1 files changed, 29 insertions, 10 deletions

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 6a8ee56abc47..06add2168160 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -11,8 +11,10 @@ in
   imports = [
     (mod "atward.nix")
     (mod "cgit.nix")
+    (mod "cheddar.nix")
     (mod "clbot.nix")
     (mod "gerrit-autosubmit.nix")
+    (mod "harmonia.nix")
     (mod "irccat.nix")
     (mod "josh.nix")
     (mod "journaldriver.nix")
@@ -24,7 +26,7 @@ in
     (mod "paroxysm.nix")
     (mod "restic.nix")
     (mod "smtprelay.nix")
-    (mod "sourcegraph.nix")
+    (mod "teleirc.nix")
     (mod "tvl-buildkite.nix")
     (mod "tvl-slapd/default.nix")
     (mod "tvl-users.nix")
@@ -228,10 +230,16 @@ in
       grafana.file = secretFile "grafana";
       irccat.file = secretFile "irccat";
       keycloak-db.file = secretFile "keycloak-db";
-      nix-cache-priv.file = secretFile "nix-cache-priv";
       owothia.file = secretFile "owothia";
       panettone.file = secretFile "panettone";
       smtprelay.file = secretFile "smtprelay";
+      teleirc.file = secretFile "teleirc";
+
+      nix-cache-priv = {
+        file = secretFile "nix-cache-priv";
+        mode = "0440";
+        group = "harmonia";
+      };
 
       buildkite-agent-token = {
         file = secretFile "buildkite-agent-token";
@@ -304,6 +312,9 @@ in
     agentCount = 32;
   };
 
+  # Run Markdown/code renderer
+  services.depot.cheddar.enable = true;
+
   # Start a local SMTP relay to Gmail (used by gerrit)
   services.depot.smtprelay = {
     enable = true;
@@ -345,7 +356,12 @@ in
   # Start the Gerrit->IRC bot
   services.depot.clbot = {
     enable = true;
-    channels = [ "#tvix-dev" "#tvl" ];
+    channels = {
+      "#tvl" = { };
+      "#tvix-dev" = {
+        only_display = "tvix,nix-compat,third_party,third-party,3p";
+      };
+    };
 
     # See //fun/clbot for details.
     flags = {
@@ -367,9 +383,6 @@ in
   };
 
   services.depot = {
-    # Run a SourceGraph code search instance
-    sourcegraph.enable = true;
-
     # Run a livegrep code search instance
     livegrep.enable = true;
 
@@ -410,6 +423,9 @@ in
       };
     };
 
+    # Run the Telegram<>IRC bridge for Volga Sprint.
+    teleirc.enable = true;
+
     # Run atward, the search engine redirection thing.
     atward.enable = true;
 
@@ -467,11 +483,14 @@ in
     ];
   };
 
-  services.nix-serve = {
+  # Run a Harmonia binary cache.
+  #
+  # TODO(tazjin): switch to upstream module after fix for Nix 2.3
+  services.depot.harmonia = {
     enable = true;
-    port = 6443;
-    secretKeyFile = config.age.secretsDir + "/nix-cache-priv";
-    bindAddress = "localhost";
+    signKeyPaths = [ (config.age.secretsDir + "/nix-cache-priv") ];
+    settings.bind = "127.0.0.1:6443";
+    settings.priority = 50;
   };
 
   services.fail2ban.enable = true;