diff options
28 files changed, 352 insertions, 348 deletions
diff --git a/.github/actions/flake-update/action.yaml b/.github/actions/flake-update/action.yaml index f26c383..62f3695 100644 --- a/.github/actions/flake-update/action.yaml +++ b/.github/actions/flake-update/action.yaml @@ -22,12 +22,15 @@ runs: github_access_token: ${{ inputs.github-token }} - uses: DeterminateSystems/update-flake-lock@v19 + id: update with: commit-msg: ${{ inputs.commit-msg }} pr-title: ${{ inputs.commit-msg }} - pr-body: | - Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action. - - bors r+ nix-options: "--accept-flake-config" token: ${{ inputs.update-token }} + + - name: auto-merge pull request + run: gh pr merge --auto --squash "$PR_ID" + env: + GITHUB_TOKEN: ${{ inputs.update-token }} + PR_ID: ${{ steps.update.outputs.pull-request-number }} diff --git a/.github/workflows/update-inputs.yaml b/.github/workflows/update-inputs.yaml index 59fed45..3103629 100644 --- a/.github/workflows/update-inputs.yaml +++ b/.github/workflows/update-inputs.yaml @@ -1,9 +1,9 @@ name: update all inputs on: - schedule: - # run every saturday - - cron: "0 0 * * 6" + # schedule: + # # run every saturday + # - cron: "0 0 * * 6" workflow_dispatch: permissions: read-all diff --git a/.github/workflows/update-nixpkgs.yaml b/.github/workflows/update-nixpkgs.yaml index ccb04d3..81fbe9e 100644 --- a/.github/workflows/update-nixpkgs.yaml +++ b/.github/workflows/update-nixpkgs.yaml @@ -1,9 +1,9 @@ name: update nixpkgs inputs on: - schedule: - # run daily at 0:00 utc - - cron: "0 0 * * *" + # schedule: + # # run daily at 0:00 utc + # - cron: "0 0 * * *" workflow_dispatch: permissions: read-all @@ -2,7 +2,6 @@ [](https://neovim.io/) [](https://nixos.org/) -[](https://hydra.mydadleft.me/jobset/flake/main#tabs-jobs) greasy taco i love @@ -11,7 +10,7 @@ greasy taco i love i like to have a few services, including: - [grafana](https://grafana.com/) -- [hydra](https://github.com/NixOS/hydra) +- [hercules-ci](https://hercules-ci.com) - [miniflux](https://miniflux.app/) - [prometheus](https://prometheus.io/) @@ -43,11 +42,11 @@ my netgear wac104 router, using [nix-openwrt-imagebuilder](https://github.com/as ### atlas -my ampere arm server from oracle, services my miniflux instance and a builder for hydra +my ampere arm server from oracle, services my miniflux instance and a builder for hercules-ci ### p-body -my amd64 server from digital ocean, hosts many services i use and is also a builder for hydra +my amd64 server from digital ocean, hosts many services i use and is also a builder for hercules-ci ## fun screenshots diff --git a/bors.toml b/bors.toml deleted file mode 100644 index 7e8457a..0000000 --- a/bors.toml +++ /dev/null @@ -1,16 +0,0 @@ -status = [ - "ci/hydra:flake:staging:checks.aarch64-linux.pre-commit-check", - "ci/hydra:flake:staging:checks.x86_64-linux.pre-commit-check", - "ci/hydra:flake:staging:devShells.aarch64-linux.default", - "ci/hydra:flake:staging:devShells.x86_64-linux.default", - "ci/hydra:flake:staging:formatter.aarch64-linux", - "ci/hydra:flake:staging:formatter.x86_64-linux", - "ci/hydra:flake:staging:homeConfigurations.aarch64-linux.seth", - "ci/hydra:flake:staging:homeConfigurations.x86_64-linux.seth", - "ci/hydra:flake:staging:hosts.atlas", - "ci/hydra:flake:staging:hosts.glados", - "ci/hydra:flake:staging:hosts.glados-wsl", - "ci/hydra:flake:staging:hosts.p-body" -] - -delete_merged_branches = true @@ -160,6 +160,23 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1678379998, + "narHash": "sha256-TZdfNqftHhDuIFwBcN9MUThx5sQXCTeZk9je5byPKRw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c13d60b89adea3dc20704c045ec4d50dd964d447", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -242,7 +259,9 @@ }, "guzzle_api": { "inputs": { - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs" + ], "pre-commit-hooks": [ "pre-commit-hooks" ] @@ -261,46 +280,92 @@ "type": "github" } }, - "home-manager": { + "haskell-flake": { + "locked": { + "lastModified": 1678745009, + "narHash": "sha256-ujfwSrkxThmHJozibkCnJmlXLVyxm+Cbo2Q4wXPbCS4=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "26852ade574c712bc3912ad28de52b0c4cf7d4cb", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.2.0", + "repo": "haskell-flake", + "type": "github" + } + }, + "hercules-ci-agent": { "inputs": { + "flake-parts": [ + "flake-parts" + ], + "haskell-flake": "haskell-flake", + "nix-darwin": "nix-darwin", "nixpkgs": [ "nixpkgs" + ], + "pre-commit-hooks-nix": [ + "pre-commit-hooks" ] }, "locked": { - "lastModified": 1685189510, - "narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd", + "lastModified": 1681758488, + "narHash": "sha256-RBd/RNq3wL52FvoajMwrnfyZPfq67KMzmp6rtNAx/2o=", + "owner": "hercules-ci", + "repo": "hercules-ci-agent", + "rev": "ef296dd6211e2ffeb942f12e6232a2d9abdd488d", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "home-manager", + "owner": "hercules-ci", + "repo": "hercules-ci-agent", "type": "github" } }, - "hydra": { + "hercules-ci-effects": { "inputs": { - "nix": "nix", + "flake-parts": "flake-parts_2", + "hercules-ci-agent": [ + "hercules-ci-agent" + ], "nixpkgs": [ - "hydra", - "nix", "nixpkgs" ] }, "locked": { - "lastModified": 1683550113, - "narHash": "sha256-niw0RHfwpo2/86wvtHrbU/DQYlkkwtrM+qG7GEC0qAo=", - "owner": "nixos", - "repo": "hydra", - "rev": "13ef4e3c5d87bc6f68c91a36d78cdc7d589d8ff2", + "lastModified": 1683879200, + "narHash": "sha256-kRwPUU16rqBOV0XzpYaN9tvcOYFTmhBRidxM7QqJnPQ=", + "owner": "getchoo", + "repo": "hercules-ci-effects", + "rev": "7888b2733c50bc97a08b0307349b2e05e7ccd453", "type": "github" }, "original": { - "owner": "nixos", - "repo": "hydra", + "owner": "getchoo", + "ref": "customize-flake-update", + "repo": "hercules-ci-effects", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1685189510, + "narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", "type": "github" } }, @@ -338,40 +403,24 @@ "type": "github" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1633514407, - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "repo": "lowdown", - "type": "github" - } - }, - "nix": { + "nix-darwin": { "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_2", - "nixpkgs-regression": "nixpkgs-regression" + "nixpkgs": [ + "hercules-ci-agent", + "nixpkgs" + ] }, "locked": { - "lastModified": 1677045134, - "narHash": "sha256-jUc2ccTR8f6MGY2pUKgujm+lxSPNGm/ZAP+toX+nMNc=", - "owner": "nixos", - "repo": "nix", - "rev": "4acc684ef7b3117c6d6ac12837398a0008a53d85", + "lastModified": 1680266963, + "narHash": "sha256-IW/lzbUCOcldLHWHjNSg1YoViDnZOmz0ZJL7EH9OkV8=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "99d4187d11be86b49baa3a1aec0530004072374f", "type": "github" }, "original": { - "owner": "nixos", - "ref": "2.13.3", - "repo": "nix", + "owner": "LnL7", + "repo": "nix-darwin", "type": "github" } }, @@ -432,18 +481,17 @@ }, "original": { "owner": "nix-community", - "ref": "main", "repo": "NixOS-WSL", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1681920287, - "narHash": "sha256-+/d6XQQfhhXVfqfLROJoqj3TuG38CAeoT6jO1g9r1k0=", + "lastModified": 1685168767, + "narHash": "sha256-wQgnxz0PdqbyKKpsWl/RU8T8QhJQcHfeC6lh1xRUTfk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "645bc49f34fa8eff95479f0345ff57e55b53437e", + "rev": "e10802309bf9ae351eb27002c85cfdeb1be3b262", "type": "github" }, "original": { @@ -452,26 +500,28 @@ "type": "indirect" } }, - "nixpkgs-regression": { + "nixpkgs-lib": { "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "dir": "lib", + "lastModified": 1678375444, + "narHash": "sha256-XIgHfGvjFvZQ8hrkfocanCDxMefc/77rXeHvYdzBMc8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "rev": "130fa0baaa2b93ec45523fdcde942f6844ee9f6e", "type": "github" }, "original": { + "dir": "lib", "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1685215858, - "narHash": "sha256-IRMFoDXA6cYx3ifVw3B2JcC4JrjT5v7tRAx2vro2Ffs=", + "lastModified": 1685043448, + "narHash": "sha256-U3BwyDc2OzBcZ8tD09qXibyivgOtOQFTFCVgFyJ+6MM=", "owner": "NixOS", "repo": "nixpkgs", "rev": "ba6e4ddeb3e8ad3f3e3bec63dafbc9fe558729bb", @@ -485,37 +535,6 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1670461440, - "narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1685168767, - "narHash": "sha256-wQgnxz0PdqbyKKpsWl/RU8T8QhJQcHfeC6lh1xRUTfk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e10802309bf9ae351eb27002c85cfdeb1be3b262", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs_4": { - "locked": { "lastModified": 1681920287, "narHash": "sha256-+/d6XQQfhhXVfqfLROJoqj3TuG38CAeoT6jO1g9r1k0=", "owner": "nixos", @@ -600,7 +619,7 @@ "agenix": "agenix", "crane": "crane_2", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -624,13 +643,14 @@ "flake-utils": "flake-utils", "getchoo": "getchoo", "guzzle_api": "guzzle_api", + "hercules-ci-agent": "hercules-ci-agent", + "hercules-ci-effects": "hercules-ci-effects", "home-manager": "home-manager", - "hydra": "hydra", "lanzaboote": "lanzaboote", "nixinate": "nixinate", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur", "openwrt-imagebuilder": "openwrt-imagebuilder", @@ -38,16 +38,28 @@ guzzle_api = { url = "github:getchoo/guzzle_api"; + inputs.nixpkgs.follows = "nixpkgs"; inputs.pre-commit-hooks.follows = "pre-commit-hooks"; }; + hercules-ci-agent = { + url = "github:hercules-ci/hercules-ci-agent"; + inputs.flake-parts.follows = "flake-parts"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.pre-commit-hooks-nix.follows = "pre-commit-hooks"; + }; + + hercules-ci-effects = { + url = "github:getchoo/hercules-ci-effects/customize-flake-update"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.hercules-ci-agent.follows = "hercules-ci-agent"; + }; + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - hydra.url = "github:nixos/hydra"; - lanzaboote = { url = "github:nix-community/lanzaboote"; inputs.nixpkgs.follows = "nixpkgs"; @@ -63,7 +75,7 @@ }; nixos-wsl = { - url = "github:nix-community/NixOS-WSL/main"; + url = "github:nix-community/NixOS-WSL"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-compat.follows = "flake-compat"; inputs.flake-utils.follows = "flake-utils"; @@ -96,7 +108,7 @@ ./hosts ./modules/flake ./users - inputs.getchoo.flakeModules.default + inputs.getchoo.flakeModules.homeConfigurations ]; }; } diff --git a/hosts/atlas/cachix.nix b/hosts/atlas/cachix.nix deleted file mode 100644 index 1dc1830..0000000 --- a/hosts/atlas/cachix.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, ...}: let - uploadToCachix = pkgs.writeScriptBin "upload-to-cachix" '' - #!/bin/sh - set -euf - - OUT_END=$(echo ''${OUT_PATHS: -10}) - if [ "$OUT_END" == "-spec.json" ]; then - exit 0 - fi - - export HOME=/root - exec ${pkgs.cachix}/bin/cachix -c /etc/cachix/cachix.dhall push getchoo $OUT_PATHS > /tmp/hydra_cachix 2>&1 - ''; -in { - nix.extraOptions = '' - post-build-hook = ${uploadToCachix}/bin/upload-to-cachix - ''; -} diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix index 0146b72..af0243a 100644 --- a/hosts/atlas/default.nix +++ b/hosts/atlas/default.nix @@ -1,12 +1,10 @@ { config, pkgs, - self, ... }: { imports = [ ./hardware-configuration.nix - ./cachix.nix ./miniflux.nix ./nginx.nix ./prometheus.nix @@ -20,13 +18,6 @@ hermetic = false; }; - age.secrets.authGH = { - file = "${self}/secrets/hosts/${config.networking.hostName}/authGH.age"; - mode = "440"; - owner = config.users.users.root.name; - group = config.users.groups.wheel.name; - }; - boot = { binfmt.emulatedSystems = ["x86_64-linux" "i686-linux"]; cleanTmpDir = true; @@ -36,6 +27,11 @@ getchoo.server = { secrets.enable = true; + + services.hercules-ci = { + enable = true; + secrets.enable = true; + }; }; networking = { @@ -43,13 +39,7 @@ hostName = "atlas"; }; - nix = { - extraOptions = '' - !include ${config.age.secrets.authGH.path} - ''; - - settings.trusted-users = ["bob"]; - }; + nix.settings.trusted-users = ["bob"]; system.stateVersion = "22.11"; @@ -59,6 +49,7 @@ ]; in { root = {inherit openssh;}; + atlas = { extraGroups = ["wheel"]; isNormalUser = true; @@ -66,6 +57,7 @@ passwordFile = config.age.secrets.userPassword.path; inherit openssh; }; + bob = { isNormalUser = true; shell = pkgs.bash; diff --git a/hosts/p-body/buildMachines.nix b/hosts/p-body/buildMachines.nix index 0c7d6b0..c2b65b6 100644 --- a/hosts/p-body/buildMachines.nix +++ b/hosts/p-body/buildMachines.nix @@ -9,24 +9,14 @@ in { "${hostName}2atlas" = { file = "${self}/secrets/hosts/${hostName}/${hostName}2atlas.age"; mode = "600"; - owner = config.users.users.hydra-queue-runner.name; - inherit (config.users.users.hydra-queue-runner) group; }; }; nix = { buildMachines = [ { - hostName = "localhost"; - maxJobs = 2; - speedFactor = 100; - supportedFeatures = ["big-parallel" "benchmark" "kvm" "nixos-test"]; - systems = ["x86_64-linux" "i686-linux"]; - } - { hostName = "atlas"; maxJobs = 4; - speedFactor = 75; sshUser = "bob"; sshKey = config.age.secrets."${hostName}2atlas".path; supportedFeatures = ["benchmark" "big-parallel" "gccarch-armv8-a" "kvm" "nixos-test"]; @@ -34,7 +24,6 @@ in { } ]; - distributedBuilds = true; settings.builders-use-substitutes = true; }; } diff --git a/hosts/p-body/cachix.nix b/hosts/p-body/cachix.nix deleted file mode 100644 index 1dc1830..0000000 --- a/hosts/p-body/cachix.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, ...}: let - uploadToCachix = pkgs.writeScriptBin "upload-to-cachix" '' - #!/bin/sh - set -euf - - OUT_END=$(echo ''${OUT_PATHS: -10}) - if [ "$OUT_END" == "-spec.json" ]; then - exit 0 - fi - - export HOME=/root - exec ${pkgs.cachix}/bin/cachix -c /etc/cachix/cachix.dhall push getchoo $OUT_PATHS > /tmp/hydra_cachix 2>&1 - ''; -in { - nix.extraOptions = '' - post-build-hook = ${uploadToCachix}/bin/upload-to-cachix - ''; -} diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix index e4368b4..4b00177 100644 --- a/hosts/p-body/default.nix +++ b/hosts/p-body/default.nix @@ -3,16 +3,13 @@ guzzle_api, modulesPath, pkgs, - self, ... }: { imports = [ (modulesPath + "/virtualisation/digital-ocean-image.nix") ./buildMachines.nix - ./cachix.nix ./forgejo.nix ./grafana.nix - ./hydra.nix ./loki.nix ./nginx.nix ./prometheus.nix @@ -26,24 +23,20 @@ hermetic = false; }; - age.secrets.authGH = { - file = "${self}/secrets/hosts/${config.networking.hostName}/authGH.age"; - mode = "440"; - owner = config.users.users.root.name; - inherit (config.users.users.hydra) group; - }; + getchoo.server = { + secrets.enable = true; - getchoo.server.secrets.enable = true; + services.hercules-ci = { + enable = true; + secrets.enable = true; + }; + }; networking = { domain = "mydadleft.me"; hostName = "p-body"; }; - nix.extraOptions = '' - !include ${config.age.secrets.authGH.path} - ''; - services = { guzzle-api = { enable = true; @@ -68,6 +61,7 @@ ]; in { root = {inherit openssh;}; + p-body = { extraGroups = ["wheel"]; isNormalUser = true; diff --git a/hosts/p-body/hydra.nix b/hosts/p-body/hydra.nix deleted file mode 100644 index 5ed44e2..0000000 --- a/hosts/p-body/hydra.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - hydra, - pkgs, - self, - ... -}: let - hydraGroup = config.users.users.hydra.group; - inherit (config.networking) domain hostName; -in { - age.secrets = { - "hydraGH" = { - file = "${self}/secrets/hosts/${hostName}/hydraGH.age"; - mode = "440"; - owner = config.users.users.hydra.name; - group = hydraGroup; - }; - }; - - # https://github.com/NixOS/nix/issues/2002#issuecomment-375270656 - nix.extraOptions = '' - allowed-uris = https:// http:// - ''; - - services.hydra = { - enable = true; - package = hydra.packages.${pkgs.system}.hydra; - hydraURL = "https://hydra.${domain}"; - notificationSender = "hydra@${domain}"; - listenHost = "localhost"; - port = 6000; - useSubstitutes = true; - extraConfig = '' - Include ${config.age.secrets.hydraGH.path} - - compress_build_logs = 1 - queue_runner_metrics_address = 127.0.0.1:6002 - - <githubstatus> - jobs = .* - excludeBuildFromContext = 1 - useShortContext = true - </githubstatus> - - <hydra_notify> - <prometheus> - listen_address = 127.0.0.1 - port = 6001 - </prometheus> - </hydra_notify> - ''; - extraEnv = {HYDRA_DISALLOW_UNFREE = "0";}; - }; - - nix.settings.trusted-users = ["@${hydraGroup}"]; - - users.users = { - ${hostName}.extraGroups = [hydraGroup]; - hydra-queue-runner.extraGroups = [hydraGroup]; - hydra-www.extraGroups = [hydraGroup]; - }; -} diff --git a/hosts/p-body/nginx.nix b/hosts/p-body/nginx.nix index 8f2f0da..df887b3 100644 --- a/hosts/p-body/nginx.nix +++ b/hosts/p-body/nginx.nix @@ -40,18 +40,6 @@ in { locations = mkProxy "/" "3000"; }; - "hydra.${domain}" = { - enableACME = true; - addSSL = true; - - locations."/" = { - proxyPass = "http://localhost:${toString config.services.hydra.port}"; - extraConfig = '' - add_header Front-End-Https on; - ''; - }; - }; - "grafana.${domain}" = { enableACME = true; addSSL = true; diff --git a/hosts/p-body/prometheus.nix b/hosts/p-body/prometheus.nix index e65d828..26e9d0e 100644 --- a/hosts/p-body/prometheus.nix +++ b/hosts/p-body/prometheus.nix @@ -21,8 +21,6 @@ in { scrapeConfigs = [ (scrapeExporter "p-body" "localhost" "${toString config.services.prometheus.exporters.node.port}") (scrapeExporter "atlas" "atlas" "${toString config.services.prometheus.exporters.node.port}") - (scrapeExporter "p-body-hydra" "127.0.0.1" "6001") - (scrapeExporter "p-body-hydra-queue" "127.0.0.1" "6002") ]; }; diff --git a/hosts/profiles.nix b/hosts/profiles.nix index 13f5e44..99b6b09 100644 --- a/hosts/profiles.nix +++ b/hosts/profiles.nix @@ -73,11 +73,13 @@ in { { getchoo = { features.tailscale.enable = true; + server = { enable = true; services.promtail.enable = true; }; }; + nix.registry.nixpkgs.flake = nixpkgs-stable; } ]; diff --git a/modules/flake/ci.nix b/modules/flake/ci.nix index 64d4f86..8070d93 100644 --- a/modules/flake/ci.nix +++ b/modules/flake/ci.nix @@ -1,24 +1,76 @@ { + config, + inputs, myLib, self, + withSystem, ... -}: { - flake = { - hydraJobs = let - supportedSystems = [ - "x86_64-linux" - "aarch64-linux" - ]; - in - with (myLib.ci supportedSystems); { - # CA derivations don't work on hydra - #apps = mkCompatibleApps self.apps; - checks = mkCompatible self.checks; - devShells = mkCompatible self.devShells; - formatter = mkCompatibleFormatters self.formatter; - homeConfigurations = mkCompatibleHM self.homeConfigurations; - hosts = mkCompatibleCfg self.nixosConfigurations; - packages = mkCompatiblePkgs self.packages; +}: let + mkUpdateEffect = herculesCI: inputs: pullRequestTitle: let + cfg = config.hercules-ci.flake-update; + in + withSystem cfg.effect.system ({hci-effects, ...}: + hci-effects.flakeUpdate { + gitRemote = herculesCI.config.repo.remoteHttpUrl; + user = "x-access-token"; + autoMergeMethod = "rebase"; + commitSummary = pullRequestTitle; + inherit pullRequestTitle inputs; + inherit (cfg) updateBranch forgeType createPullRequest pullRequestBody; + }); +in { + imports = [ + inputs.hercules-ci-effects.flakeModule + ]; + + herculesCI = {lib, ...} @ herculesCI: let + inherit (lib) mkForce; + ciSystems = [ + "x86_64-linux" + "aarch64-linux" + ]; + in { + inherit ciSystems; + + onPush = { + default = { + outputs = with (myLib.ci ciSystems); + mkForce { + apps = mkCompatibleApps self.apps; + checks = mkCompatible self.checks; + devShells = mkCompatible self.devShells; + formatter = mkCompatibleFormatters self.formatter; + hosts = mkCompatibleCfg' self.nixosConfigurations; + packages = mkCompatibleHM self.homeConfigurations; + }; }; + }; + + onSchedule = let + mkUpdateEffect' = mkUpdateEffect herculesCI; + in { + nixpkgs-update = { + when = { + hour = [0]; + minute = 0; + }; + + outputs = { + effects.nixpkgs-update = mkUpdateEffect' ["nixpkgs" "nixpkgs-stable"] "flake: update nixpkgs inputs"; + }; + }; + + flake-update = mkForce { + when = { + dayOfMonth = [1 8 15 22 29]; + hour = [0]; + minute = 0; + }; + + outputs = { + effects.flake-update = mkUpdateEffect' [] "flake: update all inputs"; + }; + }; + }; }; } diff --git a/modules/nixos/server/services/hercules.nix b/modules/nixos/server/services/hercules.nix index 782e5a8..7b55f6c 100644 --- a/modules/nixos/server/services/hercules.nix +++ b/modules/nixos/server/services/hercules.nix @@ -1,7 +1,7 @@ { config, - hercules-ci-agent, lib, + nixpkgs, pkgs, self, ... @@ -43,13 +43,10 @@ in { // hercArgs; }; - environment.systemPackages = [ - hercules-ci-agent.packages.${pkgs.stdenv.hostPlatform.system}.hercules-ci-cli - ]; - services = { hercules-ci-agent = { enable = true; + package = (import nixpkgs {inherit (pkgs) system;}).hercules-ci-agent; settings = { binaryCachesPath = config.age.secrets.binaryCache.path; clusterJoinTokenPath = config.age.secrets.clusterToken.path; diff --git a/secrets/hosts/atlas/authGH.age b/secrets/hosts/atlas/authGH.age deleted file mode 100644 index 0a365ba..0000000 --- a/secrets/hosts/atlas/authGH.age +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSBHNXla -OEI4L3lnUFFHNk04T3dNenJlamswSTZUNkQrVHc3RTl4dktOMFVjClZzVW1yY0N4 -dWoyU2RxdnlMVklkV0xOWUFvV1JrTTBtSlY3ZHRBRm9iZXMKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIHhLelRZNzFVNVVxQ0R3cDhrNExhRElkazVpM20yY0wzOTFnTEFl -alMwRTQKbU91MGpsa0VySkpKQm5CK2Z4TWRzK1RqOU9JTUlPM2FBMlNMN00rbXZJ -awotPiBcKzFpXC1ncmVhc2UgMiN4c3BGCi9kU1VOOHM5S2tTNlZvUDRXK2ZwdlV1 -ZG9tbVpGMHZnQWVBWTBKTksydURuM3NRK1gySjNVOFM4VUVScGF5MEsKbno2OFJ3 -UFQ2UmF0WERVRzlVb2ZwdC9SbFBSZzlQaENOZHQ5Vk1HMnNFNWVsSkxjaE9MWkVJ -OTlrV2hZckxudQptMzgKLS0tIHNPN01KYlBpdzhCVnp0QnhZdGlVKzFZeDQwSTJE -ODd5MUNBSElyVzErVFEKz0IjBotQR4Au43+wUA4BSBX67FCGqOWaHObYm6aMO7yW -ALJYus9JF9Zb29mEUbxehaSF5J/RcAbcUwydn3RoY5JmhInNbsn/iu+LZ677o26j -6bUshly+e7xY3I/29x/dgzCtwNUTc7Y/7YhW2V+8nv7gBCf8V2HNZAZKzo13NYfO -QWD/Q2Fpe6O9TBZFgb+zFcZ2sno3nBWq ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/atlas/binaryCache.age b/secrets/hosts/atlas/binaryCache.age new file mode 100644 index 0000000..688a845 --- /dev/null +++ b/secrets/hosts/atlas/binaryCache.age @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBkM3FQ +UXJ0dCtLMFBZWmRRWkdPdG5LVmdJeWs4bk9JcFJvK0FmcW0rOUVZCjA0cXNEUmN5 +cVJhdGJYeVM3cUFSdSsvVTBhempHREQ0c21XOGxQRGJ3M1kKLT4gc3NoLWVkMjU1 +MTkgbFdJVUZRIFBNMVY0QzdlamN0NmZ0SGE3SmIvcU5CRTRTMWs1QytNV0NwaDZO +OVZwRG8KSlVjL0FiUCtXT2pUV0ZIbnZYcEJ1dVFONjhHdWNOaUhVd2dQTnVrVHhw +QQotPiBzc2gtZWQyNTUxOSAycm0zd2cgRzNyNzVpWTFMUXB4QVZMc1V3dW1HcDN3 +UXQxU3MzNFg3bWsxRFh3cE53bwo4NlI4ZFY5K3UrMG1vMmpLeGxEREJPWUpSUGxN +a2pUTjgyblVHUTUvamNnCi0+IDVvLWdyZWFzZSA0ZVEyR21eJwowSDlUMHRPMGVB +NHNuaWo5VkF5RG90RUZqNWsKLS0tIHJ1SVErK1BVL3pyU2pMWFN4Y01SeUhnaTF0 +eGx4L2JvQTMzeUg1SFllR3cKFtQfIi8hRcQUmWg1JY4EJFkj4PQSsp4TAKKsAwLg +NkLj6jNk7BuamnzGwJd/KQQDKDG1BX4bEL6k91OqMJFQlky7//gKEh1PjlU5qrUS +HkFA5T/1RF+unLMAkhCLki2AXNsZr8L9hovEsw4xobFe954SKbvSZ64mn/Tnz/eD +ehbYhpRT81NTyKWjA5sOGlSxKZuet/BRCXdB3SZRjnif0sTJPXwXw77nYus2ys1A +L9/PdVCEVNBbuBLpTrkFdhM/iGvn+dIkevizjiFFgprUhNyWGLjr2bviMJQs0dXt +k7v/z3koGVFJYatsPos0i0dbtZlbWEYJdvKoDv+ZojO9LNOH7vt90Lice2kP8dcE +tYuGnw16XB60dmyJs4NVXov288LNSfRHAwk74t9FYUzq+UrTwIFQpaTFPedKj7Bm +Ak2hBE7ZQ2s/sygbqjEgFkIE5t7giSZVPqLCvCc/QXObaik= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/atlas/clusterToken.age b/secrets/hosts/atlas/clusterToken.age new file mode 100644 index 0000000..084c6e4 --- /dev/null +++ b/secrets/hosts/atlas/clusterToken.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBDSGhi +VW9ETGZucUVWUys2V1B3T0FCcnNCVnMzMUJNVXhRQmhwRTBEbzNFClRzZ1RxUSt3 +ZFp6TmU5VlhjL2R2SkxRTnhxbTh0Mi9PZWlBTWlUUXAwSnMKLT4gc3NoLWVkMjU1 +MTkgbFdJVUZRIDFMbGZNRG15Q3RhMTcxV1BzQ3Nib2ZER0xwWmtoaFlrRnExMTl4 +dmsrU3MKajRuNEpOeUk0aGcrMENRbE5jUVhrQzdmYm9Fb0tkR0NqU3lLeFlWTEtW +WQotPiBzc2gtZWQyNTUxOSAycm0zd2cgTWtoRVNWeG5BbFpZdFVqRWhtd1VHOWVZ +d0dEdkhZRStJWUFXY3g2R3hCMAp1REJtblpneENTWEtQRVV6OXF3ZUtDb2VEQm54 +alhhaW5ma00rTm1nL0tvCi0+IC4wXXItZ3JlYXNlIF8tOyBRfCBXQWNwRltjICQo +a34zWDctCgotLS0gQnZ3WkllM1dzMzJQZmF4WlVBMit1cTBYYVYvdXdwVzZldFlZ +OUIyNldTMApW6XDdIQruISaX8BTwnqWRbSKtMzKY+LsGJZSqwZbCoKGT8jf6TNG0 ++0aHt5mz/HjomPVjNb2dTVUH2eR5pYYo2dKcRgUU6GFzWpUInIG7aaijZlAGkTnR +UBuCVbbwDyh6D+8zNGmlgyFiWaP/1coF0NHAh/RkbxteN9qySL/nYlHnS8KNW8si +pPhvZDhYUKzTQRtO+RCimWJuQqYaTkgqMVDd6K95pnyZbvbIDjZf21gB95AXwzVN +Adrn3eTc3lVxfZo7cuIMM95ckDaW5kCgsI/5QbFlxujqqLn9XMdyiYr0YbsDyQAa +lb0jIHWH9niuSGdimpcE/fhYvT6nvn/1vhjnGRztn7bziheT +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/atlas/secretsJson.age b/secrets/hosts/atlas/secretsJson.age new file mode 100644 index 0000000..661858a --- /dev/null +++ b/secrets/hosts/atlas/secretsJson.age @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBtVEwv +WE1XdTBHWnlCWm5mdTlJMnozZUwvWlQ1QXhLRmVMaU1UQ3RZcWpnCjBjRkt6NnhF +SHUzTmJ0Kzg2aGVhL0hZZlBuRTNYTWZYeVQrZGVYVVgzQ1UKLT4gc3NoLWVkMjU1 +MTkgbFdJVUZRIDFsaFl3Tm1QNGJMbHdqbXRneUxmZFBXWVdkUVJ1TlYrKzcrclVy +aXBkVFkKRmJZZXQ5NVB5c1NHZlNzU0YrZmUwUWVsdmJFWmdNZ1VBdkdIMlpaYm1M +UQotPiBzc2gtZWQyNTUxOSAycm0zd2cgaWV2aFNITzJHTlV2dWo0cjhaQU55dHU4 +UVRhUEl6aUdpZlNmL3J6TFlRWQpHUHJhMUpOVTNiSU1nRkNYKy96R2hRSnlObzh3 +S3R0VCtRcXpRckdQVWxJCi0+IGxjO3ctalQtZ3JlYXNlIDJINCBSLk1CWSwzIC43 +LnhbeyBMCmhyZEFsTnk3ajFBR2dMWEl2UlBTMjNLZ3dGN1NHQ0pUTEZNa1o3dFNL +THJrdm9hU3FZc1NxRjh6VDVzcnJpVQotLS0gR2ptcUNOeFU2cC9mWk81VkR3N0RD +RDJDdTFSQTlzU29YNU00OTNKT1dVYwqKsKpFxIRRSzXX857VG9KnCK3AtyEv+Pj9 +hlcWScyY1Id4HjdISKExH+ybEqD5lF7tOKNJT4M6rIFHJnip1cYgNBD8WS8joXD3 +99Qmo98SP/x+0LhjJ/A/YPjtu9RcFmvBXP36y/3YCZOGcc6xc6jrzfGI9hTa+9lf +pPLquxs8eME3Di0/u1l63pgX1Rqr07SU8kPf+D1ByQPQifECJJ39cipnEIg8mJV7 +2HLy0jxFV3FzVEYPCfOoBGfmqF4IUgZU6FDZ1AyS8ZJ12QD639FedgYEIYAH/Zz7 +BLIhXHDkU6JzOE4II7E9bWPAykofPlb1FdqD4WKAFXTSAmed68bLmYfwHfOuO6P3 +iv1zq87YLJaqe8b0ZgeqX0jEbsRdUURf9hFlSnHQXaW4owGVQU/JmlpOMpK47xNS +yrWmaw== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/authGH.age b/secrets/hosts/p-body/authGH.age deleted file mode 100644 index eb8a400..0000000 --- a/secrets/hosts/p-body/authGH.age +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDJybTN3ZyB1cEdL -Zk9kWEhzRGIrMkVQK3dvZWNvdjZrbW01b2dzaXBWL0pNZ2dLWHhrCk5SbVFheVYy -d095WmZTNHV5VUs3djU3YnRTbFZZekpjbU15QkZrRkhyWVEKLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIGZNWU5yWTdNbXFXUjZJOUFlVUlMVW5iT1NiS2hxMU51djVlVlR5 -N0RnWDgKNG1rb0tpN2dmeHhCZUJvcVJ3WmorbUpDaWJEZk16dUkyejM5WDVsbWZs -OAotPiBPLWdyZWFzZSBFClJ3bCtaaUl0dXBkNVFhZGtuamV6N0NuRDNNQVlPUmtY -c3FGNnVuSldmbk5LZTY5TGhBCi0tLSBuWVV6Y1J0TW5SVkp6UDQ2U3ZUa1U1NTE5 -T2Vjano0K081YWx2bDBpcW44Ck9b/U1ShHbQEHQ5Jyk1HuLgKuosBlXkhnjUVmpP -bLMwSC/kGw3mgX5SVmTdWiMbk4ibIRqXqeqZRruI80kkgXwQjuYG2aMvaO/A5+IR -7o8J6b8Ycz6kAm7SR5oz2BWcPrkIMjNrZzc+Zf/PW89GxU2I/j7wDLjlgonhq+qr -AobH5N3V9J3SIZ11SAwMjIKWnd6c5nSaLHTOEA== ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/binaryCache.age b/secrets/hosts/p-body/binaryCache.age new file mode 100644 index 0000000..19e40d3 --- /dev/null +++ b/secrets/hosts/p-body/binaryCache.age @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBQcklp +cnlycDgyTnR1Sm0ybVBjSkRWRDJ4MFhDbFJCU2xCRmwxK1pYSWlBCmFvbkRHOU16 +MWJIMzVheTJTam9XRSs1d0c2RjcwS0h4L3NzQWl4cUh2anMKLT4gc3NoLWVkMjU1 +MTkgbFdJVUZRIEpLL21ncHdtZlVuSm1pTWJPR0M0OWpUMjlBTVh3NkwyMzhQa3Mz +bDN0eUEKNWphbjB5dFk3WWpVZFJBRlNXL05KSGVsK3pXdXRMaGUxRk1uNXNib1F0 +WQotPiBzc2gtZWQyNTUxOSAycm0zd2cgQlRhdVV1M2hJNUZCc2pabmFCRVgrZGUy +YzVUaXNWdHdiN2J2MlpNNnlpbwo0NTNzYWdYVlg5MEtvOE4rM3hJaUl5N2g3a0pR +emU5SmdUSHhaTk5WZ3BrCi0+IDVsaTRCKzNRLWdyZWFzZSBMXFpLCkFLV0RqdEhV +WG1QRnQ1VlFBODRYSmV5RU44M3UzQUxsMDhyRU56SFAKLS0tIDg0Vjg0dnJudnNr +d2N2V2dIQjRYcnlzNS9RZXRleHhiNUZGK05sNHlTd2sKjVbalKa3CSoF71E1G8Km +n9NcgkB1u2EOegbT+PPM7ik8j8RGu7KvKEHUEMgrTq0r4iy0QKfkrtWcrOA9ofy9 +OoVufNUVWdLEV4X8c4SfNSFvNKE2B/hsWFwG5jO+PQWlGLWB4xjcJ3wpMH/N8smt +EHJipVuZX0YtXbovtCgtFtWD2+VFfG4P+5LCwH4qJuKpVMgu2efGeSmgLFhodKzd +objXxM/k1FEYGuwEduXVd3BiE3lPPTHR8BChXgh0XhqhFoFGW0zBBo1o4pgTHL1D +zgKes/T/MWP7N9V+DGLAky/z9AtDDYEcNiQe7ADIsOrU3zD1bkU5hOGvECUaHlqH +CI1vywVkZMzpI7X4ulpR3+sCWFL6DY4sg6jG9EWx4+cf9TSLnv+RpAKPPDBgEIA4 +eO5RqlcjTGiOfNgnSf58R7OG6d79wzZVkzl+AQrrkE79Zzwm2DWU4aGmgWO7j2Z8 +ng== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/clusterToken.age b/secrets/hosts/p-body/clusterToken.age new file mode 100644 index 0000000..73d617d --- /dev/null +++ b/secrets/hosts/p-body/clusterToken.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSAxQlFo +MkNwbzhSWmIyVHZiZk1wTnZlaFAyNVBxeDZSR3dwZjdSekxJL3dVCjZDTk1ZUzdY +RXBpNHRsMVZIb0NxWU16MXQ1VGIwTGZwUmRNdzZ5Y3BCMGMKLT4gc3NoLWVkMjU1 +MTkgbFdJVUZRIE5SeFUyb2FMTDY4a3QzOXFWYWJJenQ3VmlYMERRcU1VV3NJNDR4 +eE40MmcKNEZUTXhkVEl5MkRueWpCUGx3NHNraWhJdFQyRWhvamNVNkxEZUNhL2FB +dwotPiBzc2gtZWQyNTUxOSAycm0zd2cgcDNaaktLWnVSZitrdCtIZXRRSUE2d21N +d0FkU3hmRXVxb2k5cWhqOHJHMApwSW5CZG9mSlRBZkNPQ2VTM3cyMmVPNEROUUlR +cTZvcFUydzVwaGVFa1RZCi0+IFtZLWdyZWFzZSBoUlxQICZ4YC87OFV4CjNDQUY1 +NzlMZUEKLS0tIGFBRHp5dkZ6OUtVczNpaXllTnRBekVrZ3FUbXI3UXJETGVtRTJ3 +L3hocFUK6ywg9Q6adzKoyp/v/USlp35PYuZJwNNyBu5Mjb+npN9eO8s40WqCPwVS +T9r8uf9S05wmOkZ+fBC0qjY4Y2uMc3GZFSyuGUgBq/0rppwbQiET8OFP68lmSTuC +vv39gq6nBixqPMir2yo0jw1Qh/FwykFVRbz7KBSWcOmu0iKTqDzcjfTpsiWqNHoH +rDIHZ1zbXD2g9LM/koSFWZkAHNigsllili8cKD/Tf0O2XrEl7VWgBAANZqUXH6zK ++z8LEfwprXRj5K0+yvo2WI+hid6AR3+C8UdC62OaSrT7CBqyuTWJqeqdGVxC1eM5 +ShxYuV7C2ztKCu/ya6wTy8woPecRAZtCKa07V0Mm4WUy9Q== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/hydraGH.age b/secrets/hosts/p-body/hydraGH.age deleted file mode 100644 index 6e6a8cb..0000000 --- a/secrets/hosts/p-body/hydraGH.age +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDJybTN3ZyBMdTN2 -YWxQeVFxRWFXMDgwNmhWVGJqdG5ZdTVOVWUrNDQ2NXNyYjVNanhFCkZlb2owZVk1 -ZmJwZkRZdVkzaGI0dkhpQi82WmlCbitjNzVWZDZrQkx0OU0KLT4gc3NoLWVkMjU1 -MTkgSTkyQTNRIGl2aDFQMDB5N3R6RVVhT1puZUpVVDZ1ZWlXUjZQUkE1clZnNGdu -YXd3VjQKdGRWZTkyMjBZY2dYUlk2WkVRM3FyODM0cjVtUE4yOTc2V2JNTm5NVEx3 -MAotPiBLdkBUNToqSy1ncmVhc2UgU0xlcGdPKiB9PzUyamEKQytqR3QvdU5CZWdh -M3Z2MzAvbG82dTg5eGxPc1IwRnE4OVhDUnFEeU54dzhwVUpIbUhzVEk3bThkZ2Z3 -VEl5Ywo1T2RuZWJ5SjRYVFdIWGZ5U29wZgotLS0geThueS9qY1RhVVplSUlhR1NB -a05NYUV2dDcwSVc4dDdBb2wra1p4WHVrNAqR7OU5ahW7JEYcvlOq9FqMJF+CkT00 -KTUZEQNSy9c5VMx8j4DYrpoKH/ukkKmcrHqxDIeEV1FPp8RIQG7ZTgCHv9d+KdNy -qHxjzQ+f2KjkCctkxJHdDLCcBvhIyWVRIKHT1Yndb1NCGMzWNVjh1wvfgl4ZFUlO -RssdI42r9D5siCqqQnMHRGbdH39dT9D0oaHO8TyNMk/1eSi55ub5p+Sh8elhtBBL -s4tcbr3ueeORqTY3L1RCq1O7bZ+6GgvN ------END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/secretsJson.age b/secrets/hosts/p-body/secretsJson.age new file mode 100644 index 0000000..019a3a4 --- /dev/null +++ b/secrets/hosts/p-body/secretsJson.age @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBmbENM +VkRPb2Q1eUdFSjFVeGpNTm9mT0Nab3lpOHRaT3FpdnV5elpPQXhBClpmSjVTMlNW +OHNYeGhGbEFRRFZSVGRBa1RZd1VnTURsQm5CNXhZUW9hZEEKLT4gc3NoLWVkMjU1 +MTkgbFdJVUZRIFhaWW9FblJ3SFREOUFSR00xZDc0NFNqdkxWNnFReHpKRk9uOUo3 +UWZoQWsKbXA2N0t3VG42MEZBanlHSkRjdFBzZE5YNkdPOS8xRGNvOXJTN1B1L3Fv +UQotPiBzc2gtZWQyNTUxOSAycm0zd2cgYk13cGQrbi8rZWkzaEk2TzhWQVNNdGlm +NXFFNWlqdFdTV2ovSkRtMUh6OAorVUlwZ29OYnpER0pRdDZPbzBuRXhiWVplL2RF +cUJwd1hQaFJEYXFlaHZnCi0+IENIdmN9OHBULWdyZWFzZSAnYmFfVnNGXApTbXYx +VGhlZFU4bko5YkZ6M2k5eTdzcHZjMVFwV3hHV3NKMkd4dWNDOGdlU3I2OAotLS0g +VXdkQ2djUUpnNUtGSHlaRWlxWmpQcVpUVjFIOERSbGd1Vyt4ak1tcWl1WQrPIPcR +RWUyNQeHQxxsp7lc+4N0LTMnnIsW531/hVEy0FRarRkseJoMTIL84OLhqSjlVxoZ +/XOey4eFfTbJiP0h8r3VjB7ATFyi0w3lBFpH71dULuxqb4Xsz48Rtdu0JE0Qhdle +Udl5kxHF5+ZRtN/vyaBFfVNRfGuiTj9DXqelmPyb5l8xYqi71Yap5LD/r4WenOBe +qx53etdTsfOgeLwR4ULC42269PSJHAoMq92K7m3VZwQ0THsBiMyTNOWN3JkBYOIt +IEkUkVkm6lhQsCbRF1CLQ6G7+tJy1Rt7Ibnx4TPtJ4hJ0878ZL2jTeYDgWJBk8x6 +lkaxEqjYollG7g0RvUxd3m+f0gdh50E68JF4LMmmxb+oP9BiTuCOp9jGXWwCBZXr +qpIFmauExIjVIpzErG2yCcXze5fN24Caug== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c525929..9dd4eb2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,12 +11,15 @@ in { "hosts/atlas/rootPassword.age".publicKeys = atlas; "hosts/atlas/userPassword.age".publicKeys = atlas; + "hosts/atlas/binaryCache.age".publicKeys = atlas; + "hosts/atlas/clusterToken.age".publicKeys = atlas; + "hosts/atlas/secretsJson.age".publicKeys = atlas; "hosts/atlas/miniflux.age".publicKeys = atlas; - "hosts/atlas/authGH.age".publicKeys = atlas; "hosts/p-body/rootPassword.age".publicKeys = p-body; "hosts/p-body/userPassword.age".publicKeys = p-body; "hosts/p-body/p-body2atlas.age".publicKeys = p-body; - "hosts/p-body/hydraGH.age".publicKeys = p-body; - "hosts/p-body/authGH.age".publicKeys = p-body; + "hosts/p-body/binaryCache.age".publicKeys = p-body; + "hosts/p-body/clusterToken.age".publicKeys = p-body; + "hosts/p-body/secretsJson.age".publicKeys = p-body; } |