Added domain option. Maybe fixed binary cache signing.
This commit is contained in:
parent
63e40a5a29
commit
66ca5839e5
17 changed files with 238 additions and 139 deletions
23
services/containers.nix
Normal file
23
services/containers.nix
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
mkIf (elem "containers" config.machine.services) {
|
||||
containers.CDServer = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.10";
|
||||
localAddress = "192.168.100.11";
|
||||
config =
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../machines/CDServer/options.nix
|
||||
./default.nix
|
||||
../config/default.nix
|
||||
../pkgs/nixpkgs.nix
|
||||
../pkgs/pkgsets.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -7,8 +7,8 @@ mkIf (elem "gitea" config.machine.services) {
|
|||
enable = true;
|
||||
user = "git";
|
||||
cookieSecure = true;
|
||||
domain = "git.ophanim.de";
|
||||
rootUrl = "http://git.ophanim.de/";
|
||||
domain = "git.${config.machine.domain}";
|
||||
rootUrl = "http://git.${config.machine.domain}/";
|
||||
database = {
|
||||
type = "mysql";
|
||||
user = "git";
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
# sudo -u hydra -s
|
||||
# hydra-create-user $USERNAME --password $PASSWORD --role admin
|
||||
|
||||
# also for reference some other hydra configs:
|
||||
# https://qfpl.io/posts/nix/starting-simple-hydra/
|
||||
# also for reference a well written hydra config:
|
||||
# https://github.com/NixOS/nixos-org-configurations/blob/master/delft/hydra.nix
|
||||
# https://gist.github.com/LnL7/fcd5c0bf772f2165a1ac40be6617d2f4
|
||||
|
||||
with lib;
|
||||
|
||||
|
|
@ -23,19 +23,23 @@ mkIf (elem "hydra" config.machine.services) {
|
|||
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "https://builder.ophanim.de"; # externally visible URL
|
||||
hydraURL = "https://builder.${config.machine.domain}"; # externally visible URL
|
||||
listenHost = "localhost";
|
||||
port = 3001;
|
||||
minimumDiskFree = 15;
|
||||
minimumDiskFreeEvaluator = 15;
|
||||
notificationSender = "hydra@mail.ophanim.de"; # e-mail of hydra service
|
||||
notificationSender = "hydra@mail.${config.machine.domain}"; # e-mail of hydra service
|
||||
useSubstitutes = true;
|
||||
debugServer = false;
|
||||
# Hints from hydra-queue-runner:
|
||||
# binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
|
||||
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
||||
extraConfig = ''
|
||||
max_output_size = 4294967296
|
||||
store_uri = file:///var/cache/hydra?secret-key=/secret/hydra_cache
|
||||
server_store_uri = https://cache.ophanim.de
|
||||
binary_cache_public_uri https://cache.ophanim.de
|
||||
store_uri = file:///var/cache/hydra?secret-key=/secret/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
|
||||
# add ?local-nar-cache= to set nar cache location
|
||||
server_store_uri = https://cache.${config.machine.domain}
|
||||
binary_cache_public_uri https://cache.${config.machine.domain}
|
||||
upload_logs_to_binary_cache = true
|
||||
'';
|
||||
};
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ mkIf (elem "nextcloud" config.machine.services) {
|
|||
services.nextcloud = {
|
||||
enable = true;
|
||||
home = "/var/lib/nextcloud";
|
||||
hostName = "storage.ophanim.de";
|
||||
hostName = "storage.${config.machine.domain}";
|
||||
https = true;
|
||||
maxUploadSize = "1024M";
|
||||
config = {
|
||||
|
|
|
|||
|
|
@ -23,12 +23,12 @@ mkIf (elem "nginx" config.machine.services) {
|
|||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
'';
|
||||
virtualHosts = {
|
||||
"ophanim.de" = {
|
||||
"${config.machine.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/var/www";
|
||||
};
|
||||
"builder.ophanim.de" = mkIf config.services.hydra.enable {
|
||||
"builder.${config.machine.domain}" = mkIf config.services.hydra.enable {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
|
|
@ -41,7 +41,7 @@ mkIf (elem "nginx" config.machine.services) {
|
|||
}
|
||||
'';
|
||||
};
|
||||
"cache.ophanim.de" = mkIf config.services.hydra.enable {
|
||||
"cache.${config.machine.domain}" = mkIf config.services.hydra.enable {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/var/cache/hydra";
|
||||
|
|
@ -49,13 +49,13 @@ mkIf (elem "nginx" config.machine.services) {
|
|||
autoindex on;
|
||||
'';
|
||||
};
|
||||
"mail.ophanim.de" = {
|
||||
"mail.${config.machine.domain}" = mkIf config.mailserver.enable {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/var/www";
|
||||
};
|
||||
|
||||
"${config.services.nextcloud.hostName}" = mkIf config.services.nextcloud.enable {
|
||||
"storage.${config.machine.domain}" = mkIf config.services.nextcloud.enable {
|
||||
root = pkgs.nextcloud;
|
||||
enableACME = config.services.nextcloud.https;
|
||||
forceSSL = config.services.nextcloud.https;
|
||||
|
|
@ -152,7 +152,7 @@ mkIf (elem "nginx" config.machine.services) {
|
|||
'';
|
||||
};
|
||||
|
||||
"${config.services.gitea.domain}" = mkIf config.services.gitea.enable {
|
||||
"git.${config.machine.domain}" = mkIf config.services.gitea.enable {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "${config.services.gitea.stateDir}/public";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue