RemoteBuilder : Add auto key gen.
This commit is contained in:
parent
420663df78
commit
37b315f536
|
@ -1,9 +0,0 @@
|
|||
{ pkgs, ... }: {
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
bindAddress = "0.0.0.0";
|
||||
package = pkgs.nix-serve-ng;
|
||||
port = 5000;
|
||||
secretKeyFile = "/root/.nixcache/secret-key-file"; # Generate with: nix-store --generate-binary-cache-key nixcache.voronind.com secret-key-file public-key-file
|
||||
};
|
||||
}
|
|
@ -17,6 +17,6 @@
|
|||
builders-use-substitutes = true
|
||||
extra-substituters = ssh-ng://home
|
||||
extra-trusted-substituters = ssh-ng://home
|
||||
extra-trusted-public-keys = nixcache.voronind.com:i9dE2VZI40/LCM/mmUGs8kwal1bQo3xbSjrzxhInmOw=
|
||||
extra-trusted-public-keys = home-1:Skghjixd8lPzNe2ZEgYLM9Pu/wF9wiZtZGsdm3bo9h0=
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1,6 +1,18 @@
|
|||
{ ... }: {
|
||||
{ pkgs, ... }: let
|
||||
keyPath = "/root/.nixcache";
|
||||
in {
|
||||
systemd.services.generate-nix-cache-key = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
path = [ pkgs.nix ];
|
||||
script = ''
|
||||
[[ -f "${keyPath}/private-key" ]] && exit
|
||||
mkdir ${keyPath} || true
|
||||
nix-store --generate-binary-cache-key "$HOSTNAME-1" "${keyPath}/private-key" "${keyPath}/public-key"
|
||||
'';
|
||||
};
|
||||
# To apply: nix store sign --all -k /path/to/secret-key-file
|
||||
nix.extraOptions = ''
|
||||
secret-key-files = /root/.nixcache/secret-key-file
|
||||
secret-key-files = /root/.nixcache/private-key
|
||||
'';
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue