2024-08-16 06:55:49 +00:00
|
|
|
{ lib, ... }:
|
2024-08-13 17:48:04 +00:00
|
|
|
{
|
|
|
|
imports = [ ./hardware.nix ];
|
|
|
|
|
|
|
|
networking.hostName = "build-coord";
|
|
|
|
networking.domain = "wob01.infra.forkos.org";
|
|
|
|
|
|
|
|
bagel.sysadmin.enable = true;
|
|
|
|
|
2024-08-16 06:52:56 +00:00
|
|
|
bagel.services = {
|
|
|
|
hydra.enable = true;
|
2024-10-27 19:22:49 +00:00
|
|
|
# TODO: use the roles to avoid setting up builders which are not… builders!
|
|
|
|
hydra.builders = map (i: "bm-${builtins.toString i}") [4 10];
|
2024-12-14 20:47:50 +00:00
|
|
|
|
|
|
|
# Arguably, the build-coordinator is the most sensitive piece of our own infrastructure.
|
|
|
|
# Henceforth, it can run as well another sensitive piece of the system: the Vault.
|
|
|
|
vault = {
|
|
|
|
enable = true;
|
|
|
|
domain = "vault.forkos.org";
|
|
|
|
};
|
2024-08-16 06:52:56 +00:00
|
|
|
};
|
|
|
|
|
2024-09-30 11:36:15 +00:00
|
|
|
bagel.monitoring.exporters.hydra.enable = true;
|
|
|
|
|
2024-08-30 16:34:20 +00:00
|
|
|
# Hydra is proxied.
|
|
|
|
bagel.raito.v6-proxy-awareness.enable = true;
|
|
|
|
|
2024-08-13 17:48:04 +00:00
|
|
|
system.stateVersion = "24.05";
|
|
|
|
deployment.targetHost = "build-coord.wob01.infra.forkos.org";
|
|
|
|
}
|