hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions
burrow/nixos/hosts/burrow-forge/default.nix
Conrad Kramer ed247b2f5e
Some checks failed
Build Rust / Cargo Test (push) Waiting to run
Details
Build Site / Next.js Build (push) Waiting to run
Details
Build Apple / Build App (iOS Simulator) (push) Failing after 14s
Details
Build Apple / Build App (macOS) (push) Failing after 13s
Details
Wire runner caches and forge secrets through agenix
2026-03-19 00:04:27 -07:00

81 lines
1.9 KiB
Nix
Raw Blame History

{ config, self, ... }:
{
imports = [
./hardware-configuration.nix
./disko-config.nix
self.nixosModules.burrow-forge
self.nixosModules.burrow-forge-runner
self.nixosModules.burrow-forgejo-nsc
];
system.stateVersion = "24.11";
time.timeZone = "America/Los_Angeles";
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
services.burrow.forge = {
enable = true;
adminPasswordFile = config.age.secrets.forgejoAdminPassword.path;
authorizedKeys = [
(builtins.readFile ../../keys/contact_at_burrow_net.pub)
(builtins.readFile ../../keys/agent_at_burrow_net.pub)
];
};
services.burrow.forgeRunner = {
enable = true;
sshPrivateKeyFile = config.age.secrets.forgejoAgentSshKey.path;
};
age.secrets.forgejoAdminPassword = {
file = ../../../secrets/forgejo/admin-password.age;
mode = "0400";
owner = "forgejo";
group = "forgejo";
};
age.secrets.forgejoAgentSshKey = {
file = ../../../secrets/forgejo/agent-ssh-key.age;
mode = "0400";
owner = "root";
group = "root";
};
age.secrets.forgejoNscToken = {
file = ../../../secrets/forgejo/nsc-token.age;
mode = "0400";
owner = "forgejo-nsc";
group = "forgejo-nsc";
};
age.secrets.forgejoNscDispatcherConfig = {
file = ../../../secrets/forgejo/nsc-dispatcher-config.age;
mode = "0400";
owner = "forgejo-nsc";
group = "forgejo-nsc";
};
age.secrets.forgejoNscAutoscalerConfig = {
file = ../../../secrets/forgejo/nsc-autoscaler-config.age;
mode = "0400";
owner = "forgejo-nsc";
group = "forgejo-nsc";
};
services.burrow.forgejoNsc = {
enable = true;
nscTokenFile = config.age.secrets.forgejoNscToken.path;
dispatcher = {
configFile = config.age.secrets.forgejoNscDispatcherConfig.path;
};
autoscaler = {
enable = true;
configFile = config.age.secrets.forgejoNscAutoscalerConfig.path;
};
};
}
View git blame Copy permalink