81 lines
2.5 KiB
Nix
81 lines
2.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
# hydra user needs to be manually crated
|
|
# sudo -u hydra -s
|
|
# hydra-create-user $USERNAME --password $PASSWORD --role admin
|
|
# https://qfpl.io/posts/nix/starting-simple-hydra/
|
|
# also for reference a well written hydra config:
|
|
# https://github.com/NixOS/nixos-org-configurations/blob/master/delft/hydra.nix
|
|
with lib;
|
|
let
|
|
cacheDir = "/var/cache/hydra";
|
|
in
|
|
mkIf (elem "hydra" config.machine.services) {
|
|
# also take a look at ../conf/nix.nix
|
|
nix.buildMachines = [
|
|
{
|
|
hostName = "localhost";
|
|
system = "x86_64-linux";
|
|
supportedFeatures = [
|
|
"kvm"
|
|
"nixos-test"
|
|
"big-parallel"
|
|
"benchmark"
|
|
];
|
|
maxJobs = 8;
|
|
}
|
|
];
|
|
|
|
services =
|
|
let
|
|
cfg = config.machine;
|
|
inherit ((findFirst (s: s.service == "hydra") cfg cfg.vHosts)) domain;
|
|
in
|
|
{
|
|
hydra = {
|
|
enable = true;
|
|
hydraURL = domain; # externally visible URL
|
|
listenHost = "localhost";
|
|
port = 3001;
|
|
minimumDiskFree = 15;
|
|
minimumDiskFreeEvaluator = 15;
|
|
notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
|
|
useSubstitutes = true;
|
|
debugServer = false;
|
|
# Hints from hydra-queue-runner:
|
|
# binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
|
|
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
|
extraConfig = ''
|
|
max_output_size = 4294967296
|
|
store_uri = file://${cacheDir}?secret-key=${
|
|
config.sops.secrets."services.hydra.secretKey".path
|
|
}&write-nar-listing=1&ls-compression=br&log-compression=br
|
|
# add ?local-nar-cache= to set nar cache location
|
|
server_store_uri = https://cache.${cfg.domain}
|
|
binary_cache_public_uri https://cache.${cfg.domain}
|
|
upload_logs_to_binary_cache = true
|
|
'';
|
|
};
|
|
|
|
nix-serve = {
|
|
enable = true;
|
|
bindAddress = "0.0.0.0";
|
|
port = 5000;
|
|
secretKeyFile = config.sops.secrets."services.hydra.secretKey".path;
|
|
extraParams = ''
|
|
# Dont know how to change the store root yet...
|
|
# --user hydra-queue-runner
|
|
# --group hydra
|
|
'';
|
|
};
|
|
};
|
|
systemd.services.nix-serve.serviceConfig.User = mkForce "hydra";
|
|
systemd.services.nix-serve.environment.NIX_STORE_DIR = cacheDir;
|
|
sops.secrets."services/hydra/secretKey" = {
|
|
owner = "hydra";
|
|
group = "hydra";
|
|
};
|
|
}
|