modules/hydra: drop
This commit is contained in:
parent
b3644b8630
commit
d2781a0377
7 changed files with 0 additions and 81 deletions
|
@ -1,63 +0,0 @@
|
||||||
{ lib, config, ... }:
|
|
||||||
{
|
|
||||||
age.secrets = {
|
|
||||||
hydraS3 = {
|
|
||||||
file = ../../secrets/hydra-s3.age;
|
|
||||||
group = "hydra";
|
|
||||||
mode = "0440";
|
|
||||||
};
|
|
||||||
} // lib.mapAttrs' (k: lib.nameValuePair "hydra-database-credentials-for-${k}")
|
|
||||||
(lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
|
|
||||||
(x:
|
|
||||||
{
|
|
||||||
file = ../../secrets/hydra-db-credentials.age;
|
|
||||||
group = "hydra";
|
|
||||||
owner = x;
|
|
||||||
mode = "0400";
|
|
||||||
}
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
services.hydra = {
|
|
||||||
enable = true;
|
|
||||||
dbi = "dbi:Pg:dbname=hydra;host=10.1.0.1;user=hydra;";
|
|
||||||
hydraURL = "https://hydra.privatevoid.net";
|
|
||||||
notificationSender = "hydra@privatevoid.net";
|
|
||||||
buildMachinesFiles = [ "/etc/nix/hydra-machines" ];
|
|
||||||
useSubstitutes = true;
|
|
||||||
extraConfig = ''
|
|
||||||
store_uri = s3://nix-store?scheme=https&endpoint=object-storage.privatevoid.net&secret-key=/etc/hydra/bincache.key
|
|
||||||
server_store_uri = https://cache.privatevoid.net
|
|
||||||
'';
|
|
||||||
extraEnv = {
|
|
||||||
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hydraS3.path;
|
|
||||||
PGPASSFILE = config.age.secrets."hydra-database-credentials-for-hydra".path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# override weird hydra module stuff
|
|
||||||
|
|
||||||
systemd.services = {
|
|
||||||
hydra-send-stats = lib.mkForce {};
|
|
||||||
} // lib.genAttrs [ "hydra-notify" "hydra-queue-runner" "hydra-server" ]
|
|
||||||
(x: let
|
|
||||||
name = if x == "hydra-server" then "hydra-www" else
|
|
||||||
if x == "hydra-notify" then "hydra-queue-runner" else x;
|
|
||||||
in {
|
|
||||||
environment = {
|
|
||||||
PGPASSFILE = lib.mkForce config.age.secrets."hydra-database-credentials-for-${name}".path;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
);
|
|
||||||
|
|
||||||
nix.extraOptions = lib.mkForce ''
|
|
||||||
allowed-uris = https://git.privatevoid.net
|
|
||||||
keep-outputs = true
|
|
||||||
keep-derivations = true
|
|
||||||
'';
|
|
||||||
|
|
||||||
programs.ssh.knownHosts.git = {
|
|
||||||
hostNames = [ "git" "git.services.privatevoid.net" ];
|
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0rChVEO9Qt7hr7vyiyOP7N45CjaxssFCZNOPCszEQi";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -14,7 +14,6 @@ in
|
||||||
enterprise = ./enterprise;
|
enterprise = ./enterprise;
|
||||||
external-storage = ./external-storage;
|
external-storage = ./external-storage;
|
||||||
fail2ban = ./fail2ban;
|
fail2ban = ./fail2ban;
|
||||||
hydra = ./hydra;
|
|
||||||
hyprspace = ./hyprspace;
|
hyprspace = ./hyprspace;
|
||||||
ipfs = ./ipfs;
|
ipfs = ./ipfs;
|
||||||
ipfs-cluster = ./ipfs-cluster;
|
ipfs-cluster = ./ipfs-cluster;
|
||||||
|
|
|
@ -24,10 +24,6 @@ in with hosts;
|
||||||
"secrets/gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/hydra-s3.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
|
"secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
|
||||||
"secrets/hyprspace-key-grail.age".publicKeys = max ++ map systemKeys [ grail ];
|
"secrets/hyprspace-key-grail.age".publicKeys = max ++ map systemKeys [ grail ];
|
||||||
"secrets/hyprspace-key-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
|
"secrets/hyprspace-key-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 NO562A vynPDZ/n0OZX4jP6jsMo3/pDeG/NESWJWjZorI1rHlY
|
|
||||||
l/IQr1YzAJYbxxbxodZj5kcWN3Hc/R+mjHoJqmV+k+c
|
|
||||||
-> ssh-ed25519 5/zT0w N5oKG8G0hwcy+HycLjY7c0W9POT0TEJvgtadpLmPNx4
|
|
||||||
vwC8wKbrbXsv4kzpM5x6UqDm8BASDW8XkhlGb4ipPLY
|
|
||||||
-> ssh-ed25519 d3WGuA +ey3gnIvah3koWvYYtB9ExdAwZMAkG++ZGpiSvgz2HI
|
|
||||||
qdRoXNKAD+oAxve9HHLediZYJLi2vdUfAf+XpEOYk/g
|
|
||||||
-> 0a>-grease P0 Q?[H ~e=yXc$ ^f*
|
|
||||||
1qwFvyh1k2Co61fNx9+AWJc88ayznRmqnX7YaWPp+/ULiUEW3kcaRxiG260SNgNg
|
|
||||||
4kI3UIas3tTO912iFZpl
|
|
||||||
--- QsGqhfZUEjxeYpzIYVUK/gwyTRM6fIub6PCNB7NphMY
|
|
||||||
…ôT<EFBFBD>>k3ùüÐOÛy_ЖÔ"1¿ºo#´ÔðI‘¾ŽœÚáÚ¿oœ½©:{+;3ßS‡<fpY<'F=*E±E«ÊÞèGÆ(ÎÏ1çòÒ…Û†4êÐ@ñ‰}×ÚöÇ—ÃÕžÍ_«ž…ü?m;æê<n<>P<EFBFBD>ãâÂr~"<22>²Y
|
|
||||||
b1O¨AË
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in a new issue