2022-12-04 08:53:28 +01:00
{ config , lib , . . . }:
2022-09-25 22:04:59 +02:00
let
cachePort = 5000 ;
in
2022-06-22 00:16:03 +02:00
{
2022-11-07 23:13:17 +01:00
# disabled because currently it display `ARRAY(0x4ec2040)` on the website and also uses a perl array in store paths instead of /nix/store
# containers = {
# hydra-ca = {
# autoStart = true;
# config = { ... }: {
# imports = [
# hydra-ca.nixosModules.hydra
# ];
2022-06-24 01:02:11 +02:00
2022-11-07 23:13:17 +01:00
# environment.systemPackages = with pkgs; [ git ];
2022-07-01 01:30:31 +02:00
2022-11-07 23:13:17 +01:00
# networking.firewall.allowedTCPPorts = [ 3001 ];
2022-06-24 01:02:11 +02:00
2022-11-07 23:13:17 +01:00
# nix = {
# settings = {
# allowed-uris = "https://gitea.c3d2.de/ https://github.com/ https://gitlab.com/ ssh://gitea@gitea.c3d2.de/";
# builders-use-substitutes = true;
# experimental-features = "ca-derivations nix-command flakes";
# extra-substituters = "https://cache.ngi0.nixos.org/";
# extra-trusted-public-keys = "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=";
# substituters = [
# "https://cache.ngi0.nixos.org/"
# ];
# trusted-public-keys = [
# "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
# ];
# };
# };
2022-06-24 01:02:11 +02:00
2022-11-07 23:13:17 +01:00
# nixpkgs = {
# # config.contentAddressedByDefault = true;
# overlays = [ self.overlay ];
# };
2022-06-24 03:01:36 +02:00
2022-11-07 23:13:17 +01:00
# services = {
# hydra-dev = lib.recursiveUpdate config.services.hydra-dev {
# hydraURL = "https://hydra-ca.hq.c3d2.de";
# port = 3001;
# };
# };
2022-07-09 00:58:03 +02:00
2022-11-07 23:13:17 +01:00
# system.stateVersion = "22.05"; # Did you read the comment? No.
# };
# hostAddress = "192.168.100.1";
# localAddress = "192.168.100.2";
# privateNetwork = true;
# };
# };
2022-06-24 01:02:11 +02:00
2022-11-07 23:13:17 +01:00
# networking.nat = {
# enable = true;
# externalInterface = "serv";
# internalInterfaces = [ "ve-hydra-ca" ];
# };
2022-06-24 01:02:11 +02:00
2021-03-12 21:45:12 +01:00
nix = {
2022-06-23 20:22:23 +02:00
buildMachines = [ {
2022-09-21 19:52:41 +02:00
hostName = " c l i e n t @ d a c b e r t . h q . c 3 d 2 . d e " ;
system = lib . concatStringsSep " , " [
" a a r c h 6 4 - l i n u x " " a r m v 6 l - l i n u x " " a r m v 7 l - l i n u x "
] ;
supportedFeatures = [ " k v m " " n i x o s - t e s t " ] ;
maxJobs = 1 ;
2022-06-12 00:16:00 +02:00
} ] ;
2022-01-09 01:50:32 +01:00
daemonCPUSchedPolicy = " i d l e " ;
daemonIOSchedClass = " i d l e " ;
daemonIOSchedPriority = 7 ;
2022-09-21 21:31:30 +02:00
settings = {
allowed-uris = " h t t p : / / h t t p s : / / s s h : / / " ;
builders-use-substitutes = true ;
experimental-features = " c a - d e r i v a t i o n s n i x - c o m m a n d f l a k e s " ;
2022-11-07 23:13:17 +01:00
trusted-users = [ " h y d r a " " r o o t " ] ;
2022-09-21 21:31:30 +02:00
} ;
2021-03-12 21:45:12 +01:00
} ;
2022-12-04 04:58:36 +01:00
c3d2 . simd . arch = " i v y b r i d g e " ;
2022-06-23 20:22:23 +02:00
services = {
2022-11-07 23:13:17 +01:00
hydra = {
2022-06-23 20:22:23 +02:00
enable = true ;
2022-09-21 20:24:48 +02:00
buildMachinesFiles = [
" / e t c / n i x / m a c h i n e s "
" / v a r / l i b / h y d r a / m a c h i n e s "
] ;
2022-06-23 20:22:23 +02:00
hydraURL = " h t t p s : / / h y d r a . h q . c 3 d 2 . d e " ;
logo = ./c3d2.svg ;
2022-09-21 21:31:30 +02:00
minimumDiskFree = 50 ;
minimumDiskFreeEvaluator = 50 ;
2022-06-23 20:22:23 +02:00
notificationSender = " h y d r a @ s p a m . w o r k s " ;
useSubstitutes = true ;
extraConfig =
let
key = config . sops . secrets . " n i x - s e r v e / s e c r e t K e y " . path ;
in
''
binary_cache_secret_key_file = $ { key }
2022-06-23 23:24:04 +02:00
evaluator_workers = 4
2022-06-23 20:22:23 +02:00
evaluator_max_memory_size = 2048
2022-09-21 21:31:30 +02:00
max_output_size = $ { toString ( 5 * 1024 * 1024 * 1024 ) } # sd card and raw images
2022-06-23 20:22:23 +02:00
store_uri = auto ? secret-key = $ { key } & write-nar-listing = 1 & ls-compression = zstd & log-compression = zstd
upload_logs_to_binary_cache = true
'' ;
} ;
2022-09-25 22:04:59 +02:00
# A rust nix binary cache
harmonia = {
enable = true ;
settings = {
bind = " 1 2 7 . 0 . 0 . 1 : ${ toString cachePort } " ;
workers = " 2 0 " ;
max_connection_rate = 1024 ;
priority = 30 ;
2022-09-25 23:03:34 +02:00
sign_key_path = config . sops . secrets . " n i x - s e r v e / s e c r e t K e y " . path ;
2022-09-25 22:04:59 +02:00
} ;
} ;
2022-06-23 20:22:23 +02:00
nginx =
let
hydraVhost = {
forceSSL = true ;
enableACME = true ;
2022-06-24 01:02:11 +02:00
locations . " / " . proxyPass = " h t t p : / / l o c a l h o s t : ${ toString config . services . hydra . port } " ;
2022-06-23 20:22:23 +02:00
} ;
in
{
enable = true ;
virtualHosts = {
" h y d r a . h q . c 3 d 2 . d e " = hydraVhost // {
default = true ;
} ;
2022-11-07 23:13:17 +01:00
# "hydra-ca.hq.c3d2.de" = hydraVhost // {
# locations."/".proxyPass = "http://192.168.100.2:3001";
# };
2022-06-23 20:22:23 +02:00
" h y d r a . s e r v . z e n t r a l w e r k . o r g " = hydraVhost ;
2022-09-25 22:04:59 +02:00
" n i x - s e r v e . h q . c 3 d 2 . d e " = {
forceSSL = true ;
enableACME = true ;
locations . " / " . proxyPass = " h t t p : / / l o c a l h o s t : ${ toString cachePort } " ;
} ;
2022-06-23 20:22:23 +02:00
} ;
} ;
2022-07-04 00:50:49 +02:00
resolved . enable = false ;
2021-03-12 21:45:12 +01:00
} ;
2022-06-12 17:26:32 +02:00
2022-07-31 18:13:03 +02:00
sops = {
defaultSopsFile = ./secrets.yaml ;
2022-12-05 01:57:19 +01:00
secrets . " n i x - s e r v e / s e c r e t K e y " = {
mode = " 4 4 0 " ;
owner = config . users . users . hydra-queue-runner . name ;
inherit ( config . users . users . hydra-queue-runner ) group ;
} ;
2022-07-31 18:13:03 +02:00
} ;
2022-06-23 20:22:23 +02:00
2022-05-07 00:50:01 +02:00
systemd . services = {
hydra-evaluator . serviceConfig = {
2022-05-07 02:49:46 +02:00
CPUWeight = 2 ;
2022-06-23 23:24:04 +02:00
MemoryHigh = " 6 4 G " ;
MemoryMax = " 6 4 G " ;
MemorySwapMax = " 6 4 G " ;
2022-05-07 00:50:01 +02:00
} ;
2022-09-21 19:52:41 +02:00
2022-09-21 20:24:48 +02:00
hydra-init . preStart = let
2022-10-20 17:41:55 +02:00
makesSenseForQemuUser = feature :
! ( builtins . elem feature [ " k v m " " b e n c h m a r k " ] ) ;
# strips features that don't make sense on qemu-user
extraPlatformSystemFeatures =
builtins . filter makesSenseForQemuUser config . nix . settings . system-features ;
2022-12-05 01:55:19 +01:00
in
# both entries cannot have localhost alone because then hydra would merge them together but we want explictily two to not allow benchmarkts for binfmt emulated arches
''
2022-09-21 20:24:48 +02:00
cat < < EOF > ~/machines
2022-10-20 17:41:55 +02:00
localhost x86_64-linux - $ { toString config . nix . settings . max-jobs } 10 $ { lib . concatStringsSep " , " config . nix . settings . system-features } -
2022-12-05 01:55:19 +01:00
hydra @ localhost $ { lib . concatStringsSep " , " config . nix . settings . extra-platforms } - $ { toString config . nix . settings . max-jobs } 10 $ { lib . concatStringsSep " , " extraPlatformSystemFeatures } -
2022-09-21 20:24:48 +02:00
EOF
'' ;
2022-06-13 15:48:05 +02:00
nix-daemon . serviceConfig = {
2022-05-07 02:49:46 +02:00
CPUWeight = 5 ;
2022-06-23 22:10:06 +02:00
MemoryHigh = " 6 4 G " ;
MemoryMax = " 6 4 G " ;
MemorySwapMax = " 6 4 G " ;
2022-06-12 17:26:32 +02:00
} ;
2022-05-07 02:49:46 +02:00
} ;
2022-12-05 01:57:19 +01:00
# allow reading nix-serve secret
users . users . harmonia . extraGroups = [ " h y d r a " ] ;
2021-03-12 21:45:12 +01:00
}