nixos/services/hydra.nix

81 lines
2.5 KiB
Nix

{
config,
lib,
...
}:
# hydra user needs to be manually crated
# sudo -u hydra -s
# hydra-create-user $USERNAME --password $PASSWORD --role admin
# https://qfpl.io/posts/nix/starting-simple-hydra/
# also for reference a well written hydra config:
# https://github.com/NixOS/nixos-org-configurations/blob/master/delft/hydra.nix
with lib;
let
cacheDir = "/var/cache/hydra";
in
mkIf (elem "hydra" config.machine.services) {
# also take a look at ../conf/nix.nix
nix.buildMachines = [
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
maxJobs = 8;
}
];
services =
let
cfg = config.machine;
inherit ((findFirst (s: s.service == "hydra") cfg cfg.vHosts)) domain;
in
{
hydra = {
enable = true;
hydraURL = domain; # externally visible URL
listenHost = "localhost";
port = 3001;
minimumDiskFree = 15;
minimumDiskFreeEvaluator = 15;
notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
useSubstitutes = true;
debugServer = false;
# Hints from hydra-queue-runner:
# binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
extraConfig = ''
max_output_size = 4294967296
store_uri = file://${cacheDir}?secret-key=${
config.sops.secrets."services.hydra.secretKey".path
}&write-nar-listing=1&ls-compression=br&log-compression=br
# add ?local-nar-cache= to set nar cache location
server_store_uri = https://cache.${cfg.domain}
binary_cache_public_uri https://cache.${cfg.domain}
upload_logs_to_binary_cache = true
'';
};
nix-serve = {
enable = true;
bindAddress = "0.0.0.0";
port = 5000;
secretKeyFile = config.sops.secrets."services.hydra.secretKey".path;
extraParams = ''
# Dont know how to change the store root yet...
# --user hydra-queue-runner
# --group hydra
'';
};
};
systemd.services.nix-serve.serviceConfig.User = mkForce "hydra";
systemd.services.nix-serve.environment.NIX_STORE_DIR = cacheDir;
sops.secrets."services/hydra/secretKey" = {
owner = "hydra";
group = "hydra";
};
}