diff --git a/.sops.yaml b/.sops.yaml index 0cb3ce5..a0a69a5 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,7 +4,7 @@ keys: - &lithium age1yrfr0q72nqa842t0mzckeemfww28qzcd3wqmrd8mvzwvgpzssvlq9ruzlk - &cert-store age1hy7uunj0lnjv6uyqf7s5t5dnc8e0u48x30jva05sxykqtplqe44sf4acxc - &cert-store-age age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp - - &ci age18k4drn9kuhu5qk8cqfd390nv9r0pq0qql6s76hkhzefxskwnscxsqm78q4 + - &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6 - &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8 - &idacloud age1actwp5rqczazhgl94npwc0phxuxzjgrk9v82e32sahanw8cyuc7stxkls2 - &nextcloud age1rf6h87qp9ckpmf7yrvkmq3faqn5fnqx4lyg83zf5v09wnew7muzsmmnx9x diff --git a/hosts/ci/configuration.nix b/hosts/ci/configuration.nix index 6b29cf0..39ac56d 100644 --- a/hosts/ci/configuration.nix +++ b/hosts/ci/configuration.nix @@ -1,16 +1,11 @@ { ... }: { - swapDevices = [ - { - device = "/var/lib/swapfile"; - size = 2 * 1024; - } - ]; - imports = [ ../../shared/base.nix + + ../../shared/disko/zfs-impermanence.nix + ../../shared/hardware/impermanence.nix ../../shared/hardware/vm.nix - ../../shared/disko/basic-ext4.nix ../../servers/forgejo-runner.nix ../../servers/hydra.nix diff --git a/hosts/ci/state.nix b/hosts/ci/state.nix index 90e6bcd..e856557 100644 --- a/hosts/ci/state.nix +++ b/hosts/ci/state.nix @@ -1,4 +1,5 @@ { ... }: { + networking.hostId = "45e785de"; system.stateVersion = "25.05"; } diff --git a/secrets/ci.yaml b/secrets/ci.yaml index 1e39dca..a47a1aa 100644 --- a/secrets/ci.yaml +++ b/secrets/ci.yaml @@ -5,20 +5,20 @@ sops: - recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Qi82M2JNeEZHSGJHME1w - Q2FFUnB0d1lMajcvdEJZSVNLdEJkalgxVXhrCk4zRnE5Q3dpVVNJNjNEMmlmZUM4 - TjdCckxwSzdRMUg1Nk5DaDFJNjQ0OGcKLS0tIEdZZEJlSEJ0cm5Qb0g0UHpza2Za - K08wNDJJSGN2M21Yb2ZERHMvMmJDNjQKEwzdP8D1wTiKX0VHapxE8IODHuyH9laU - NIz32fJWl1A5w0xE3e1YXVJpjcvQ8nHX5CceSuOorq7IPYbDpaJhDQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRDFlQlFLb2JLK3ppcFBT + cWhzdTZnT0xod3ZIQWpzWlc5YVlqODgreVNnCkVDMXl5S3dibnM4MDFac3VkNGRm + U0FHR3lWZ25vUjd3S3JjYlR2WTMrTW8KLS0tIER1T3FrcTkxVnYwWDVvNG5rZFhC + Z3EveFoxQklTaXRJZXU4NGR6WnJjcmcKzxaHzY6qQu2Yrb9vOdICX3EHguBDt6oJ + AXoLgfe+POaA8rfEna0vFrvyxWSlnJ0sJXFn4vHYdP+5RtGIamMQlg== -----END AGE ENCRYPTED FILE----- - - recipient: age18k4drn9kuhu5qk8cqfd390nv9r0pq0qql6s76hkhzefxskwnscxsqm78q4 + - recipient: age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YUNQdkd2bzJmM1l2WEJs - cGd3RTFDbkpLQmxWRFNMRUxLZmdPWmczNzFFCkhJMVY2L3c1VEZpSEFMeHhZZXNQ - V0txcUZZK2NaRHJIcVBqWHB1R3NDN1kKLS0tIDF5amxqa3JQSS93YzErK0ttdEpu - ZDdzTEFPUXJlYnJpUndSWEkwNWNMRkkKFl3ebl0NB3c7rmLwuCSUeRKftlljj36u - WTTHu6QlXkr48ASt9/kvN+09deXu+cX7aXBHsDo7O6cmt9OJFBlwGw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPLzdwQWlBSWZTYm9qMEt6 + OEViOHNhTzFqYjZ5VmZWeTVlMDk1S1RGa21RClRLYVk2UWJDS1hRQVNMR0F1YlE5 + b1h6Q29lRi8xNHdVWHExK0hqV3BJTGcKLS0tIFBiTmNpcGNWTUk0dWJDNDZtWElE + N3R2a3lGRHNBaHYwLzhSd2tsTVlneDQKYI/SN4Ix0V9cLkuP2JP/XVvAYT5MuRQW + FmC2fhaiflO5fz8vjZUjKy8XtwZT3DOb9f1a1awBsKHvPkJsFqe8cg== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-06-21T13:12:37Z" mac: ENC[AES256_GCM,data:ndDoQvRTVZL+xtjkoXathY0Q90kxeN0b9BIDKXVaFkoqdb+jKG3Rv8CcfWXJLBn7P7aUxsLSkyDhxdme9wBqSSWv6BRHu3v1x0ryn0NEhVp+/UYq+05iL+QTmGjJXcFlx1BJP/wSHO4uGSbOg9y6dfzToDqhZsRqRt7Du3fvdxk=,iv:rnf0Dcyo5Pq/42rD3U6vD2Ke2XddrKyG1ah0su8QFFM=,tag:IrsW3rFfMxK1ae5a2yyugg==,type:str] diff --git a/servers/hydra.nix b/servers/hydra.nix index fe9ca5c..e70f48b 100644 --- a/servers/hydra.nix +++ b/servers/hydra.nix @@ -9,6 +9,21 @@ in ./utils/acme-http-client.nix ]; + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/hydra"; + user = "hydra"; + group = "hydra"; + mode = "u=rwx,g=rx,o="; + } + { + directory = "/var/lib/postgresql"; + user = "postgresql"; + group = "postgresql"; + mode = "u=rwx,g=rx,o="; + } + ]; + sops.secrets.priv-cache-key.sopsFile = ../secrets/ci.yaml; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; diff --git a/shared/disko/basic-ext4.nix b/shared/disko/basic-ext4.nix deleted file mode 100644 index 23efe51..0000000 --- a/shared/disko/basic-ext4.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - name = "boot"; - type = "EF00"; - size = "512M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - name = "nixos"; - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/shared/disko/hetzner-ext4.nix b/shared/disko/hetzner-ext4.nix deleted file mode 100644 index 044e9c8..0000000 --- a/shared/disko/hetzner-ext4.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - priority = 1; - }; - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -}