2023-09-11 20:23:04 +02:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}:
|
2019-02-26 13:44:40 +01:00
|
|
|
# hydra user needs to be manually crated
|
|
|
|
# sudo -u hydra -s
|
|
|
|
# hydra-create-user $USERNAME --password $PASSWORD --role admin
|
2019-03-23 02:50:48 +01:00
|
|
|
# https://qfpl.io/posts/nix/starting-simple-hydra/
|
|
|
|
# also for reference a well written hydra config:
|
2019-03-04 10:35:50 +01:00
|
|
|
# https://github.com/NixOS/nixos-org-configurations/blob/master/delft/hydra.nix
|
2023-09-11 20:23:04 +02:00
|
|
|
with lib; let
|
2019-12-14 07:46:00 +01:00
|
|
|
cacheDir = "/var/cache/hydra";
|
2023-09-11 20:23:04 +02:00
|
|
|
in
|
|
|
|
mkIf (elem "hydra" config.machine.services) {
|
|
|
|
# also take a look at ../conf/nix.nix
|
|
|
|
nix.buildMachines = [
|
|
|
|
{
|
|
|
|
hostName = "localhost";
|
|
|
|
system = "x86_64-linux";
|
|
|
|
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
|
|
|
|
maxJobs = 8;
|
|
|
|
}
|
|
|
|
];
|
2019-02-26 13:44:40 +01:00
|
|
|
|
2023-09-11 20:23:04 +02:00
|
|
|
services = let
|
|
|
|
cfg = config.machine;
|
2023-09-11 21:20:14 +02:00
|
|
|
inherit ((findFirst (s: s.service == "hydra") cfg cfg.vHosts)) domain;
|
2023-09-11 20:23:04 +02:00
|
|
|
in {
|
|
|
|
hydra = {
|
|
|
|
enable = true;
|
|
|
|
hydraURL = domain; # externally visible URL
|
|
|
|
listenHost = "localhost";
|
|
|
|
port = 3001;
|
|
|
|
minimumDiskFree = 15;
|
|
|
|
minimumDiskFreeEvaluator = 15;
|
|
|
|
notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
|
|
|
|
useSubstitutes = true;
|
|
|
|
debugServer = false;
|
|
|
|
# Hints from hydra-queue-runner:
|
|
|
|
# binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
|
|
|
|
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
|
|
|
extraConfig = ''
|
|
|
|
max_output_size = 4294967296
|
|
|
|
store_uri = file://${cacheDir}?secret-key=${config.sops.secrets."services.hydra.secretKey".path}&write-nar-listing=1&ls-compression=br&log-compression=br
|
|
|
|
# add ?local-nar-cache= to set nar cache location
|
|
|
|
server_store_uri = https://cache.${cfg.domain}
|
|
|
|
binary_cache_public_uri https://cache.${cfg.domain}
|
|
|
|
upload_logs_to_binary_cache = true
|
|
|
|
'';
|
|
|
|
};
|
2019-03-27 13:48:09 +01:00
|
|
|
|
2023-09-11 20:23:04 +02:00
|
|
|
nix-serve = {
|
|
|
|
enable = true;
|
|
|
|
bindAddress = "0.0.0.0";
|
|
|
|
port = 5000;
|
|
|
|
secretKeyFile = config.sops.secrets."services.hydra.secretKey".path;
|
|
|
|
extraParams = ''
|
|
|
|
# Dont know how to change the store root yet...
|
|
|
|
# --user hydra-queue-runner
|
|
|
|
# --group hydra
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
systemd.services.nix-serve.serviceConfig.User = mkForce "hydra";
|
|
|
|
systemd.services.nix-serve.environment.NIX_STORE_DIR = cacheDir;
|
|
|
|
sops.secrets."services/hydra/secretKey" = {
|
|
|
|
owner = "hydra";
|
|
|
|
group = "hydra";
|
2019-10-07 02:48:07 +02:00
|
|
|
};
|
2023-09-11 20:23:04 +02:00
|
|
|
}
|