diff options
Diffstat (limited to 'nix/hosts')
-rw-r--r-- | nix/hosts/corrino/configuration.nix | 15 | ||||
-rw-r--r-- | nix/hosts/corrino/www/hydra.emile.space.nix | 7 |
2 files changed, 22 insertions, 0 deletions
diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix index 66000de..0a925d1 100644 --- a/nix/hosts/corrino/configuration.nix +++ b/nix/hosts/corrino/configuration.nix @@ -356,23 +356,38 @@ in { dates = [ "03:45" ]; }; + settings.trusted-users = [ "hydra" ]; + settings.allowed-uris = [ "http://" "https://" "git.emile.space" + "git.emile.space/" "git@git.emile.space" + "git@git.emile.space/" "ssh://" "ssh://git.emile.space" "ssh://git.emile.space/" "ssh://git.emile.space/hefe-internal" + "ssh://git.emile.space/hefe-internal/" "git+ssh://" "git+ssh://git.emile.space" "git+ssh://git.emile.space/" "git+ssh://git.emile.space/hefe-internal" + "git+ssh://git.emile.space/hefe-internal/" + "git+https://" + "git+https://git.emile.space" + "git+https://git.emile.space/" + "git+https://git.emile.space/hefe-internal" + "git+https://git.emile.space/hefe-internal/" + "git+https://github.com/" + "git+https://github.com/nixos/" + "git+https://github.com/nixpkgs/" ]; extraOptions = '' builders-use-substitutes = true + allowed-uris = http:// https:// ''; # allowed-uris = ssh://git@git.emile.space/hefe-internal git.emile.space git@git.emile.space ssh://git@git.emile.space # allowed-uris = git.emile.space: gitea@git.emile.space: ssh://gitea@git.emile.space/hanemile/hefe-internal.git git+ssh: git+https: diff --git a/nix/hosts/corrino/www/hydra.emile.space.nix b/nix/hosts/corrino/www/hydra.emile.space.nix index 1d167ce..00405f4 100644 --- a/nix/hosts/corrino/www/hydra.emile.space.nix +++ b/nix/hosts/corrino/www/hydra.emile.space.nix @@ -23,6 +23,12 @@ in { services.hydra = { enable = true; + package = pkgs.hydra_unstable.overrideAttrs (old: { + patches = (if old ? patches then old.patches else []) ++ [ + ./hydra.patch + ]; + }); + listenHost = "*"; port = ports.hydra; hydraURL = "https://hydra.emile.space"; # externally visible URL @@ -53,6 +59,7 @@ in { <git-input> timeout = 3600 </git-input> + evaluator_restrict_eval = false ''; }; } |