forked from tiiuae/ghaf-infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfiguration.nix
68 lines (64 loc) · 1.69 KB
/
configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII)
#
# SPDX-License-Identifier: Apache-2.0
{
self,
inputs,
lib,
config,
...
}: {
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.hydra-admin-password.owner = "hydra";
sops.secrets.id_buildfarm = {};
sops.secrets.id_buildfarm.owner = "hydra-queue-runner";
sops.secrets.cache-sig-key.owner = "root";
imports = lib.flatten [
(with inputs; [
nix-serve-ng.nixosModules.default
sops-nix.nixosModules.sops
disko.nixosModules.disko
])
(with self.nixosModules; [
common
azure-common
generic-disk-config
service-hydra
service-openssh
service-binary-cache
service-nginx
user-bmg
user-hrosten
])
];
networking.hostName = "ghafhydra";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.loader.grub = {
devices = ["/dev/sda"];
efiSupport = true;
efiInstallAsRemovable = true;
};
# TODO: have a separate configuration for ghafhydra-dev?
# Ref: https://nixos.org/manual/nixos/stable/#module-security-acme
security.acme.defaults.email = "[email protected]";
security.acme.acceptTerms = true;
services.nginx = {
virtualHosts = {
"ghafhydra.northeurope.cloudapp.azure.com" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
};
};
};
# TODO: demo with static IP:
networking.useDHCP = false;
networking.nameservers = ["1.1.1.1" "8.8.8.8"];
networking.defaultGateway = "10.0.2.1";
networking.interfaces.eth0.ipv4.addresses = [
{
address = "10.0.2.4";
prefixLength = 24;
}
];
}