raito
f4588aff2b
This introduces the private SSH key for Gerrit event streaming. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
64 lines
1.6 KiB
Nix
64 lines
1.6 KiB
Nix
{ config, lib, ... }:
|
|
|
|
{
|
|
boot.isContainer = true;
|
|
|
|
# XXX: There's currently no way to remove the "problematic" entries (trying
|
|
# to override the /proc, /sys, /dev, ... mounts from systemd-nspawn) while
|
|
# also keeping the entry for the wrappers dir.
|
|
boot.specialFileSystems = lib.mkForce {
|
|
"/run/wrappers" = {
|
|
fsType = "tmpfs";
|
|
options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
|
|
};
|
|
};
|
|
|
|
boot.loader.initScript.enable = true;
|
|
|
|
networking = {
|
|
useNetworkd = true;
|
|
useHostResolvConf = false;
|
|
|
|
hostName = "bagel-box";
|
|
domain = "infra.forkos.org";
|
|
nameservers = [ "2001:4860:4860::8844" ];
|
|
|
|
interfaces.host0.ipv6.addresses = [
|
|
{ address = "2001:bc8:38ee:100:100::1"; prefixLength = 64; }
|
|
];
|
|
|
|
interfaces.host1.ipv4.addresses = [
|
|
{ address = "172.16.100.2"; prefixLength = 24; }
|
|
];
|
|
defaultGateway = { address = "172.16.100.1"; interface = "host1"; };
|
|
|
|
firewall.allowPing = true;
|
|
};
|
|
|
|
bagel.services = {
|
|
postgres.enable = true;
|
|
ofborg = {
|
|
rabbitmq.enable = true;
|
|
pastebin.enable = true;
|
|
# TODO: statcheck.enable = true;
|
|
|
|
mass-rebuilder.enable = true;
|
|
# TODO: enable once ready.
|
|
builder.enable = false;
|
|
|
|
gerrit-event-streamer.enable = true;
|
|
gerrit-generic-vcs-filter.enable = true;
|
|
|
|
# FIXME: plug into our prometheus stack.
|
|
stats.enable = true;
|
|
};
|
|
};
|
|
|
|
bagel.sysadmin.enable = true;
|
|
|
|
services.openssh.enable = true;
|
|
|
|
system.stateVersion = "24.11";
|
|
deployment.targetHost = "bagel-box.infra.forkos.org";
|
|
}
|