Migrate ci to disko+impermanence
This commit is contained in:
parent
d7e082a6e8
commit
b3eee975ec
7 changed files with 31 additions and 93 deletions
|
@ -4,7 +4,7 @@ keys:
|
|||
- &lithium age1yrfr0q72nqa842t0mzckeemfww28qzcd3wqmrd8mvzwvgpzssvlq9ruzlk
|
||||
- &cert-store age1hy7uunj0lnjv6uyqf7s5t5dnc8e0u48x30jva05sxykqtplqe44sf4acxc
|
||||
- &cert-store-age age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp
|
||||
- &ci age18k4drn9kuhu5qk8cqfd390nv9r0pq0qql6s76hkhzefxskwnscxsqm78q4
|
||||
- &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6
|
||||
- &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8
|
||||
- &idacloud age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2
|
||||
- &nextcloud age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x
|
||||
|
|
|
@ -1,16 +1,11 @@
|
|||
{ ... }:
|
||||
{
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/var/lib/swapfile";
|
||||
size = 2 * 1024;
|
||||
}
|
||||
];
|
||||
|
||||
imports = [
|
||||
../../shared/base.nix
|
||||
|
||||
../../shared/disko/zfs-impermanence.nix
|
||||
../../shared/hardware/impermanence.nix
|
||||
../../shared/hardware/vm.nix
|
||||
../../shared/disko/basic-ext4.nix
|
||||
|
||||
../../servers/forgejo-runner.nix
|
||||
../../servers/hydra.nix
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ ... }:
|
||||
{
|
||||
networking.hostId = "45e785de";
|
||||
system.stateVersion = "25.05";
|
||||
}
|
||||
|
|
|
@ -5,20 +5,20 @@ sops:
|
|||
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Qi82M2JNeEZHSGJHME1w
|
||||
Q2FFUnB0d1lMajcvdEJZSVNLdEJkalgxVXhrCk4zRnE5Q3dpVVNJNjNEMmlmZUM4
|
||||
TjdCckxwSzdRMUg1Nk5DaDFJNjQ0OGcKLS0tIEdZZEJlSEJ0cm5Qb0g0UHpza2Za
|
||||
K08wNDJJSGN2M21Yb2ZERHMvMmJDNjQKEwzdP8D1wTiKX0VHapxE8IODHuyH9laU
|
||||
NIz32fJWl1A5w0xE3e1YXVJpjcvQ8nHX5CceSuOorq7IPYbDpaJhDQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRDFlQlFLb2JLK3ppcFBT
|
||||
cWhzdTZnT0xod3ZIQWpzWlc5YVlqODgreVNnCkVDMXl5S3dibnM4MDFac3VkNGRm
|
||||
U0FHR3lWZ25vUjd3S3JjYlR2WTMrTW8KLS0tIER1T3FrcTkxVnYwWDVvNG5rZFhC
|
||||
Z3EveFoxQklTaXRJZXU4NGR6WnJjcmcKzxaHzY6qQu2Yrb9vOdICX3EHguBDt6oJ
|
||||
AXoLgfe+POaA8rfEna0vFrvyxWSlnJ0sJXFn4vHYdP+5RtGIamMQlg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18k4drn9kuhu5qk8cqfd390nv9r0pq0qql6s76hkhzefxskwnscxsqm78q4
|
||||
- recipient: age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YUNQdkd2bzJmM1l2WEJs
|
||||
cGd3RTFDbkpLQmxWRFNMRUxLZmdPWmczNzFFCkhJMVY2L3c1VEZpSEFMeHhZZXNQ
|
||||
V0txcUZZK2NaRHJIcVBqWHB1R3NDN1kKLS0tIDF5amxqa3JQSS93YzErK0ttdEpu
|
||||
ZDdzTEFPUXJlYnJpUndSWEkwNWNMRkkKFl3ebl0NB3c7rmLwuCSUeRKftlljj36u
|
||||
WTTHu6QlXkr48ASt9/kvN+09deXu+cX7aXBHsDo7O6cmt9OJFBlwGw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPLzdwQWlBSWZTYm9qMEt6
|
||||
OEViOHNhTzFqYjZ5VmZWeTVlMDk1S1RGa21RClRLYVk2UWJDS1hRQVNMR0F1YlE5
|
||||
b1h6Q29lRi8xNHdVWHExK0hqV3BJTGcKLS0tIFBiTmNpcGNWTUk0dWJDNDZtWElE
|
||||
N3R2a3lGRHNBaHYwLzhSd2tsTVlneDQKYI/SN4Ix0V9cLkuP2JP/XVvAYT5MuRQW
|
||||
FmC2fhaiflO5fz8vjZUjKy8XtwZT3DOb9f1a1awBsKHvPkJsFqe8cg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-21T13:12:37Z"
|
||||
mac: ENC[AES256_GCM,data:ndDoQvRTVZL+xtjkoXathY0Q90kxeN0b9BIDKXVaFkoqdb+jKG3Rv8CcfWXJLBn7P7aUxsLSkyDhxdme9wBqSSWv6BRHu3v1x0ryn0NEhVp+/UYq+05iL+QTmGjJXcFlx1BJP/wSHO4uGSbOg9y6dfzToDqhZsRqRt7Du3fvdxk=,iv:rnf0Dcyo5Pq/42rD3U6vD2Ke2XddrKyG1ah0su8QFFM=,tag:IrsW3rFfMxK1ae5a2yyugg==,type:str]
|
||||
|
|
|
@ -9,6 +9,21 @@ in
|
|||
./utils/acme-http-client.nix
|
||||
];
|
||||
|
||||
environment.persistence."/persist".directories = [
|
||||
{
|
||||
directory = "/var/lib/hydra";
|
||||
user = "hydra";
|
||||
group = "hydra";
|
||||
mode = "u=rwx,g=rx,o=";
|
||||
}
|
||||
{
|
||||
directory = "/var/lib/postgresql";
|
||||
user = "postgresql";
|
||||
group = "postgresql";
|
||||
mode = "u=rwx,g=rx,o=";
|
||||
}
|
||||
];
|
||||
|
||||
sops.secrets.priv-cache-key.sopsFile = ../secrets/ci.yaml;
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
device = "/dev/sda";
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
name = "boot";
|
||||
type = "EF00";
|
||||
size = "512M";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "nixos";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
device = "/dev/sda";
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "1M";
|
||||
type = "EF02";
|
||||
priority = 1;
|
||||
};
|
||||
ESP = {
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue