Commit 7962ad63 authored by Valentin Reis's avatar Valentin Reis

CI deployment fix.

parent 8923245d
No preview for this file type
......@@ -46,15 +46,17 @@ in
nrBuildUsers = 30;
distributedBuilds = true;
buildMachines = [
{ hostName = "129.114.111.114";
{
hostName = "129.114.111.114";
maxJobs = 10;
speedFactor = 1;
sshKey = "/run/secrets/id_buildfarm";
sshKey = "/run/id_buildfarm";
sshUser = "root";
systems = ["builtin" "x86_64-linux" "i686-linux"];
supportedFeatures = [ "nixos-test" "benchmark" ];
}
{ hostName = "argo-phi2";
{
hostName = "argo-phi2";
maxJobs = 40;
speedFactor = 1;
sshUser = "freux";
......@@ -65,24 +67,16 @@ in
extraOptions = "auto-optimise-store = true";
};
system.activationScripts = {
chownsec = {
text = ''
mkdir -p /run/secrets/
chown -R ${builtins.toString config.users.users.hydra-queue-runner.uid}:${builtins.toString config.users.groups.hydra.gid} /run/secrets
chmod 0600 /run/secrets/*
'';
deps = [];
};
};
services.hydra = {
useSubstitutes = true;
enable = true;
hydraURL = "http://129.114.111.116";
notificationSender = "hydra@example.org";
port = 8080;
extraConfig = "secret-key=/etc/nix/hydra.example.org-1/secret";
extraConfig = ''
max_output_size = 4294967296
secret-key=/etc/nix/hydra.example.org-1/secret
'';
buildMachinesFiles = [ "/etc/nix/machines" ];
};
......
#!/usr/bin/env bash
echo "extracting/sending hydra-master secret key from password store"
pass keys/rsa/PRIVATE/hydra-master@chameleon | ssh root@129.114.111.116 'cat > /run/secrets/id_buildfarm'
pass keys/rsa/PRIVATE/hydra-master@chameleon | ssh root@129.114.111.116 'cat > /run/id_buildfarm'
echo "chown-ing the key on the machine"
ssh root@129.114.111.116 'chown hydra-queue-runner:hydra /run/secrets/id_buildfarm'
ssh root@129.114.111.116 'chown hydra-queue-runner:hydra /run/id_buildfarm'
ssh root@129.114.111.116 'chmod 600 /run/id_buildfarm'
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment