nix-config/hosts/hydra/hydra.nix

{ hostRegistry, hydra-ca, config, lib, pkgs, ... }:
{
  containers = {
    hydra-ca = {
      autoStart = true;
      config = { ... }: {
        imports = [
          hydra-ca.nixosModules.hydra
        ];

        environment.systemPackages = with pkgs; [ git ];

        networking.firewall.allowedTCPPorts = [ 3001 ];

        nix = {
          settings = {
            substituters = [
              "https://cache.ngi0.nixos.org/"
            ];
            trusted-public-keys = [
              "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
            ];
          };
          extraOptions = ''
            allowed-uris = https://gitea.c3d2.de/ https://github.com/ https://gitlab.com/ ssh://gitea@gitea.c3d2.de/
            builders-use-substitutes = true
            experimental-features = ca-derivations nix-command flakes
            extra-substituters = https://cache.ngi0.nixos.org/
            extra-trusted-public-keys = cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=
          '';
        };

        nixpkgs.overlays = [ (import ../../overlay) ];

        services = {
          hydra-dev = lib.recursiveUpdate config.services.hydra-dev {
            hydraURL = "https://hydra-ca.hq.c3d2.de";
            port = 3001;
          };
        };
      };
      hostAddress = "192.168.100.1";
      localAddress = "192.168.100.2";
      privateNetwork = true;
    };
  };

  networking.nat = {
    enable = true;
    externalInterface = "serv";
    internalInterfaces = [ "ve-hydra-ca" ];
  };

  nix = {
    extraOptions = lib.mkForce ''
      allowed-uris = http:// https:// ssh://
      builders-use-substitutes = true
      experimental-features = ca-derivations nix-command flakes
    '';
    trustedUsers = [ "hydra" "root" ];
    buildMachines = [{
      hostName = "localhost";
      system = lib.concatStringsSep "," ([
        pkgs.system
        "i686-linux"
      ] ++ config.boot.binfmt.emulatedSystems);
      supportedFeatures = [ "big-parallel" "benchmark" "kvm" "nixos-test" ];
      inherit (config.nix) maxJobs;
      # } {
      #   hostName = "client@dacbert.hq.c3d2.de";
      #   system = lib.concatStringsSep "," [
      #     "aarch64-linux" "armv6l-linux" "armv7l-linux"
      #   ];
      #   supportedFeatures = [ "kvm" "benchmark" "nixos-test" ];
      #   maxJobs = 1;
    }];

    daemonCPUSchedPolicy = "idle";
    daemonIOSchedClass = "idle";
    daemonIOSchedPriority = 7;
  };

  services = {
    hydra-dev = {
      enable = true;
      hydraURL = "https://hydra.hq.c3d2.de";
      logo = ./c3d2.svg;
      minimumDiskFree = 1;
      minimumDiskFreeEvaluator = 1;
      notificationSender = "hydra@spam.works";
      useSubstitutes = true;
      extraConfig =
        let
          key = config.sops.secrets."nix-serve/secretKey".path;
        in
        ''
          binary_cache_secret_key_file = ${key}
          evaluator_workers = 4
          evaluator_max_memory_size = 2048
          store_uri = auto?secret-key=${key}&write-nar-listing=1&ls-compression=zstd&log-compression=zstd
          upload_logs_to_binary_cache = true
        '';
    };

    nginx =
      let
        hydraVhost = {
          forceSSL = true;
          enableACME = true;
          locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
        };
      in
      {
        enable = true;
        virtualHosts = {
          "hydra.hq.c3d2.de" = hydraVhost // {
            default = true;
          };
          "hydra-ca.hq.c3d2.de" = hydraVhost // {
            locations."/".proxyPass = "http://192.168.100.2:3001";
          };
          "hydra.serv.zentralwerk.org" = hydraVhost;
          "nix-serve.hq.c3d2.de" = hydraVhost; # TODO: remove
        };
      };
      resolved.enable = false;
  };

  sops.secrets."nix-serve/secretKey".mode = "0444";

  systemd.services = {
    hydra-evaluator.serviceConfig = {
      CPUWeight = 2;
      MemoryHigh = "64G";
      MemoryMax = "64G";
      MemorySwapMax = "64G";
    };
    nix-daemon.serviceConfig = {
      LimitNOFILE = lib.mkForce 8192;
      CPUWeight = 5;
      MemoryHigh = "64G";
      MemoryMax = "64G";
      MemorySwapMax = "64G";
    };
  };
}
Add ca hydra 2022-06-24 01:02:11 +02:00			`{ hostRegistry, hydra-ca, config, lib, pkgs, ... }:`
nix-build: remove 2022-06-22 00:16:03 +02:00			`{`
Add ca hydra 2022-06-24 01:02:11 +02:00			`containers = {`
			`hydra-ca = {`
			`autoStart = true;`
			`config = { ... }: {`
			`imports = [`
			`hydra-ca.nixosModules.hydra`
			`];`

hydra-ca: add git for flakes 2022-07-01 01:30:31 +02:00			`environment.systemPackages = with pkgs; [ git ];`

Add ca hydra 2022-06-24 01:02:11 +02:00			`networking.firewall.allowedTCPPorts = [ 3001 ];`

hydra: activate features 2022-06-24 01:14:37 +02:00			`nix = {`
			`settings = {`
			`substituters = [`
			`"https://cache.ngi0.nixos.org/"`
			`];`
			`trusted-public-keys = [`
			`"cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="`
			`];`
			`};`
			`extraOptions = ''`
hydra-ca: allow gitlab downloads 2022-06-28 20:58:07 +02:00			`allowed-uris = https://gitea.c3d2.de/ https://github.com/ https://gitlab.com/ ssh://gitea@gitea.c3d2.de/`
hydra-ca: add upstream ca hydra cache 2022-07-01 01:30:46 +02:00			`builders-use-substitutes = true`
hydra: activate features 2022-06-24 01:14:37 +02:00			`experimental-features = ca-derivations nix-command flakes`
hydra-ca: add upstream ca hydra cache 2022-07-01 01:30:46 +02:00			`extra-substituters = https://cache.ngi0.nixos.org/`
			`extra-trusted-public-keys = cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=`
hydra: activate features 2022-06-24 01:14:37 +02:00			`'';`
Add ca hydra 2022-06-24 01:02:11 +02:00			`};`

hydra-ca: add overlays 2022-06-24 03:01:36 +02:00			`nixpkgs.overlays = [ (import ../../overlay) ];`

Add ca hydra 2022-06-24 01:02:11 +02:00			`services = {`
			`hydra-dev = lib.recursiveUpdate config.services.hydra-dev {`
			`hydraURL = "https://hydra-ca.hq.c3d2.de";`
			`port = 3001;`
			`};`
			`};`
			`};`
			`hostAddress = "192.168.100.1";`
			`localAddress = "192.168.100.2";`
			`privateNetwork = true;`
			`};`
			`};`

			`networking.nat = {`
			`enable = true;`
			`externalInterface = "serv";`
			`internalInterfaces = [ "ve-hydra-ca" ];`
			`};`

hail hydra! 2021-03-12 21:45:12 +01:00			`nix = {`
hydra: forcefully enable ca-derivations 2022-07-01 01:31:01 +02:00			`extraOptions = lib.mkForce ''`
hydra: fix nix settings for building this flake 2022-01-08 01:33:50 +01:00			`allowed-uris = http:// https:// ssh://`
hydra: forcefully enable ca-derivations 2022-07-01 01:31:01 +02:00			`builders-use-substitutes = true`
			`experimental-features = ca-derivations nix-command flakes`
hail hydra! 2021-03-12 21:45:12 +01:00			`'';`
hydra: fix nix settings for building this flake 2022-01-08 01:33:50 +01:00			`trustedUsers = [ "hydra" "root" ];`
Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`buildMachines = [{`
hydra: add buildMachines did I deploy that? 2021-03-24 21:09:51 +01:00			`hostName = "localhost";`
hydra: use localhost only in buildMachines 2022-06-21 23:34:38 +02:00			`system = lib.concatStringsSep "," ([`
Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`pkgs.system`
			`"i686-linux"`
hydra: use localhost only in buildMachines 2022-06-21 23:34:38 +02:00			`] ++ config.boot.binfmt.emulatedSystems);`
hydra: bare-metalify 2022-05-05 22:34:51 +02:00			`supportedFeatures = [ "big-parallel" "benchmark" "kvm" "nixos-test" ];`
hydra: update buildCores, maxJobs 2022-05-07 01:01:02 +02:00			`inherit (config.nix) maxJobs;`
Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`# } {`
			`# hostName = "client@dacbert.hq.c3d2.de";`
			`# system = lib.concatStringsSep "," [`
			`# "aarch64-linux" "armv6l-linux" "armv7l-linux"`
			`# ];`
			`# supportedFeatures = [ "kvm" "benchmark" "nixos-test" ];`
			`# maxJobs = 1;`
hydra: remove dacbert from remote builders 2022-06-12 00:16:00 +02:00			`}];`
hydra: set nix-daemon to idle scheduling 2022-01-09 01:50:32 +01:00
			`daemonCPUSchedPolicy = "idle";`
			`daemonIOSchedClass = "idle";`
			`daemonIOSchedPriority = 7;`
hail hydra! 2021-03-12 21:45:12 +01:00			`};`

Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`services = {`
			`hydra-dev = {`
			`enable = true;`
			`hydraURL = "https://hydra.hq.c3d2.de";`
			`logo = ./c3d2.svg;`
			`minimumDiskFree = 1;`
			`minimumDiskFreeEvaluator = 1;`
			`notificationSender = "hydra@spam.works";`
			`useSubstitutes = true;`
			`extraConfig =`
			`let`
			`key = config.sops.secrets."nix-serve/secretKey".path;`
			`in`
			`''`
			`binary_cache_secret_key_file = ${key}`
hydra: bump back up evaluator_workers, memory limits 2022-06-23 23:24:04 +02:00			`evaluator_workers = 4`
Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`evaluator_max_memory_size = 2048`
			`store_uri = auto?secret-key=${key}&write-nar-listing=1&ls-compression=zstd&log-compression=zstd`
			`upload_logs_to_binary_cache = true`
			`'';`
			`};`

			`nginx =`
			`let`
			`hydraVhost = {`
			`forceSSL = true;`
			`enableACME = true;`
Add ca hydra 2022-06-24 01:02:11 +02:00			`locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";`
Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`};`
			`in`
			`{`
			`enable = true;`
			`virtualHosts = {`
			`"hydra.hq.c3d2.de" = hydraVhost // {`
			`default = true;`
			`};`
Add ca hydra 2022-06-24 01:02:11 +02:00			`"hydra-ca.hq.c3d2.de" = hydraVhost // {`
			`locations."/".proxyPass = "http://192.168.100.2:3001";`
			`};`
Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`"hydra.serv.zentralwerk.org" = hydraVhost;`
Add ca hydra 2022-06-24 01:02:11 +02:00			`"nix-serve.hq.c3d2.de" = hydraVhost; # TODO: remove`
Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`};`
			`};`
Add ca hydra 2022-06-24 01:02:11 +02:00			`resolved.enable = false;`
hail hydra! 2021-03-12 21:45:12 +01:00			`};`
The big format and cleanup 2022-06-12 17:26:32 +02:00
Nuke nix-serv and use hydra direct 2022-06-23 20:22:23 +02:00			`sops.secrets."nix-serve/secretKey".mode = "0444";`

hydra: fix the hydra 2022-05-07 00:50:01 +02:00			`systemd.services = {`
			`hydra-evaluator.serviceConfig = {`
hydra: set hydra-evaluator+nix-daemon CPUWeight so that system keeps responsive 2022-05-07 02:49:46 +02:00			`CPUWeight = 2;`
hydra: bump back up evaluator_workers, memory limits 2022-06-23 23:24:04 +02:00			`MemoryHigh = "64G";`
			`MemoryMax = "64G";`
			`MemorySwapMax = "64G";`
hydra: fix the hydra 2022-05-07 00:50:01 +02:00			`};`
fixes 2022-06-13 15:48:05 +02:00			`nix-daemon.serviceConfig = {`
hydra: add dacbert to buildMachines 2022-06-09 17:45:23 +02:00			`LimitNOFILE = lib.mkForce 8192;`
hydra: set hydra-evaluator+nix-daemon CPUWeight so that system keeps responsive 2022-05-07 02:49:46 +02:00			`CPUWeight = 5;`
hydra: bump memory limits 2022-06-23 22:10:06 +02:00			`MemoryHigh = "64G";`
			`MemoryMax = "64G";`
			`MemorySwapMax = "64G";`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
hydra: set hydra-evaluator+nix-daemon CPUWeight so that system keeps responsive 2022-05-07 02:49:46 +02:00			`};`
hail hydra! 2021-03-12 21:45:12 +01:00			`}`