c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

hail hydra!

This commit is contained in:
Astro 2021-03-12 21:45:12 +01:00
parent f765d05ebf
commit fb5751220f
6 changed files with 298 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
flake.nix
View File

@ -75,6 +75,8 @@
dn42-nixos-rebuild = mkDeploy "dn42" hostRegistry.hosts.dn42.ip4;
grafana-nixos-rebuild = mkDeploy "grafana" "grafana.hq.c3d2.de";
hydra-nixos-rebuild = mkDeploy "hydra" hostRegistry.hosts.hydra.ip4;
});
nixosConfigurations = let
@ -190,6 +192,14 @@
system = "x86_64-linux";
};
hydra = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/hydra
];
system = "x86_64-linux";
};
};
nixosModules.c3d2 = import ./lib;

5
host-registry.nix
View File

@ -100,6 +100,11 @@ rec {
grafana = {
ip6 = "2a02:8106:208:5282:4042:fbff:fe4b:2de8";
};
hydra = {
ip4 = "172.20.73.49";
ip6 = "2a02:8106:208:5282:e03c:d7ff:fe8e:fe16";
};
};
hqGlobal = builtins.attrNames hosts;

140
hosts/containers/hydra/c3d2.svg Normal file
View File

@ -0,0 +1,140 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="594.28000pt"
height="194.89000pt"
id="svg1"
sodipodi:version="0.32"
inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
sodipodi:docname="c3d2-hydra.svg"
version="1.1">
<defs
id="defs3" />
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.86831672"
inkscape:cx="352.96715"
inkscape:cy="96.614901"
inkscape:current-layer="svg1"
showgrid="false"
inkscape:grid-bbox="true"
inkscape:grid-points="true"
inkscape:guide-bbox="true"
inkscape:guide-points="true"
guidetolerance="2.0000000px"
inkscape:window-width="1362"
inkscape:window-height="729"
inkscape:window-x="0"
inkscape:window-y="18"
inkscape:window-maximized="0">
<inkscape:grid
id="GridFromPre046Settings"
type="xygrid"
originx="0"
originy="0"
spacingx="1.3333333"
spacingy="1.3333333"
color="#3f3fff"
empcolor="#3f3fff"
opacity="0.15"
empopacity="0.38"
empspacing="5" />
</sodipodi:namedview>
<metadata
id="metadata4">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1" />
<path
d="M 5,123.6125 80,4.8625031 c 0,0 68.75,0 68.75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 0,0 68.75,116.25 68.75,116.25 h -75 z"
id="path4772"
style="fill:#5175c0;fill-opacity:1" />
<path
d="M 92.5,123.6125 161.25,4.8625031 c 0,0 75,0 75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 l 68.75,116.25 h -75 z"
id="path4770"
style="fill:#7eb3de;fill-opacity:1" />
<path
d="M 180,123.6125 248.75,4.8625031 c 0,0 75,0 75,0 0,0 -67.5,118.7499969 -67.5,118.7499969 l 67.5,116.25 h -75 z"
id="path4768"
style="fill:#5175c0;fill-opacity:1" />
<path
d="m 423.75,4.8625031 c 0,0 68.75,0 68.75,0 L 405,239.8625 h -68.75 z"
id="path4766"
style="fill:#7eb3de;fill-opacity:1" />
<path
d="m 573.75,123.6125 c 0,0 -68.75,-118.7499969 -68.75,-118.7499969 0,0 75,0 75,0 0,0 68.75,118.7499969 68.75,118.7499969 L 580,239.8625 h -75 c 0,0 68.75,-116.25 68.75,-116.25 z"
id="path4764"
style="fill:#5175c0;fill-opacity:1" />
<path
d="m 592.5,239.8625 c 0,0 68.75,-116.25 68.75,-116.25 0,0 -68.75,-118.7499969 -68.75,-118.7499969 h 75 L 736.25,123.6125 667.5,239.8625 c 0,0 -75,0 -75,0 z"
id="path1103"
style="fill:#7eb3de;fill-opacity:1" />
<path
style="opacity:0;fill:#ffffff;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4748"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4750"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4752"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4754"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4756"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
id="path4758" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
id="path4774"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
id="path4776"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
id="path4778"
inkscape:connector-curvature="0" />
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 8.3 KiB

26
hosts/containers/hydra/cache.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
services.nginx.virtualHosts."nix-serve.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:${toString config.services.nix-serve.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
services.nginx.virtualHosts."depot.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".root = "/srv/www/depot";
};
}

74
hosts/containers/hydra/default.nix Normal file
View File

@ -0,0 +1,74 @@
{ config, pkgs, lib, ... }:
{
imports = [ ./hydra.nix ./cache.nix ];
c3d2 = {
users = {
emery = true;
windsleep = true;
};
# hq.statistics.enable = true;
};
nixpkgs.config.allowUnfree = true;
security.acme = {
email = "mail@c3d2.de";
acceptTerms = true;
};
security.pam.enableSSHAgentAuth = true;
services.openssh = {
enable = true;
passwordAuthentication = false;
};
programs.mosh.enable = true;
nix = {
useSandbox = false;
maxJobs = 4;
buildCores = 20;
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "06:00";
options = "--delete-older-than 14d";
};
sshServe.enable = true;
trustedUsers = [ "@wheel" ];
};
boot = {
tmpOnTmpfs = true;
# For cross-building
binfmt.emulatedSystems = [ "aarch64-linux" ];
};
fileSystems."/" = {
fsType = "rootfs";
device = "rootfs";
};
networking = {
hostName = "hydra";
firewall.enable = false;
defaultGateway = "172.20.73.1";
interfaces.eth0.ipv4.addresses = [{
address = "172.20.73.49";
prefixLength = 26;
}];
};
environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixFlakes ];
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "20.09"; # Did you read the comment?
}

43
hosts/containers/hydra/hydra.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, pkgs, ... }:
{
nix = {
binaryCaches =
[ "https://cache.nixos.org" "https://genodepkgs.cachix.org" ];
binaryCachePublicKeys = [
"genodepkgs.cachix.org-1:j6xcYrUP9Q9c+WbS+MbkJR26cqeytOVdC4SmhOYj2Sw="
];
extraOptions = ''
allowed-uris = http:// https://
'';
};
services.hydra = {
enable = true;
hydraURL = "https://hydra.hq.c3d2.de";
logo = ./c3d2.svg;
notificationSender = "hydra@spam.works";
package = pkgs.hydra-unstable;
useSubstitutes = false;
};
services.nginx =
let
hydraVhost = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://localhost:${toString config.services.hydra.port}";
};
in {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
virtualHosts = {
"hydra.hq.c3d2.de" = hydraVhost // {
default = true;
};
"hydra.serv.zentralwerk.org" = hydraVhost;
};
};
}