nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Packages Projects Releases Wiki Activity

Set up private-key for yoga build farm

Browse source
This commit is contained in:
Natsu Kagami 2024-08-16 16:30:58 +02:00
parent 7f98f816dd
commit 17fcc7e58f
Signed by: nki
GPG key ID: 55A032EB38B49ADB
4 changed files with 11 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
modules/services/nix-build-farm/default.nix
View file

@ -38,19 +38,10 @@ in
(name: host: {
hostName = host.host;
sshUser = build-user;
sshKey = cfg.privateKeyFile;
} // host.builder)
otherBuilders;
programs.ssh.extraConfig = (lib.concatStringsSep "\n" (lib.mapAttrsToList
(name: host: ''
Host ${name}
HostName ${host.host}
User ${build-user}
IdentitiesOnly yes
IdentityFile ${cfg.privateKeyFile}
'')
otherBuilders));
users = mkIf (isBuilder host) {
users.${build-user} = {
description = "Nix build farm user";

2
modules/services/nix-build-farm/hosts.nix
View file

@ -4,7 +4,7 @@
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6N1uTxnbo73tyzD9X7d7OgPeoOpY7JmQaHASjSWFPI nki@kagamiPC";
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUN5UUc3YWUrZEY3SWN0dVU3T3FnR3hqRlJydGpPaGpxSmF6UW5RUVlqbUQgcm9vdEBua2kteW9nYS1nOAo=";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUhiVTh2NlNBa0kyOTBCc1QzVG1IRVVJQWdXcVFyNm9jRmpjakRRczRoT2ggcm9vdEBrYWdhbWlQQwo=";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 16;
speedFactor = 2;

5
nki-yoga-g8/configuration.nix
View file

@ -19,6 +19,11 @@
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
# Build farm
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "yoga";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
## tinc
sops.secrets."tinc-private-key" = { };
services.my-tinc = {

6
nki-yoga-g8/secrets.yaml
View file

@ -1,4 +1,6 @@
tinc-private-key: ENC[AES256_GCM,data:lzmisexQPfRlIMGqbmb+uqGtOPceQ3CJGlVOeOC6nbP/IDwkufSWtxugYmUwi9IJKwO0mldijiKWuG3p9005H++8567hhPy/bU7fA4vyVC+3UVGW6l0mE+yKQXTyI7kzxkXMCK5a4Q4rUJj544vU6pt75/mytfg+Cox2woGZAHZvJ/pRuHDe2t3R6w3EYYTu6x1w5azGnFvCOVdR6XPsGJA2p3oRnEpz64L7KD2QOdtm0YsfMnorH9FbvkZgNr927VbRnBRJ1QM=,iv:4K4w6ruQxtRGjmFnWszlXZKp36TuTTnrB0sDEE/tmrM=,tag:NBP897Sw84bvZTvo/+fVfA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:etqFl2T2atN2djxqktFRtrTGqsC61A+ZUd2yS0PLm5KPO2s2/k6XqQGac9rUWP86C1YGpTJhUMzYuOPGW4yNc0YmoeHVslxBR7nX8pubXabZNdB2YMm/yAgsdeeflo4slbxJ6+00eH0iCrtWcHtWbZafHnxojborZABOvCsODdx/ahJ4J9aHqf22cAqe9iJY3L0TgE+iazKS8OO+C/PTaQiV02NZjP8GajRMXzPVoYT7wz3u0t0q0m/t8FkhMIDl9QKL+kFUDeLEGoCBzR57JXLZiW1gJsRxbkP8hVIB3s4TQnhasxqQQlCJuqBSNFl/cGdBm/ADm/yi78VHQG7rUxUrFVDL4Aoidjp6GyoojLIEpdQjtlvC7RCLNpTibV6B71EB3obpjMmmIwfoDLT4jEWhXNx3b8DnMoa0Qh4ba+HBJf+XKA93B0qOJWwJzj4qH9uqBK3xPOGTkqQMmd9M1HYrStTcI/JUX0WvEMwk8xI8MZN/TsLij4w5i6NCwSqa8Dn2lyLK0BGp5C8RT8R4k6U2ieyY6lmxsGIe,iv:703rM/FQz65upd1JWTHNsjAXh2BeoknkALShKuHUsis=,tag:yAB6KJqpm1mOFT5GzKRPBw==,type:str]
sops:
kms: []
gcp_kms: []
@ -23,8 +25,8 @@ sops:
eitNc1E2SzY5bkUxNWtNczRsWWJaU2MKUIu9GT7zu0MvvnXxiQfLW9pQcxFKOwPm
VRU2k3XQkYjSDZX29DxrOzaPS/L3OYNyBYMyOW8GyMa2V12lMH6lPQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-23T16:24:43Z"
mac: ENC[AES256_GCM,data:YTPZCX2Nkws0EJB/+PJVCYlKN0BoWqDRIH5QfhB7ayQ42tkUlz60Bt1ksbEMNtz2RS4sJSp4dlihTBLO4gRHbeMZf40f+j42Td4Dj0etqOkaspR5q5mE1XR8ml7QRzALEq5SHRi13szfO4BHaaFsSHTyFgKxA4uDzZ4JnBoxjAQ=,iv:KuO4rhO9vH+HqcgqTvOYBayitFzLhm4CQRTyzIplKnM=,tag:G/qgcxZoc89etzkUnkw02Q==,type:str]
lastmodified: "2024-08-16T14:17:07Z"
mac: ENC[AES256_GCM,data:qrMyVDLhtK4URqrHFBx+08PMrFyfib4iH0y7iAeVB/oFGazjm3O5MeS9fNYJeONghuelux69nh2FRfSJHG/moEBcWlL68R4xbCb4he528P+n7mQnR54BNFJdT2oOra4bqO9n/4m2UA8jmA0veoqSrZUVjnmjftqOedjnRESY1L8=,iv:jql79ItwPcJg/nnbsUywOzWz/UJy0ZpY04pvEF290c4=,tag:XKrToym2dXdippnivoK1/Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1