Skip to content

Commit

Permalink
feat: enable buildkite on icarus (#1008)
Browse files Browse the repository at this point in the history
  • Loading branch information
@johnae
johnae authored Nov 24, 2024
1 parent e6cd2a5 commit 35e5d1d
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 3 deletions.
22 changes: 19 additions & 3 deletions hosts/x86_64-linux/icarus.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,14 +100,24 @@
};
};

services.buildkite-agents.nix-build = {
tokenPath = config.age.secrets.buildkite-token.path;
privateSshKeyPath = config.age.secrets.buildkite-ssh-key.path;
tags = {
nix = "true";
nixos = "true";
queue = "default";
};
};

services.tailscale.auth = {
enable = true;
args.advertise-tags = ["tag:server"];
args.ssh = true;
args.accept-routes = false;
args.accept-dns = false;
args.advertise-exit-node = true;
args.auth-key = "file:/var/run/agenix/ts-google-9k";
args.auth-key = config.age.secrets.ts-google-9k.path;
};

# microvm.autostart = [
Expand Down Expand Up @@ -267,6 +277,12 @@
path = "/var/lib/microvm-secrets/ssh_host_ed25519_key";
symlink = false;
};
buildkite-token = {
file = ../../secrets/buildkite-token.age;
};
buildkite-ssh-key = {
file = ../../secrets/buildkite-ssh-key.age;
};
};

security.acme.certs = {
Expand Down Expand Up @@ -329,8 +345,8 @@
user = "${adminUser.name}";
group = "users";
openDefaultPorts = true;
cert = "/run/agenix/syncthing-cert";
key = "/run/agenix/syncthing-key";
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
dataDir = "/home/${adminUser.name}/.local/share/syncthing-data";

settings = {
Expand Down
Binary file added secrets/buildkite-ssh-key.age
View file
Binary file not shown.
Binary file added secrets/buildkite-token.age
View file
Binary file not shown.

0 comments on commit 35e5d1d

Please sign in to comment.