From e32ee91ce1a5f4a2b4276c832f9128124baf8b72 Mon Sep 17 00:00:00 2001 From: Alejandro Angulo Date: Sat, 1 Jun 2024 00:44:46 -0700 Subject: [PATCH] Added allowed URI --- modules/nixos/services/hydra/default.nix | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/modules/nixos/services/hydra/default.nix b/modules/nixos/services/hydra/default.nix index afc0b59..9e481ec 100644 --- a/modules/nixos/services/hydra/default.nix +++ b/modules/nixos/services/hydra/default.nix @@ -1,24 +1,21 @@ { - options, config, lib, - pkgs, ... -}: -with lib; let +}: let cfg = config.aa.services.hydra; in { - options.aa.services.hydra = with types; { + options.aa.services.hydra = with lib; { enable = mkEnableOption "hydra"; hostname = mkOption { - type = str; + type = types.str; default = "hydra.kilonull.com"; description = '' The hostname for the hydra instance ''; }; acmeCertName = mkOption { - type = str; + type = types.str; default = ""; description = '' If set to a non-empty string, forces SSL with the supplied acme @@ -27,21 +24,21 @@ in { }; secretKeyPath = mkOption { - type = str; + type = types.str; description = '' The secret key used to sign builds uploaded to s3. ''; }; s3Bucket = mkOption { - type = str; + type = types.str; description = '' The s3 bucket name where build artifacts will be uploaded. ''; }; s3Scheme = mkOption { - type = str; + type = types.str; default = "https"; description = '' The scheme to use when connecting to s3. @@ -49,7 +46,7 @@ in { }; s3Endpoint = mkOption { - type = str; + type = types.str; description = '' The s3 server endpoint. @@ -58,7 +55,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { age.secrets = { hydra-aws-creds.file = ../../../../secrets/hydra-aws-creds.age; }; @@ -105,7 +102,7 @@ in { "hydra" "hydra-www" ]; - allowed-uris = ["github:"]; + allowed-uris = ["github:" "https://github.com/"]; }; }; }