tv binary-cache: replace wu by xu and use hosts.binary-cache.pubkey

This commit is contained in:
tv 2016-11-24 23:07:48 +01:00
parent edb899745b
commit 8f946dd2fc
7 changed files with 20 additions and 16 deletions

View File

@ -351,11 +351,17 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
};
xu = {
binary-cache = {
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
};
cores = 4;
nets = {
gg23 = {
ip4.addr = "10.23.1.38";
aliases = ["xu.gg23"];
aliases = [
"cache.xu.gg23"
"xu.gg23"
];
ssh.port = 11423;
};
retiolum = {

View File

@ -15,7 +15,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver
];

View File

@ -16,7 +16,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache
../2configs/xserver
{
environment.systemPackages = with pkgs; [

View File

@ -15,7 +15,7 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/binary-cache
../2configs/xserver
../2configs/xu-qemu0.nix
{

View File

@ -21,7 +21,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver
{
environment.systemPackages = with pkgs; [

View File

@ -1,22 +1,30 @@
{ config, lib, pkgs, ... }: with import <stockholm/lib>;
{
services.nix-serve = assert config.krebs.build.host.name == "wu"; {
environment.etc."binary-cache.pubkey".text =
config.krebs.build.host.binary-cache.pubkey;
services.nix-serve = {
enable = true;
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path;
};
systemd.services.nix-serve = {
requires = ["secret.service"];
after = ["secret.service"];
};
krebs.secret.files.nix-serve-key = {
krebs.secret.files.binary-cache-seckey = {
path = "/run/secret/nix-serve.key";
owner.name = "nix-serve";
source-path = toString <secrets> + "/nix-serve.key";
};
krebs.nginx = {
enable = true;
servers.nix-serve = {
server-names = [ "cache.wu.gg23" ];
server-names = [
"cache.${config.krebs.build.host.name}.gg23"
];
locations = singleton (nameValuePair "/" ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'');

View File

@ -1,7 +0,0 @@
_:
{
nix = {
binaryCaches = ["http://cache.wu.gg23"];
binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
};
}