sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add build02 which will run nixpkgs-update only for now

Browse source
This commit is contained in:
Ryan Mulligan 2021-01-17 14:47:14 -08:00
parent ae11986b8e
commit 2dd585f3ce
6 changed files with 168 additions and 25 deletions

1
build01/configuration.nix
View file

@ -21,7 +21,6 @@ in
./hydra.nix ./hydra.nix
./hydra-declarative-projects.nix ./hydra-declarative-projects.nix
./cache.nix ./cache.nix
./nixpkgs-update.nix
./marvin-mk2.nix ./marvin-mk2.nix
./matterbridge.nix ./matterbridge.nix

48
build02/cache.nix Normal file
View file

@ -0,0 +1,48 @@
{ config, pkgs, ... }:
let
postBuildHook = pkgs.writeScript "post-build-hook.sh" ''
#!${pkgs.runtimeShell}
export PATH=$PATH:${pkgs.nix}/bin
exec ${pkgs.cachix}/bin/cachix -c /var/lib/post-build-hook/nix-community-cachix.dhall push nix-community $OUT_PATHS
'';
sockPath = "/run/post-build-hook.sock";
queueBuildHook = pkgs.writeScript "post-build-hook.sh" ''
${pkgs.queued-build-hook}/bin/queued-build-hook queue --socket ${sockPath}
'';
sources = import ../nix/sources.nix;
in
{
nixpkgs.overlays = [
(self: super: {
queued-build-hook = (import sources.queued-build-hook { pkgs = super; });
})
];
systemd.sockets.queued-build-hook = {
description = "Post-build-hook socket";
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = sockPath;
SocketUser = "root";
SocketMode = "0600";
};
};
systemd.services.queued-build-hook = {
description = "Post-build-hook service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "queued-build-hook.socket" ];
requires = [ "queued-build-hook.socket" ];
serviceConfig.ExecStart = "${pkgs.queued-build-hook}/bin/queued-build-hook daemon --retry-interval 30 --hook ${postBuildHook}";
};
nix.extraOptions = ''
post-build-hook = ${queueBuildHook}
'';
}

59
build02/configuration.nix Normal file
View file

@ -0,0 +1,59 @@
{ config, pkgs, lib, ... }:
let
userImports =
let
toUserPath = f: ../users/. + "/${f}";
onlyUserFiles = x:
lib.hasSuffix ".nix" x &&
x != "lib.nix"
;
userDirEntries = builtins.readDir ../users;
userFiles = builtins.filter onlyUserFiles (lib.attrNames userDirEntries);
in
builtins.map toUserPath userFiles;
in
{
imports = [
./hardware-configuration.nix
./cache.nix
./nixpkgs-update.nix
../profiles/common.nix
../profiles/docker.nix
] ++ userImports;
# /boot is a mirror raid
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
networking.hostName = "nix-community-build02";
networking.hostId = "af9ccc71";
networking.useDHCP = false;
networking.defaultGateway = "95.217.109.129";
networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
networking.interfaces."enp35s0" = {
ipv4.addresses = [ { address = "95.217.109.189"; prefixLength = 26; } ];
ipv6.addresses = [ { address = "fe80::aaa1:59ff:fe0e:aa61"; prefixLength = 64; } ];
};
# nginx is being used as the frontend HTTP server for all the services
# running on the box
services.nginx.enable = true;
networking.firewall = {
# for Nginx
allowedTCPPorts = [ 443 80 ];
};
boot.kernelPackages = pkgs.linuxPackages_latest;
security.acme.email = "trash@nix-community.org";
security.acme.acceptTerms = true;
nix.gc.automatic = true;
nix.gc.options = "--delete-older-than 30d";
system.stateVersion = "20.09";
}

26
build02/hardware-configuration.nix Normal file
View file

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/29a6b37b-fafb-46a1-b856-1e1c20dc053b";
fsType = "f2fs";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/5021610e-ffdd-4721-ad23-63d10a6f4e2c"; }
{ device = "/dev/disk/by-uuid/e7a3712f-bc88-4b04-8823-58871494c132"; }
];
}

0
build01/nixpkgs-update.nix → build02/nixpkgs-update.nix
View file

59
deployment.nix
View file

@ -53,30 +53,6 @@ in
permissions = "0600"; permissions = "0600";
}; };
deployment.keys."id_rsa" = {
text = secrets.github-r-ryantm-key;
destDir = "/home/r-ryantm/.ssh";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
deployment.keys."github_token.txt" = {
text = secrets.github-r-ryantm-token;
destDir = "/var/lib/nixpkgs-update";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
deployment.keys."github_token_with_username.txt" = {
text = "r-ryantm:${secrets.github-r-ryantm-token}";
destDir = "/var/lib/nixpkgs-update";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
deployment.keys."marvin-mk2-key.pem" = { deployment.keys."marvin-mk2-key.pem" = {
text = secrets."marvin-mk2-key.pem"; text = secrets."marvin-mk2-key.pem";
destDir = "/var/lib/marvin-mk2"; destDir = "/var/lib/marvin-mk2";
@ -137,4 +113,39 @@ in
}; };
build02 =
{ resources, ... }:
{
imports = [
./build02/configuration.nix
];
deployment.targetHost = "95.217.109.189";
deployment.keys."id_rsa" = {
text = secrets.github-r-ryantm-key;
destDir = "/home/r-ryantm/.ssh";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
deployment.keys."github_token.txt" = {
text = secrets.github-r-ryantm-token;
destDir = "/var/lib/nixpkgs-update";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
deployment.keys."github_token_with_username.txt" = {
text = "r-ryantm:${secrets.github-r-ryantm-token}";
destDir = "/var/lib/nixpkgs-update";
user = "r-ryantm";
group = "r-ryantm";
permissions = "0600";
};
};
} }