fixup: .: enable using ci-hosts as substituters

2023-10-20 15:00:46 +02:00 · 2023-10-20 15:00:46 +02:00 · 5403d98cda
parent b422aac13b
commit 5403d98cda
2 changed files with 24 additions and 7 deletions
--- a/modules/ci-runners.nix
+++ b/modules/ci-runners.nix
@ -1,6 +1,8 @@
 { config, pkgs, lib, ... }:

-let gitea-runner-directory = "/var/lib/gitea-runner";
+let
+  gitea-runner-directory = "/var/lib/gitea-runner";
+  secrets = import ../secrets.nix;
 in {
  age.secrets.gitea-runner-token = {
    file = ../secrets/gitea-runner-token-${config.networking.hostName}.age;
@ -45,9 +47,9 @@ in {

  nix.sshServe = {
    enable = true;
-    protocol = "ssh-ng";
+    protocol = "ssh";
    keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeC/Nr7STpYEZ50p7X+XrFdeaIfib60tt2QN4Kvxscr"
-    ];
+    ] ++ secrets.ar;
  };
 }
--- a/modules/common.nix
+++ b/modules/common.nix
@ -16,7 +16,7 @@ in {
    buildOnTarget = true;
  };

-  age.secrets = { nix-store.file = ../secrets/nix-store.age; };
+  age.secrets.nix-store.file = ../secrets/nix-store.age;

  boot.binfmt.emulatedSystems =
    lib.lists.remove pkgs.system [ "x86_64-linux" "aarch64-linux" ];
@ -58,11 +58,26 @@ in {
    '';
    settings = {
      trusted-users = [ "ar" ];
-      trusted-substituters = (if config.networking.hostName != "scylla" then
-        [ "ssh-ng://i.am-a.cat?ssh-key=${config.age.secrets.nix-store.path}" ]
+      substituters = (if config.networking.hostName != "scylla" then
+        [
+          "ssh://nix-ssh@i.am-a.cat?ssh-key=${config.age.secrets.nix-store.path}"
+        ]
      else
        [ ]) ++ (if config.networking.hostName != "zorigami" then
-          [ "ssh-ng://is-a.cat?ssh-key=${config.age.secrets.nix-store.path}" ]
+          [
+            "ssh://nix-ssh@is-a.cat?ssh-key=${config.age.secrets.nix-store.path}"
+          ]
+        else
+          [ ]);
+      trusted-substituters = (if config.networking.hostName != "scylla" then
+        [
+          "ssh://nix-ssh@i.am-a.cat?ssh-key=${config.age.secrets.nix-store.path}"
+        ]
+      else
+        [ ]) ++ (if config.networking.hostName != "zorigami" then
+          [
+            "ssh://nix-ssh@is-a.cat?ssh-key=${config.age.secrets.nix-store.path}"
+          ]
        else
          [ ]);
    };