# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors # # SPDX-License-Identifier: GPL-3.0-only # baxter # 209.38.149.197 { pkgs, modulesPath, config, ... }: { imports = [ (modulesPath + "/virtualisation/digital-ocean-config.nix") ]; age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4rfWCoqby2qIcq/KVEWCKZVvIxr6h4GxJcsCQYffj+"; boot.loader.grub.enable = true; virtualisation.digitalOcean.rebuildFromUserData = false; networking.firewall.allowedTCPPorts = [ 80 443 ]; environment.systemPackages = with pkgs; [ neovim ]; auxolotl = { nix.enable = true; users.infra.enable = true; security = { doas.enable = true; acme = { enable = true; email = "jake.hamilton@hey.com"; }; }; services = { ssh.enable = true; forge.enable = true; ci = { master = { enable = true; tokenFile = config.age.secrets."services.ci.master.tokenFile".path; webhookSecretFile = config.age.secrets."services.ci.master.webhookSecretFile".path; oauth = { clientId = "76e70591-79a6-4a2f-8319-317f46800519"; clientSecretFile = config.age.secrets."services.ci.master.oauth.clientSecretFile".path; }; workersFile = config.age.secrets."services.ci.master.workersFile.json".path; }; worker = { enable = true; workerPasswordFile = config.age.secrets."services.ci.worker.workerPasswordFile".path; }; }; }; }; age.secrets."services.ci.master.tokenFile" = { rekeyFile = ./services.ci.master.tokenFile.age; group = "buildbot"; }; age.secrets."services.ci.master.webhookSecretFile" = { generator.script = "alnum"; group = "buildbot"; }; age.secrets."services.ci.master.oauth.clientSecretFile" = { rekeyFile = ./services.ci.master.oauth.clientSecretFile.age; group = "buildbot"; }; age.secrets."services.ci.master.workersFile.json" = { rekeyFile = ./services.ci.master.workersFile.json.age; group = "buildbot"; }; age.secrets."services.ci.worker.workerPasswordFile" = { generator.script = "alnum"; group = "buildbot"; }; system.stateVersion = "23.11"; }