server7: switch to flake, re-enable hydra

2020-03-25 19:52:13 +01:00 · 2020-03-25 19:52:13 +01:00 · 6c84fc4ebf
parent cf11f394b9
commit 6c84fc4ebf
9 changed files with 64 additions and 171 deletions
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "info": {
+        "lastModified": 1586508340,
+        "narHash": "sha256-d5jSxQw5h2N72iLnMP1ri5atw5oTsjLvgO4cTe1C2IM="
+      },
+      "locked": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "807ca93fadd5197c2260490de0c76e500562dc05",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 5
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,13 @@
+{
+  description = "C3D2 NixOS configurations";
+
+  edition = 201909;
+
+  outputs = { self, nixpkgs }: {
+    nixosConfigurations.server7 = nixpkgs.lib.nixosSystem {
+      modules =
+        [ ./hosts/server7 ];
+      system = "x86_64-linux";
+    };
+  };
+}
--- a/hosts/server7/containers/outer-defaults.nix
+++ b/hosts/server7/containers/outer-defaults.nix
@ -8,11 +8,12 @@ in {
  privateNetwork = true;
  hostBridge = "br0";

-  localAddress6 = with builtins; let
-    hash = hashString "sha256" name;
-    hextet0 = substring 0 4 hash;
-    hextet1 = substring 4 4 hash;
-  in "${yggaddr.prefix}:${hextet0}:${hextet1}:c3d2/64";
+  localAddress6 = with builtins;
+    let
+      hash = hashString "sha256" name;
+      hextet0 = substring 0 4 hash;
+      hextet1 = substring 4 4 hash;
+    in "${yggaddr.prefix}:${hextet0}:${hextet1}:c3d2/64";
  # Generate a deterministic IPv6 address for the container.
  # This address is accessible within HQ and Yggdrasil but not from ARPANET.
 }
--- a/hosts/server7/containers/storage/default.nix
+++ b/hosts/server7/containers/storage/default.nix
@ -45,7 +45,7 @@ name:
                    fancyindex on;
                    # autoindex on;
                    dav_access all:r;
-                '';
+              '';
            };
          };
        };
--- a/hosts/server7/configuration.nix
+++ b/hosts/server7/configuration.nix
@ -3,7 +3,7 @@
 let yggaddr = import ./yggaddr.nix;
 in {
  imports = [
-    <nixpkgs/nixos/modules/profiles/minimal.nix>
+    # <nixpkgs/nixos/modules/profiles/minimal.nix>
    ../../lib
    ../../lib/default-gateway.nix
    ./borgbackup.nix
@ -40,6 +40,7 @@ in {
    ];
  };

+
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
@ -54,6 +55,7 @@ in {
  boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;

  services.yggdrasil = {
+    enable = true;
    configFile = "/var/lib/yggdrasil/keys";
    config.Peers = [
      "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
--- a/hosts/server7/hardware-configuration.nix
+++ b/hosts/server7/hardware-configuration.nix
@ -4,7 +4,7 @@
 { config, lib, pkgs, ... }:

 {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+  # imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];

  boot.initrd.availableKernelModules =
    [ "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
--- a/hosts/server7/hydra.nix
+++ b/hosts/server7/hydra.nix
@ -1,173 +1,18 @@
-let
-  hydraFlakes = pkgs:
-    with pkgs;
-    let
-      perlDeps = buildEnv {
-        name = "hydra-perl-deps";
-        paths = with perlPackages; [
-          ModulePluggable
-          CatalystActionREST
-          CatalystAuthenticationStoreDBIxClass
-          CatalystDevel
-          CatalystDispatchTypeRegex
-          CatalystPluginAccessLog
-          CatalystPluginAuthorizationRoles
-          CatalystPluginCaptcha
-          CatalystPluginSessionStateCookie
-          CatalystPluginSessionStoreFastMmap
-          CatalystPluginStackTrace
-          CatalystPluginUnicodeEncoding
-          CatalystTraitForRequestProxyBase
-          CatalystViewDownload
-          CatalystViewJSON
-          CatalystViewTT
-          CatalystXScriptServerStarman
-          CatalystXRoleApplicator
-          CryptRandPasswd
-          DBDPg
-          DBDSQLite
-          DataDump
-          DateTime
-          DigestSHA1
-          EmailMIME
-          EmailSender
-          FileSlurp
-          IOCompress
-          IPCRun
-          JSON
-          JSONAny
-          JSONXS
-          LWP
-          LWPProtocolHttps
-          NetAmazonS3
-          NetPrometheus
-          NetStatsd
-          PadWalker
-          Readonly
-          SQLSplitStatement
-          SetScalar
-          Starman
-          SysHostnameLong
-          TermSizeAny
-          TestMore
-          TextDiff
-          TextTable
-          XMLSimple
-          pkgs.nixFlakes
-          pkgs.nixFlakes.perl-bindings
-          git
-          boehmgc
-        ];
-      };
+{ config, pkgs, ... }:

-    in stdenv.mkDerivation {
-
-      name = "hydra-flake";
-
-      src = pkgs.fetchFromGitHub {
-        owner = "NixOS";
-        repo = "hydra";
-        rev = "47797576838974c8209536b67bb45e953a50900f";
-        sha256 = "1vqib99d7wgnl3c6ccx0xx2q88qmdkpydkb6gd0pik9wg2nn3jng";
-      };
-
-      buildInputs = [
-        makeWrapper
-        autoconf
-        automake
-        libtool
-        unzip
-        nukeReferences
-        pkgconfig
-        sqlite
-        libpqxx
-        gitAndTools.topGit
-        mercurial
-        darcs
-        subversion
-        bazaar
-        openssl
-        bzip2
-        libxslt
-        guile # optional, for Guile + Guix support
-        perlDeps
-        perl
-        pkgs.nixFlakes
-        postgresql95 # for running the tests
-        boost
-        (nlohmann_json.override { multipleHeaders = true; })
-      ];
-
-      hydraPath = lib.makeBinPath ([
-        sqlite
-        subversion
-        openssh
-        pkgs.nixFlakes
-        coreutils
-        findutils
-        pixz
-        gzip
-        bzip2
-        lzma
-        gnutar
-        unzip
-        git
-        gitAndTools.topGit
-        mercurial
-        darcs
-        gnused
-        bazaar
-      ] ++ lib.optionals stdenv.isLinux [ rpm dpkg cdrkit ]);
-
-      configureFlags = [ "--with-docbook-xsl=${docbook_xsl}/xml/xsl/docbook" ];
-
-      shellHook = ''
-        PATH=$(pwd)/src/hydra-evaluator:$(pwd)/src/script:$(pwd)/src/hydra-eval-jobs:$(pwd)/src/hydra-queue-runner:$PATH
-        PERL5LIB=$(pwd)/src/lib:$PERL5LIB
-      '';
-
-      preConfigure = "autoreconf -vfi";
-
-      NIX_LDFLAGS = [ "-lpthread" ];
-
-      enableParallelBuilding = true;
-
-      preCheck = ''
-        patchShebangs .
-        export LOGNAME=''${LOGNAME:-foo}
-      '';
-
-      postInstall = ''
-        mkdir -p $out/nix-support
-
-        for i in $out/bin/*; do
-            read -n 4 chars < $i
-            if [[ $chars =~ ELF ]]; then continue; fi
-            wrapProgram $i \
-                --prefix PERL5LIB ':' $out/libexec/hydra/lib:$PERL5LIB \
-                --prefix PATH ':' $out/bin:$hydraPath \
-                --set HYDRA_RELEASE 0.1 \
-                --set HYDRA_HOME $out/libexec/hydra \
-                --set NIX_RELEASE ${pkgs.nixFlakes.name or "unknown"}
-        done
-      '';
-
-      dontStrip = true;
-
-      meta.description = "Build of Hydra on ${system}";
-      passthru.perlDeps = perlDeps;
-    };
-in { config, pkgs, ... }: {
+{

  services.hydra = {
    enable = true;
    hydraURL = "https://server7.hq.c3d2.de";
    logo = ./hydra.svg;
    notificationSender = "hydra@spam.works";
-    package = hydraFlakes pkgs;
+    package = pkgs.hydra-unstable;
    listenHost = "127.0.0.1";
  };

+  nix.trustedUsers = [ "hydra" ];
+
  nix.buildMachines = [{
    hostName = "localhost";
    system = "x86_64-linux";
--- a/hosts/server7/nix-serve.nix
+++ b/hosts/server7/nix-serve.nix
@ -15,7 +15,9 @@
        addSSL = true;
        enableACME = true;
        locations."/".proxyPass =
-            "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+          "http://${config.services.nix-serve.bindAddress}:${
+            toString config.services.nix-serve.port
+          }";
      };
    };
  };
--- a/lib/lxc/default.nix
+++ b/lib/lxc/default.nix
@ -3,8 +3,11 @@
 with lib;

 let
-  nixcloud-webservices = builtins.fetchGit {
-    url = "https://github.com/nixcloud/nixcloud-webservices.git";
+  nixcloud-webservices = pkgs.fetchFromGitHub {
+    owner = "nixcloud";
+    repo = "nixcloud-webservices";
+    rev = "3a0767f0536fac811065eb87e6342f27eac085aa";
+    sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8=";
  };
  nixcloud = (
    import "${nixcloud-webservices}/pkgs" { inherit pkgs; }