Set up build farm (#3)

Reviewed-on: #3 Co-authored-by: Natsu Kagami <nki@nkagami.me> Co-committed-by: Natsu Kagami <nki@nkagami.me>
2024-08-19 14:04:52 +00:00 · 2024-08-19 14:04:52 +00:00 · bc4cfe7c69
commit bc4cfe7c69
parent 70ab3aa5b3
13 changed files with 162 additions and 25 deletions
--- a/nki-personal-do/configuration.nix
+++ b/nki-personal-do/configuration.nix
@ -12,6 +12,9 @@
    ../modules/cloud/conduit
    ../modules/cloud/gotosocial

+    # Encrypted DNS
+    ../modules/services/edns
+
    ./headscale.nix
    ./gitea.nix
    ./miniflux.nix
@ -57,18 +60,15 @@

  services.do-agent.enable = true;

-  system.autoUpgrade = {
-    enable = true;
-    allowReboot = true;
-    flake = "github:natsukagami/nix-home#nki-personal-do";
-  };
-
  nix = {
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

+  nki.services.edns.enable = true;
+  nki.services.edns.ipv6 = true;
+
  # Secret management
  sops.defaultSopsFile = ./secrets/secrets.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@ -81,6 +81,10 @@
  services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
  services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;

+  sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
+  services.nix-build-farm.hostname = "home";
+  services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
+
  # Set up traefik
  sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
  sops.secrets.traefik-dashboard-users = { owner = "traefik"; };