Skyler Grey
6cc4c3fc67
All checks were successful
buildbot/nix-eval Build done.
Previously, we set up headscale We need to enable tailscale on baxter, as we intend to use tailscale to connect builders to its buildbot instance As the headscale server doesn't automatically put the server running it into the tailscale network, we also need to set up the tailscale daemon on axol Reviewed-on: #14 Co-authored-by: Skyler Grey <sky@a.starrysky.fyi> Co-committed-by: Skyler Grey <sky@a.starrysky.fyi>
106 lines
2.5 KiB
Nix
106 lines
2.5 KiB
Nix
# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
|
|
#
|
|
# SPDX-License-Identifier: GPL-3.0-only
|
|
|
|
# baxter
|
|
# 209.38.149.197
|
|
{
|
|
pkgs,
|
|
modulesPath,
|
|
config,
|
|
...
|
|
}: {
|
|
imports = [
|
|
(modulesPath + "/virtualisation/digital-ocean-config.nix")
|
|
];
|
|
|
|
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4rfWCoqby2qIcq/KVEWCKZVvIxr6h4GxJcsCQYffj+";
|
|
|
|
boot.loader.grub.enable = true;
|
|
|
|
virtualisation.digitalOcean.rebuildFromUserData = false;
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
neovim
|
|
];
|
|
|
|
auxolotl = {
|
|
nix.enable = true;
|
|
|
|
users.infra.enable = true;
|
|
|
|
security = {
|
|
doas.enable = true;
|
|
|
|
acme = {
|
|
enable = true;
|
|
email = "jake.hamilton@hey.com";
|
|
};
|
|
};
|
|
|
|
services = {
|
|
ssh.enable = true;
|
|
forge.enable = true;
|
|
|
|
ci = {
|
|
master = {
|
|
enable = true;
|
|
|
|
tokenFile = config.age.secrets."services.ci.master.tokenFile".path;
|
|
webhookSecretFile = config.age.secrets."services.ci.master.webhookSecretFile".path;
|
|
oauth = {
|
|
clientId = "76e70591-79a6-4a2f-8319-317f46800519";
|
|
clientSecretFile = config.age.secrets."services.ci.master.oauth.clientSecretFile".path;
|
|
};
|
|
|
|
workersFile = config.age.secrets."services.ci.master.workersFile.json".path;
|
|
};
|
|
worker = {
|
|
enable = true;
|
|
workerPasswordFile = config.age.secrets."services.ci.worker.workerPasswordFile".path;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
clicks.networking.tailscale = {
|
|
enable = true;
|
|
server = "vpn.auxolotl.org";
|
|
authKeyFile = config.age.secrets."clicks.networking.tailscale.authKeyFile".path;
|
|
};
|
|
|
|
age.secrets."clicks.networking.tailscale.authKeyFile" = {
|
|
rekeyFile = ./clicks.networking.tailscale.authKeyFile.age;
|
|
unstableName = true;
|
|
};
|
|
|
|
age.secrets."services.ci.master.tokenFile" = {
|
|
rekeyFile = ./services.ci.master.tokenFile.age;
|
|
group = "buildbot";
|
|
};
|
|
age.secrets."services.ci.master.webhookSecretFile" = {
|
|
generator.script = "alnum";
|
|
group = "buildbot";
|
|
};
|
|
age.secrets."services.ci.master.oauth.clientSecretFile" = {
|
|
rekeyFile = ./services.ci.master.oauth.clientSecretFile.age;
|
|
group = "buildbot";
|
|
};
|
|
age.secrets."services.ci.master.workersFile.json" = {
|
|
rekeyFile = ./services.ci.master.workersFile.json.age;
|
|
group = "buildbot";
|
|
};
|
|
|
|
age.secrets."services.ci.worker.workerPasswordFile" = {
|
|
generator.script = "alnum";
|
|
group = "buildbot";
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|