RemoteBuilder : Add auto key gen.
This commit is contained in:
parent
420663df78
commit
37b315f536
|
@ -1,9 +0,0 @@
|
||||||
{ pkgs, ... }: {
|
|
||||||
services.nix-serve = {
|
|
||||||
enable = true;
|
|
||||||
bindAddress = "0.0.0.0";
|
|
||||||
package = pkgs.nix-serve-ng;
|
|
||||||
port = 5000;
|
|
||||||
secretKeyFile = "/root/.nixcache/secret-key-file"; # Generate with: nix-store --generate-binary-cache-key nixcache.voronind.com secret-key-file public-key-file
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -17,6 +17,6 @@
|
||||||
builders-use-substitutes = true
|
builders-use-substitutes = true
|
||||||
extra-substituters = ssh-ng://home
|
extra-substituters = ssh-ng://home
|
||||||
extra-trusted-substituters = ssh-ng://home
|
extra-trusted-substituters = ssh-ng://home
|
||||||
extra-trusted-public-keys = nixcache.voronind.com:i9dE2VZI40/LCM/mmUGs8kwal1bQo3xbSjrzxhInmOw=
|
extra-trusted-public-keys = home-1:Skghjixd8lPzNe2ZEgYLM9Pu/wF9wiZtZGsdm3bo9h0=
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,18 @@
|
||||||
{ ... }: {
|
{ pkgs, ... }: let
|
||||||
|
keyPath = "/root/.nixcache";
|
||||||
|
in {
|
||||||
|
systemd.services.generate-nix-cache-key = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
path = [ pkgs.nix ];
|
||||||
|
script = ''
|
||||||
|
[[ -f "${keyPath}/private-key" ]] && exit
|
||||||
|
mkdir ${keyPath} || true
|
||||||
|
nix-store --generate-binary-cache-key "$HOSTNAME-1" "${keyPath}/private-key" "${keyPath}/public-key"
|
||||||
|
'';
|
||||||
|
};
|
||||||
# To apply: nix store sign --all -k /path/to/secret-key-file
|
# To apply: nix store sign --all -k /path/to/secret-key-file
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
secret-key-files = /root/.nixcache/secret-key-file
|
secret-key-files = /root/.nixcache/private-key
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue