =
storegc = pkgs.writeShellScript "storegc" pkgs.writeShellScript "storegc"
'' ''
nix-collect-garbage -d nix-collect-garbage -d
''; '';
in in [
[
"0 4 * * * ${storegc}" "0 4 * * * ${storegc}"
]; ];
}; };
init.services.nix-daemon.environment.PATH = with pkgs; lib.makeBinPath [ init.services.nix-daemon.environment.PATH = with pkgs;
lib.makeBinPath [
utillinux utillinux
runit runit
busybox busybox
@ -92,8 +99,7 @@ makeSystem {
gzip gzip
]; ];
system.activation = system.activation = let
let
machines = pkgs.writeText "machines" '' machines = pkgs.writeText "machines" ''
eu.nixbuild.net x86_64-linux,aarch64-linux,i686-linux - 100 5 benchmark,big-parallel eu.nixbuild.net x86_64-linux,aarch64-linux,i686-linux - 100 5 benchmark,big-parallel
localhost x86_64-linux - 2 1 benchmark,big-parallel,kvm,nixos-test,local localhost x86_64-linux - 2 1 benchmark,big-parallel,kvm,nixos-test,local
@ -128,8 +134,7 @@ makeSystem {
chmod 600 /ssh-key chmod 600 /ssh-key
chown hydra-queue-runner:root /ssh-key chown hydra-queue-runner:root /ssh-key
''; '';
in in {
{
inherit ssh-key ssh nix-machines; inherit ssh-key ssh nix-machines;
}; };
}; };

8
terranix/containers/hydra/job.hcl
View file

@ -158,6 +158,14 @@ EOF
destination = "secrets/pgpass-queue-runner" destination = "secrets/pgpass-queue-runner"
perms = "400" perms = "400"
} }
template {
data = <<EOF
{{ with secret "kv/data/cluster/hydra" }}{{ .Data.data.nix_signing_key }}{{ end }}
EOF
destination = "secrets/nix-key.private"
perms = "400"
}
} }
task "postgresql" { task "postgresql" {