fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add colmena apply stage

Browse source
This commit is contained in:
fi 2023-07-13 20:56:30 +02:00
commit 5431b79cd3
Signed by: fi
SSH key fingerprint: SHA256:d+6fQoDPMbSFK95zRVflRKZLRKF4cPSQb7VIxYkhFsA
5 changed files with 29 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.gitlab-ci.yml
View file

@ -22,9 +22,19 @@ apply:
stage: apply stage: apply
script: script:
- nix-env --install colmena - nix-env --install colmena
- eval $(ssh-agent -s)
- chmod 600 "$SSH_PRIVATE_KEY"
- ssh-add "$SSH_PRIVATE_KEY"
- git clone https://oauth2:${ACCESS_TOKEN_KNOWN_HOSTS}@git.grzb.de/yuri/known_hosts.git /root/.ssh
- colmena apply --no-keys - colmena apply --no-keys
commit_flake: commit_flake:
stage: commit_flake stage: commit_flake
variables:
GIT_AUTHOR_EMAIL: $GIT_AUTHOR_EMAIL
GIT_AUTHOR_NAME: $GIT_AUTHOR_NAME
GIT_COMMITTER_EMAIL: $GIT_COMMITTER_EMAIL
GIT_COMMITTER_NAME: $GIT_COMMITTER_NAME
ACCESS_TOKEN: $ACCESS_TOKEN
script: script:
- echo "commit_flake" - nix-env --install git

3
configuration/common/default.nix
View file

@ -1,6 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
../../users/colmena-deploy
../../users/yuri ../../users/yuri
]; ];
@ -14,7 +15,7 @@
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
nix.settings = { nix.settings = {
trusted-users = [ "@wheel" ]; trusted-users = [ "colmena-deploy" ];
auto-optimise-store = true; auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
}; };

6
flake.lock generated
View file

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1689048911, "lastModified": 1689209875,
"narHash": "sha256-pODI2CkjWbSLo5nPMZoLtkRNJU/Nr3VSITXZqqmNtIk=", "narHash": "sha256-8AVcBV1DiszaZzHFd5iLc8HSLfxRAuqcU0QdfBEF3Ag=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8163a64662b43848802092d52015ef60777d6129", "rev": "fcc147b1e9358a8386b2c4368bd928e1f63a7df2",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View file

@ -14,7 +14,7 @@
nitter = { name, nodes, pkgs, ... }: { nitter = { name, nodes, pkgs, ... }: {
deployment = { deployment = {
targetHost = "nixos-nitter.vs.grzb.de"; targetHost = "nixos-nitter.vs.grzb.de";
targetUser = "yuri"; targetUser = "colmena-deploy";
}; };
imports = [ imports = [
./configuration/common ./configuration/common
@ -26,7 +26,7 @@
coturn = { name, nodes, pkgs, ... }: { coturn = { name, nodes, pkgs, ... }: {
deployment = { deployment = {
targetHost = "nixos-coturn.vs.grzb.de"; targetHost = "nixos-coturn.vs.grzb.de";
targetUser = "yuri"; targetUser = "colmena-deploy";
}; };
imports = [ imports = [
./configuration/common ./configuration/common

11
users/colmena-deploy/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
users.users.colmena-deploy = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPJbR09ZqPnfZkx9JNjCurJDXWa5XtNeNQfkPRU/ZnY colmena-deploy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
];
};
}