nix-cache02-builder #39

Merged

torjus merged 3 commits from nix-cache02-builder into master 2026-02-10 21:47:59 +00:00

Conversation 0 Commits 3 Files Changed 9 +208 -196

torjus commented 2026-02-10 21:47:30 +00:00

Owner

Copy Link

Summary

• Add NATS-based build triggering to nix-cache02 via the new homelab-deploy builder service
• Configure NATS permissions allowing test/admin deployers to trigger builds on build.> subjects
• Add Vault secrets and AppRole access for the builder NKey authentication
• Update plan documentation with completed phases and remaining work (Harmonia, Actions runner, alerting)

Changes

• hosts/nix-cache02/builder.nix - New builder service config with nixos-servers and nixos repos
• services/nats/default.nix - Add builder user and build permissions for deployers
• terraform/vault/secrets.tf - Add shared/homelab-deploy/builder-nkey secret
• terraform/vault/variables.tf - Add homelab_deploy_builder_nkey variable
• terraform/vault/hosts-generated.tf - Grant nix-cache02 access to shared secrets
• .mcp.json - Enable --enable-builds flag for MCP integration
• docs/plans/nix-cache-reprovision.md - Update with progress and observability phase

## Summary - Add NATS-based build triggering to nix-cache02 via the new homelab-deploy builder service - Configure NATS permissions allowing test/admin deployers to trigger builds on `build.>` subjects - Add Vault secrets and AppRole access for the builder NKey authentication - Update plan documentation with completed phases and remaining work (Harmonia, Actions runner, alerting) ## Changes - `hosts/nix-cache02/builder.nix` - New builder service config with nixos-servers and nixos repos - `services/nats/default.nix` - Add builder user and build permissions for deployers - `terraform/vault/secrets.tf` - Add shared/homelab-deploy/builder-nkey secret - `terraform/vault/variables.tf` - Add homelab_deploy_builder_nkey variable - `terraform/vault/hosts-generated.tf` - Grant nix-cache02 access to shared secrets - `.mcp.json` - Enable `--enable-builds` flag for MCP integration - `docs/plans/nix-cache-reprovision.md` - Update with progress and observability phase

torjus added 3 commits 2026-02-10 21:47:30 +00:00

nix-cache02: add homelab-deploy builder service ... 47747329c4

- Configure builder to build nixos-servers and nixos (gunter) repos
- Add builder NKey to Vault secrets
- Update NATS permissions for builder, test-deployer, and admin-deployer
- Grant nix-cache02 access to shared homelab-deploy secrets

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

docs: update nix-cache-reprovision plan with progress ... f83145d97a

- Mark Phase 1 (new build host) and Phase 2 (NATS build triggering) complete
- Document nix-cache02 configuration and tested build times
- Add remaining work for Harmonia, Actions runner, and DNS cutover
- Enable --enable-builds flag in MCP config

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

docs: add observability phase to nix-cache plan ... 5bfb51a497

- Add Phase 6 for alerting and Grafana dashboards
- Document available Prometheus metrics
- Include example alerting rules for build failures

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

torjus merged commit 34efa58cfe into master 2026-02-10 21:47:59 +00:00

torjus deleted branch nix-cache02-builder 2026-02-10 21:47:59 +00:00

torjus referenced this issue from a commit 2026-02-10 21:48:00 +00:00

Merge pull request 'nix-cache02-builder' (#39) from nix-cache02-builder into master

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

torjus

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: torjus/nixos-servers#39