Compare commits
3 commits
70e608a8f7
...
58325e30dd
Author | SHA1 | Date | |
---|---|---|---|
Pierre Bourdon | 58325e30dd | ||
Pierre Bourdon | 411d514ab9 | ||
Pierre Bourdon | f74d1ca0f6 |
|
@ -11,4 +11,11 @@
|
||||||
setNixPath = true;
|
setNixPath = true;
|
||||||
setFlakeRegistry = true;
|
setFlakeRegistry = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Use our cache and trust its signing key. Still use cache.nixos.org as
|
||||||
|
# fallback.
|
||||||
|
nix.settings.substituters = [ "https://bagel-cache.s3-web.delroth.net/" ];
|
||||||
|
nix.settings.trusted-public-keys = [
|
||||||
|
"cache.forkos.org:xfXIUJO1yiEITJmYsVmNDa9BFSlgTh/YqZ+4ei1EhQg="
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ let
|
||||||
|
|
||||||
secrets = with keys; {
|
secrets = with keys; {
|
||||||
hydra-s3-credentials = [ machines.bagel-box ];
|
hydra-s3-credentials = [ machines.bagel-box ];
|
||||||
|
hydra-signing-priv = [ machines.bagel-box ];
|
||||||
hydra-ssh-key-priv = [ machines.bagel-box ];
|
hydra-ssh-key-priv = [ machines.bagel-box ];
|
||||||
netbox-environment = [ machines.meta01 ];
|
netbox-environment = [ machines.meta01 ];
|
||||||
mimir-environment = [ machines.meta01 ];
|
mimir-environment = [ machines.meta01 ];
|
||||||
|
|
BIN
secrets/hydra-signing-priv.age
Normal file
BIN
secrets/hydra-signing-priv.age
Normal file
Binary file not shown.
|
@ -48,6 +48,9 @@ in {
|
||||||
|
|
||||||
age.secrets.hydra-s3-credentials.file = ../../secrets/hydra-s3-credentials.age;
|
age.secrets.hydra-s3-credentials.file = ../../secrets/hydra-s3-credentials.age;
|
||||||
|
|
||||||
|
age.secrets.hydra-signing-priv.owner = "hydra-queue-runner";
|
||||||
|
age.secrets.hydra-signing-priv.file = ../../secrets/hydra-signing-priv.age;
|
||||||
|
|
||||||
age.secrets.hydra-ssh-key-priv.owner = "hydra-queue-runner";
|
age.secrets.hydra-ssh-key-priv.owner = "hydra-queue-runner";
|
||||||
age.secrets.hydra-ssh-key-priv.file = ../../secrets/hydra-ssh-key-priv.age;
|
age.secrets.hydra-ssh-key-priv.file = ../../secrets/hydra-ssh-key-priv.age;
|
||||||
|
|
||||||
|
@ -59,7 +62,7 @@ in {
|
||||||
# XXX: Otherwise services.hydra-dev overwrites it to only hydra-queue-runner...
|
# XXX: Otherwise services.hydra-dev overwrites it to only hydra-queue-runner...
|
||||||
#
|
#
|
||||||
# Can be removed once this is added to some common config template.
|
# Can be removed once this is added to some common config template.
|
||||||
nix.settings.trusted-users = [ "root" "hydra" "@wheel" ];
|
nix.settings.trusted-users = [ "root" "hydra" "hydra-www" "@wheel" ];
|
||||||
|
|
||||||
services.hydra-dev = {
|
services.hydra-dev = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -90,7 +93,7 @@ in {
|
||||||
endpoint = "s3.delroth.net";
|
endpoint = "s3.delroth.net";
|
||||||
region = "garage";
|
region = "garage";
|
||||||
|
|
||||||
#secret-key = "TODO";
|
secret-key = config.age.secrets.hydra-signing-priv.path;
|
||||||
|
|
||||||
compression = "zstd";
|
compression = "zstd";
|
||||||
log-compression = "br";
|
log-compression = "br";
|
||||||
|
|
Loading…
Reference in a new issue