Skyler Grey
c6f574ff09
All checks were successful
buildbot/nix-eval Build done.
Previously, we set up headscale We need to enable tailscale on baxter, as we intend to use tailscale to connect builders to its buildbot instance As the headscale server doesn't automatically put the server running it into the tailscale network, we also need to set up the tailscale daemon on axol
106 lines
2.5 KiB
Nix
106 lines
2.5 KiB
Nix
# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
|
|
#
|
|
# SPDX-License-Identifier: GPL-3.0-only
|
|
|
|
# baxter
|
|
# 209.38.149.197
|
|
{
|
|
pkgs,
|
|
modulesPath,
|
|
config,
|
|
...
|
|
}: {
|
|
imports = [
|
|
(modulesPath + "/virtualisation/digital-ocean-config.nix")
|
|
];
|
|
|
|
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4rfWCoqby2qIcq/KVEWCKZVvIxr6h4GxJcsCQYffj+";
|
|
|
|
boot.loader.grub.enable = true;
|
|
|
|
virtualisation.digitalOcean.rebuildFromUserData = false;
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
neovim
|
|
];
|
|
|
|
auxolotl = {
|
|
nix.enable = true;
|
|
|
|
users.infra.enable = true;
|
|
|
|
security = {
|
|
doas.enable = true;
|
|
|
|
acme = {
|
|
enable = true;
|
|
email = "jake.hamilton@hey.com";
|
|
};
|
|
};
|
|
|
|
services = {
|
|
ssh.enable = true;
|
|
forge.enable = true;
|
|
|
|
ci = {
|
|
master = {
|
|
enable = true;
|
|
|
|
tokenFile = config.age.secrets."services.ci.master.tokenFile".path;
|
|
webhookSecretFile = config.age.secrets."services.ci.master.webhookSecretFile".path;
|
|
oauth = {
|
|
clientId = "76e70591-79a6-4a2f-8319-317f46800519";
|
|
clientSecretFile = config.age.secrets."services.ci.master.oauth.clientSecretFile".path;
|
|
};
|
|
|
|
workersFile = config.age.secrets."services.ci.master.workersFile.json".path;
|
|
};
|
|
worker = {
|
|
enable = true;
|
|
workerPasswordFile = config.age.secrets."services.ci.worker.workerPasswordFile".path;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
clicks.networking.tailscale = {
|
|
enable = true;
|
|
server = "vpn.auxolotl.org";
|
|
authKeyFile = config.age.secrets."clicks.networking.tailscale.authKeyFile".path;
|
|
};
|
|
|
|
age.secrets."clicks.networking.tailscale.authKeyFile" = {
|
|
rekeyFile = ./clicks.networking.tailscale.authKeyFile.age;
|
|
unstableName = true;
|
|
};
|
|
|
|
age.secrets."services.ci.master.tokenFile" = {
|
|
rekeyFile = ./services.ci.master.tokenFile.age;
|
|
group = "buildbot";
|
|
};
|
|
age.secrets."services.ci.master.webhookSecretFile" = {
|
|
generator.script = "alnum";
|
|
group = "buildbot";
|
|
};
|
|
age.secrets."services.ci.master.oauth.clientSecretFile" = {
|
|
rekeyFile = ./services.ci.master.oauth.clientSecretFile.age;
|
|
group = "buildbot";
|
|
};
|
|
age.secrets."services.ci.master.workersFile.json" = {
|
|
rekeyFile = ./services.ci.master.workersFile.json.age;
|
|
group = "buildbot";
|
|
};
|
|
|
|
age.secrets."services.ci.worker.workerPasswordFile" = {
|
|
generator.script = "alnum";
|
|
group = "buildbot";
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|