maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(ops): Move Nix cache secret to agenix

Browse source 
... and also the public key, just to keep the distribution mechanism
the same.

Change-Id: Ief14daf9344c0fb99eeb5789c1ec9bfb1f12bee0
This commit is contained in:
Vincent Ambo 2021-12-10 21:23:05 +03:00 committed by tazjin
parent 82a885a750
commit 2fe8d724d7
5 changed files with 35 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
ops/machines/whitby/default.nix
View file

@ -173,7 +173,7 @@ in {
nrBuildUsers = 256;
maxJobs = lib.mkDefault 64;
extraOptions = ''
secret-key-files = /etc/secrets/nix-cache-privkey
secret-key-files = /run/agenix/nix-cache-priv
'';
trustedUsers = [
@ -212,6 +212,7 @@ in {
grafana.file = secretFile "grafana";
irccat.file = secretFile "irccat";
owothia.file = secretFile "owothia";
nix-cache-priv.file = secretFile "nix-cache-priv";
buildkite-agent-token = {
file = secretFile "buildkite-agent-token";
@ -240,6 +241,12 @@ in {
file = secretFile "clbot-ssh";
owner = "clbot";
};
# Not actually a secret
nix-cache-pub = {
file = secretFile "nix-cache-pub";
mode = "0444";
};
};
# Automatically collect garbage from the Nix store.
@ -419,7 +426,7 @@ in {
services.nix-serve = {
enable = true;
port = 6443;
secretKeyFile = "/etc/secrets/nix-cache-key.sec";
secretKeyFile = "/run/agenix/nix-cache-priv";
bindAddress = "localhost";
};