about summary refs log tree commit diff
path: root/nix/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'nix/hosts')
-rw-r--r--nix/hosts/corrino/configuration.nix15
-rw-r--r--nix/hosts/corrino/www/hydra.emile.space.nix7
2 files changed, 22 insertions, 0 deletions
diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix
index 66000de..0a925d1 100644
--- a/nix/hosts/corrino/configuration.nix
+++ b/nix/hosts/corrino/configuration.nix
@@ -356,23 +356,38 @@ in {
       dates = [ "03:45" ];
     };
 
+    settings.trusted-users = [ "hydra" ];
+
     settings.allowed-uris = [
       "http://"
       "https://"
       "git.emile.space"
+      "git.emile.space/"
       "git@git.emile.space"
+      "git@git.emile.space/"
       "ssh://"
       "ssh://git.emile.space"
       "ssh://git.emile.space/"
       "ssh://git.emile.space/hefe-internal"
+      "ssh://git.emile.space/hefe-internal/"
       "git+ssh://"
       "git+ssh://git.emile.space"
       "git+ssh://git.emile.space/"
       "git+ssh://git.emile.space/hefe-internal"
+      "git+ssh://git.emile.space/hefe-internal/"
+      "git+https://"
+      "git+https://git.emile.space"
+      "git+https://git.emile.space/"
+      "git+https://git.emile.space/hefe-internal"
+      "git+https://git.emile.space/hefe-internal/"
+      "git+https://github.com/"
+      "git+https://github.com/nixos/"
+      "git+https://github.com/nixpkgs/"
     ];
 
     extraOptions = ''
       builders-use-substitutes = true
+      allowed-uris = http:// https://
     '';
       # allowed-uris = ssh://git@git.emile.space/hefe-internal git.emile.space git@git.emile.space ssh://git@git.emile.space
     # allowed-uris = git.emile.space: gitea@git.emile.space: ssh://gitea@git.emile.space/hanemile/hefe-internal.git git+ssh: git+https:
diff --git a/nix/hosts/corrino/www/hydra.emile.space.nix b/nix/hosts/corrino/www/hydra.emile.space.nix
index 1d167ce..00405f4 100644
--- a/nix/hosts/corrino/www/hydra.emile.space.nix
+++ b/nix/hosts/corrino/www/hydra.emile.space.nix
@@ -23,6 +23,12 @@ in {
   services.hydra = {
     enable = true;
 
+    package = pkgs.hydra_unstable.overrideAttrs (old: {
+      patches = (if old ? patches then old.patches else []) ++ [
+        ./hydra.patch
+      ];
+    });
+
     listenHost = "*";
     port = ports.hydra;
     hydraURL = "https://hydra.emile.space"; # externally visible URL
@@ -53,6 +59,7 @@ in {
       <git-input>
         timeout = 3600
       </git-input>
+      evaluator_restrict_eval = false
     '';
   };
 }