2022-07-17 01:48:50 +02:00
|
|
|
{ self, hostRegistry, hydra-ca, config, lib, pkgs, ... }:
|
2022-09-25 22:04:59 +02:00
|
|
|
|
|
|
|
let
|
|
|
|
cachePort = 5000;
|
|
|
|
|
|
|
|
in
|
2022-06-22 00:16:03 +02:00
|
|
|
{
|
2022-06-24 01:02:11 +02:00
|
|
|
containers = {
|
|
|
|
hydra-ca = {
|
|
|
|
autoStart = true;
|
|
|
|
config = { ... }: {
|
|
|
|
imports = [
|
|
|
|
hydra-ca.nixosModules.hydra
|
|
|
|
];
|
|
|
|
|
2022-07-01 01:30:31 +02:00
|
|
|
environment.systemPackages = with pkgs; [ git ];
|
|
|
|
|
2022-06-24 01:02:11 +02:00
|
|
|
networking.firewall.allowedTCPPorts = [ 3001 ];
|
|
|
|
|
2022-06-24 01:14:37 +02:00
|
|
|
nix = {
|
|
|
|
settings = {
|
2022-09-21 21:31:30 +02:00
|
|
|
allowed-uris = "https://gitea.c3d2.de/ https://github.com/ https://gitlab.com/ ssh://gitea@gitea.c3d2.de/";
|
|
|
|
builders-use-substitutes = true;
|
|
|
|
experimental-features = "ca-derivations nix-command flakes";
|
|
|
|
extra-substituters = "https://cache.ngi0.nixos.org/";
|
|
|
|
extra-trusted-public-keys = "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=";
|
2022-06-24 01:14:37 +02:00
|
|
|
substituters = [
|
|
|
|
"https://cache.ngi0.nixos.org/"
|
|
|
|
];
|
|
|
|
trusted-public-keys = [
|
|
|
|
"cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
|
|
|
|
];
|
|
|
|
};
|
2022-06-24 01:02:11 +02:00
|
|
|
};
|
|
|
|
|
2022-07-24 03:59:15 +02:00
|
|
|
nixpkgs = {
|
|
|
|
# config.contentAddressedByDefault = true;
|
|
|
|
overlays = [ self.overlay ];
|
|
|
|
};
|
2022-06-24 03:01:36 +02:00
|
|
|
|
2022-06-24 01:02:11 +02:00
|
|
|
services = {
|
|
|
|
hydra-dev = lib.recursiveUpdate config.services.hydra-dev {
|
|
|
|
hydraURL = "https://hydra-ca.hq.c3d2.de";
|
|
|
|
port = 3001;
|
|
|
|
};
|
|
|
|
};
|
2022-07-09 00:58:03 +02:00
|
|
|
|
|
|
|
system.stateVersion = "22.05"; # Did you read the comment? No.
|
2022-06-24 01:02:11 +02:00
|
|
|
};
|
|
|
|
hostAddress = "192.168.100.1";
|
|
|
|
localAddress = "192.168.100.2";
|
|
|
|
privateNetwork = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.nat = {
|
|
|
|
enable = true;
|
|
|
|
externalInterface = "serv";
|
|
|
|
internalInterfaces = [ "ve-hydra-ca" ];
|
|
|
|
};
|
|
|
|
|
2021-03-12 21:45:12 +01:00
|
|
|
nix = {
|
2022-06-23 20:22:23 +02:00
|
|
|
buildMachines = [{
|
2022-09-21 19:52:41 +02:00
|
|
|
hostName = "client@dacbert.hq.c3d2.de";
|
|
|
|
system = lib.concatStringsSep "," [
|
|
|
|
"aarch64-linux" "armv6l-linux" "armv7l-linux"
|
|
|
|
];
|
|
|
|
supportedFeatures = [ "kvm" "nixos-test" ];
|
|
|
|
maxJobs = 1;
|
2022-06-12 00:16:00 +02:00
|
|
|
}];
|
2022-01-09 01:50:32 +01:00
|
|
|
daemonCPUSchedPolicy = "idle";
|
|
|
|
daemonIOSchedClass = "idle";
|
|
|
|
daemonIOSchedPriority = 7;
|
2022-09-21 21:31:30 +02:00
|
|
|
settings = {
|
|
|
|
allowed-uris = "http:// https:// ssh://";
|
|
|
|
builders-use-substitutes = true;
|
|
|
|
experimental-features = "ca-derivations nix-command flakes";
|
|
|
|
};
|
|
|
|
trustedUsers = [ "hydra" "root" ];
|
2021-03-12 21:45:12 +01:00
|
|
|
};
|
|
|
|
|
2022-06-23 20:22:23 +02:00
|
|
|
services = {
|
|
|
|
hydra-dev = {
|
|
|
|
enable = true;
|
2022-09-21 20:24:48 +02:00
|
|
|
buildMachinesFiles = [
|
|
|
|
"/etc/nix/machines"
|
|
|
|
"/var/lib/hydra/machines"
|
|
|
|
];
|
2022-06-23 20:22:23 +02:00
|
|
|
hydraURL = "https://hydra.hq.c3d2.de";
|
|
|
|
logo = ./c3d2.svg;
|
2022-09-21 21:31:30 +02:00
|
|
|
minimumDiskFree = 50;
|
|
|
|
minimumDiskFreeEvaluator = 50;
|
2022-06-23 20:22:23 +02:00
|
|
|
notificationSender = "hydra@spam.works";
|
|
|
|
useSubstitutes = true;
|
|
|
|
extraConfig =
|
|
|
|
let
|
|
|
|
key = config.sops.secrets."nix-serve/secretKey".path;
|
|
|
|
in
|
|
|
|
''
|
|
|
|
binary_cache_secret_key_file = ${key}
|
2022-06-23 23:24:04 +02:00
|
|
|
evaluator_workers = 4
|
2022-06-23 20:22:23 +02:00
|
|
|
evaluator_max_memory_size = 2048
|
2022-09-21 21:31:30 +02:00
|
|
|
max_output_size = ${toString (5*1024*1024*1024)} # sd card and raw images
|
2022-06-23 20:22:23 +02:00
|
|
|
store_uri = auto?secret-key=${key}&write-nar-listing=1&ls-compression=zstd&log-compression=zstd
|
|
|
|
upload_logs_to_binary_cache = true
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-09-25 22:04:59 +02:00
|
|
|
# A rust nix binary cache
|
|
|
|
harmonia = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
bind = "127.0.0.1:${toString cachePort}";
|
|
|
|
workers = "20";
|
|
|
|
max_connection_rate = 1024;
|
|
|
|
priority = 30;
|
2022-09-25 23:03:34 +02:00
|
|
|
sign_key_path = config.sops.secrets."nix-serve/secretKey".path;
|
2022-09-25 22:04:59 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-06-23 20:22:23 +02:00
|
|
|
nginx =
|
|
|
|
let
|
|
|
|
hydraVhost = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
2022-06-24 01:02:11 +02:00
|
|
|
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
|
2022-06-23 20:22:23 +02:00
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"hydra.hq.c3d2.de" = hydraVhost // {
|
|
|
|
default = true;
|
|
|
|
};
|
2022-06-24 01:02:11 +02:00
|
|
|
"hydra-ca.hq.c3d2.de" = hydraVhost // {
|
|
|
|
locations."/".proxyPass = "http://192.168.100.2:3001";
|
|
|
|
};
|
2022-06-23 20:22:23 +02:00
|
|
|
"hydra.serv.zentralwerk.org" = hydraVhost;
|
2022-09-25 22:04:59 +02:00
|
|
|
"nix-serve.hq.c3d2.de" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
locations."/".proxyPass = "http://localhost:${toString cachePort}";
|
|
|
|
};
|
2022-06-23 20:22:23 +02:00
|
|
|
};
|
|
|
|
};
|
2022-07-04 00:50:49 +02:00
|
|
|
resolved.enable = false;
|
2021-03-12 21:45:12 +01:00
|
|
|
};
|
2022-06-12 17:26:32 +02:00
|
|
|
|
2022-07-31 18:13:03 +02:00
|
|
|
sops = {
|
|
|
|
defaultSopsFile = ./secrets.yaml;
|
|
|
|
secrets."nix-serve/secretKey".mode = "0444";
|
|
|
|
};
|
2022-06-23 20:22:23 +02:00
|
|
|
|
2022-05-07 00:50:01 +02:00
|
|
|
systemd.services = {
|
|
|
|
hydra-evaluator.serviceConfig = {
|
2022-05-07 02:49:46 +02:00
|
|
|
CPUWeight = 2;
|
2022-06-23 23:24:04 +02:00
|
|
|
MemoryHigh = "64G";
|
|
|
|
MemoryMax = "64G";
|
|
|
|
MemorySwapMax = "64G";
|
2022-05-07 00:50:01 +02:00
|
|
|
};
|
2022-09-21 19:52:41 +02:00
|
|
|
|
2022-09-21 20:24:48 +02:00
|
|
|
hydra-init.preStart = let
|
2022-10-20 17:41:55 +02:00
|
|
|
makesSenseForQemuUser = feature:
|
|
|
|
! (builtins.elem feature [ "kvm" "benchmark" ]);
|
|
|
|
# strips features that don't make sense on qemu-user
|
|
|
|
extraPlatformSystemFeatures =
|
|
|
|
builtins.filter makesSenseForQemuUser config.nix.settings.system-features;
|
2022-09-21 20:24:48 +02:00
|
|
|
in ''
|
|
|
|
cat << EOF > ~/machines
|
2022-10-20 17:41:55 +02:00
|
|
|
localhost x86_64-linux - ${toString config.nix.settings.max-jobs} 10 ${lib.concatStringsSep "," config.nix.settings.system-features} -
|
|
|
|
localhost ${lib.concatStringsSep "," config.nix.settings.extra-platforms} - ${toString config.nix.settings.max-jobs} 10 ${lib.concatStringsSep "," extraPlatformSystemFeatures} -
|
2022-09-21 20:24:48 +02:00
|
|
|
EOF
|
|
|
|
'';
|
|
|
|
|
2022-06-13 15:48:05 +02:00
|
|
|
nix-daemon.serviceConfig = {
|
2022-05-07 02:49:46 +02:00
|
|
|
CPUWeight = 5;
|
2022-06-23 22:10:06 +02:00
|
|
|
MemoryHigh = "64G";
|
|
|
|
MemoryMax = "64G";
|
|
|
|
MemorySwapMax = "64G";
|
2022-06-12 17:26:32 +02:00
|
|
|
};
|
2022-05-07 02:49:46 +02:00
|
|
|
};
|
2021-03-12 21:45:12 +01:00
|
|
|
}
|