VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Migrate ci to disko+impermanence

Browse source
This commit is contained in:
Vili Sinervä 2025-07-02 01:05:27 +03:00
parent d7e082a6e8
commit b3eee975ec
Signed by: Vili Sinervä
SSH key fingerprint: SHA256:FladqYjaE4scJY3Hi+gnShZ6ygnTJgixy0I6BAoHyos
7 changed files with 31 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -4,7 +4,7 @@ keys:
- &lithium age1yrfr0q72nqa842t0mzckeemfww28qzcd3wqmrd8mvzwvgpzssvlq9ruzlk
- &cert-store age1hy7uunj0lnjv6uyqf7s5t5dnc8e0u48x30jva05sxykqtplqe44sf4acxc
- &cert-store-age age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp
- &ci age18k4drn9kuhu5qk8cqfd390nv9r0pq0qql6s76hkhzefxskwnscxsqm78q4
- &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6
- &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8
- &idacloud age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2
- &nextcloud age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x

11
hosts/ci/configuration.nix
View file

@ -1,16 +1,11 @@
{ ... }:
{
swapDevices = [
{
device = "/var/lib/swapfile";
size = 2 * 1024;
}
];
imports = [
../../shared/base.nix
../../shared/disko/zfs-impermanence.nix
../../shared/hardware/impermanence.nix
../../shared/hardware/vm.nix
../../shared/disko/basic-ext4.nix
../../servers/forgejo-runner.nix
../../servers/hydra.nix

1
hosts/ci/state.nix
View file

@ -1,4 +1,5 @@
{ ... }:
{
networking.hostId = "45e785de";
system.stateVersion = "25.05";
}

22
secrets/ci.yaml
View file

@ -5,20 +5,20 @@ sops:
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Qi82M2JNeEZHSGJHME1w
Q2FFUnB0d1lMajcvdEJZSVNLdEJkalgxVXhrCk4zRnE5Q3dpVVNJNjNEMmlmZUM4
TjdCckxwSzdRMUg1Nk5DaDFJNjQ0OGcKLS0tIEdZZEJlSEJ0cm5Qb0g0UHpza2Za
K08wNDJJSGN2M21Yb2ZERHMvMmJDNjQKEwzdP8D1wTiKX0VHapxE8IODHuyH9laU
NIz32fJWl1A5w0xE3e1YXVJpjcvQ8nHX5CceSuOorq7IPYbDpaJhDQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRDFlQlFLb2JLK3ppcFBT
cWhzdTZnT0xod3ZIQWpzWlc5YVlqODgreVNnCkVDMXl5S3dibnM4MDFac3VkNGRm
U0FHR3lWZ25vUjd3S3JjYlR2WTMrTW8KLS0tIER1T3FrcTkxVnYwWDVvNG5rZFhC
Z3EveFoxQklTaXRJZXU4NGR6WnJjcmcKzxaHzY6qQu2Yrb9vOdICX3EHguBDt6oJ
AXoLgfe+POaA8rfEna0vFrvyxWSlnJ0sJXFn4vHYdP+5RtGIamMQlg==
-----END AGE ENCRYPTED FILE-----
- recipient: age18k4drn9kuhu5qk8cqfd390nv9r0pq0qql6s76hkhzefxskwnscxsqm78q4
- recipient: age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YUNQdkd2bzJmM1l2WEJs
cGd3RTFDbkpLQmxWRFNMRUxLZmdPWmczNzFFCkhJMVY2L3c1VEZpSEFMeHhZZXNQ
V0txcUZZK2NaRHJIcVBqWHB1R3NDN1kKLS0tIDF5amxqa3JQSS93YzErK0ttdEpu
ZDdzTEFPUXJlYnJpUndSWEkwNWNMRkkKFl3ebl0NB3c7rmLwuCSUeRKftlljj36u
WTTHu6QlXkr48ASt9/kvN+09deXu+cX7aXBHsDo7O6cmt9OJFBlwGw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPLzdwQWlBSWZTYm9qMEt6
OEViOHNhTzFqYjZ5VmZWeTVlMDk1S1RGa21RClRLYVk2UWJDS1hRQVNMR0F1YlE5
b1h6Q29lRi8xNHdVWHExK0hqV3BJTGcKLS0tIFBiTmNpcGNWTUk0dWJDNDZtWElE
N3R2a3lGRHNBaHYwLzhSd2tsTVlneDQKYI/SN4Ix0V9cLkuP2JP/XVvAYT5MuRQW
FmC2fhaiflO5fz8vjZUjKy8XtwZT3DOb9f1a1awBsKHvPkJsFqe8cg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-21T13:12:37Z"
mac: ENC[AES256_GCM,data:ndDoQvRTVZL+xtjkoXathY0Q90kxeN0b9BIDKXVaFkoqdb+jKG3Rv8CcfWXJLBn7P7aUxsLSkyDhxdme9wBqSSWv6BRHu3v1x0ryn0NEhVp+/UYq+05iL+QTmGjJXcFlx1BJP/wSHO4uGSbOg9y6dfzToDqhZsRqRt7Du3fvdxk=,iv:rnf0Dcyo5Pq/42rD3U6vD2Ke2XddrKyG1ah0su8QFFM=,tag:IrsW3rFfMxK1ae5a2yyugg==,type:str]

15
servers/hydra.nix
View file

@ -9,6 +9,21 @@ in
./utils/acme-http-client.nix
];
environment.persistence."/persist".directories = [
{
directory = "/var/lib/hydra";
user = "hydra";
group = "hydra";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/var/lib/postgresql";
user = "postgresql";
group = "postgresql";
mode = "u=rwx,g=rx,o=";
}
];
sops.secrets.priv-cache-key.sopsFile = ../secrets/ci.yaml;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

35
shared/disko/basic-ext4.nix
View file

@ -1,35 +0,0 @@
{
disko.devices = {
disk = {
main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
name = "boot";
type = "EF00";
size = "512M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "nixos";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

38
shared/disko/hetzner-ext4.nix
View file

@ -1,38 +0,0 @@
{
disko.devices = {
disk = {
main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
priority = 1;
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}