diff --git a/flake.nix b/flake.nix index b3bc08b6..4de3736d 100644 --- a/flake.nix +++ b/flake.nix @@ -56,6 +56,7 @@ "x86_64-darwin" "aarch64-darwin" ]; + imports = [ ./hosts ./nix diff --git a/hosts/binarycache/configuration.nix b/hosts/binarycache/default.nix similarity index 73% rename from hosts/binarycache/configuration.nix rename to hosts/binarycache/default.nix index 1034fd51..30e91730 100644 --- a/hosts/binarycache/configuration.nix +++ b/hosts/binarycache/default.nix @@ -2,32 +2,37 @@ # # SPDX-License-Identifier: Apache-2.0 { + self, inputs, lib, config, - pkgs, ... }: { sops.defaultSopsFile = ./secrets.yaml; sops.secrets.cache-sig-key.owner = "root"; - imports = [ - inputs.nix-serve-ng.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko + imports = lib.flatten [ + (with inputs; [ + nix-serve-ng.nixosModules.default + sops-nix.nixosModules.sops + disko.nixosModules.disko + ]) + (with self.nixosModules; [ + common + qemu-common + service-openssh + service-binary-cache + service-nginx + user-jrautiola + user-cazfi + user-hydra + ]) ./disk-config.nix - ../common.nix - ../qemu-common.nix - ../../services/binarycache/binary-cache.nix - ../../services/nginx/nginx.nix - ../../users/jrautiola.nix - ../../users/cazfi.nix - ../../users/hydra.nix ]; nix.settings = { # we don't want the cache to be a substitutor for itself - substituters = []; + substituters = lib.mkForce ["https://cache.nixos.org/"]; trusted-users = ["hydra"]; }; diff --git a/hosts/binarycache/secrets.yaml.license b/hosts/binarycache/secrets.yaml.license new file mode 100644 index 00000000..856ce263 --- /dev/null +++ b/hosts/binarycache/secrets.yaml.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) + +SPDX-License-Identifier: Apache-2.0 diff --git a/hosts/default.nix b/hosts/default.nix index cface32d..ca4999f2 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -10,11 +10,13 @@ flake.nixosModules = { # shared modules azure-common = import ./azure-common.nix; + qemu-common = import ./qemu-common.nix; common = import ./common.nix; generic-disk-config = import ./generic-disk-config.nix; # host modules host-build01 = import ./build01; host-ghafhydra = import ./ghafhydra; + host-binarycache = import ./binarycache; }; flake.nixosConfigurations = let @@ -29,5 +31,9 @@ inherit specialArgs; modules = [self.nixosModules.host-ghafhydra]; }; + binarycache = lib.nixosSystem { + inherit specialArgs; + modules = [self.nixosModules.host-binarycache]; + }; }; } diff --git a/users/cazfi.nix b/users/cazfi.nix index a709228b..aca1f079 100644 --- a/users/cazfi.nix +++ b/users/cazfi.nix @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) # # SPDX-License-Identifier: Apache-2.0 -{...}: { +{ users.users = { cazfi = { isNormalUser = true; diff --git a/users/default.nix b/users/default.nix index 54f1c22f..09b4af3c 100644 --- a/users/default.nix +++ b/users/default.nix @@ -7,5 +7,8 @@ user-builder = import ./builder.nix; user-hrosten = import ./hrosten.nix; user-tester = import ./tester.nix; + user-jrautiola = import ./jrautiola.nix; + user-hydra = import ./hydra.nix; + user-cazfi = import ./cazfi.nix; }; } diff --git a/users/hydra.nix b/users/hydra.nix index ba36b9c4..71732a23 100644 --- a/users/hydra.nix +++ b/users/hydra.nix @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) # # SPDX-License-Identifier: Apache-2.0 -{...}: { +{ users.users = { hydra = { isNormalUser = true; diff --git a/users/jrautiola.nix b/users/jrautiola.nix index 1ce7bc48..63e535bb 100644 --- a/users/jrautiola.nix +++ b/users/jrautiola.nix @@ -1,7 +1,7 @@ # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) # # SPDX-License-Identifier: Apache-2.0 -{...}: { +{ users.users = { jrautiola = { isNormalUser = true;