hydra: provide S3 and SSH credentials (via agenix)
This commit is contained in:
parent
04bd33e32c
commit
73aecaef41
|
@ -5,6 +5,7 @@ let
|
||||||
|
|
||||||
secrets = with keys; {
|
secrets = with keys; {
|
||||||
hydra-s3-credentials = [ machines.bagel-box ];
|
hydra-s3-credentials = [ machines.bagel-box ];
|
||||||
|
hydra-ssh-key-priv = [ machines.bagel-box ];
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
builtins.listToAttrs (
|
builtins.listToAttrs (
|
||||||
|
|
BIN
secrets/hydra-ssh-key-priv.age
Normal file
BIN
secrets/hydra-ssh-key-priv.age
Normal file
Binary file not shown.
|
@ -20,6 +20,11 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
age.secrets.hydra-s3-credentials.file = ../../secrets/hydra-s3-credentials.age;
|
||||||
|
|
||||||
|
age.secrets.hydra-ssh-key-priv.owner = "hydra-queue-runner";
|
||||||
|
age.secrets.hydra-ssh-key-priv.file = ../../secrets/hydra-ssh-key-priv.age;
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d /var/cache/hydra 0755 hydra hydra - -"
|
"d /var/cache/hydra 0755 hydra hydra - -"
|
||||||
"d ${narCacheDir} 0755 hydra hydra 1d -"
|
"d ${narCacheDir} 0755 hydra hydra 1d -"
|
||||||
|
@ -42,6 +47,12 @@ in {
|
||||||
|
|
||||||
notificationSender = "bagel@delroth.net";
|
notificationSender = "bagel@delroth.net";
|
||||||
|
|
||||||
|
buildMachinesFiles = [
|
||||||
|
(pkgs.writeText "hydra-builders.conf" ''
|
||||||
|
ssh://bagel-builder@epyc.infra.newtype.fr x86_64-linux ${config.age.secrets.hydra-ssh-key-priv.path} 8 1 big-parallel,kvm,nixos-test - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUJwcFBwKzhsdDFSTDNodW5aaGlXRUUvY1laaHJXYjFzaVhKVWpiU2l6Rzggcm9vdEBlcHljCg==
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
store_uri = s3://bagel-cache?${mkCacheSettings {
|
store_uri = s3://bagel-cache?${mkCacheSettings {
|
||||||
endpoint = "s3.delroth.net";
|
endpoint = "s3.delroth.net";
|
||||||
|
@ -73,9 +84,8 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."hydra-s3-credentials".file = ../../secrets/hydra-s3-credentials.age;
|
|
||||||
systemd.services.hydra-queue-runner.serviceConfig.EnvironmentFile =
|
systemd.services.hydra-queue-runner.serviceConfig.EnvironmentFile =
|
||||||
config.age.secrets."hydra-s3-credentials".path;
|
config.age.secrets.hydra-s3-credentials.path;
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in a new issue