c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

hydra: add harmonia on https://nix-serve.hq.c3d2.de

This commit is contained in:
Astro 2022-09-25 22:04:59 +02:00
parent 73d3076573
commit 9e7a7c9ee6
6 changed files with 55 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/c3d2.nix
View File

@ -157,7 +157,7 @@ in {
(builtins.readFile ../hosts/hydra/cache-pub.key) (builtins.readFile ../hosts/hydra/cache-pub.key)
]; ];
substituters = lib.mkIf (config.networking.hostName != "hydra") ( substituters = lib.mkIf (config.networking.hostName != "hydra") (
lib.mkBefore [ "https://hydra.hq.c3d2.de" ] lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
); );
}; };
gc = { gc = {

18
flake.lock
View File

@ -132,6 +132,23 @@
"type": "github" "type": "github"
} }
}, },
"harmonia": {
"flake": false,
"locked": {
"lastModified": 1664135560,
"narHash": "sha256-ODQX5+NTqztVtbqdubD1ED+0t6MDeQYnhqhgmUA5IGM=",
"owner": "astro",
"repo": "harmonia",
"rev": "ee0915762c43c71e3c76bd9d777ae7d99992a65f",
"type": "github"
},
"original": {
"owner": "astro",
"ref": "flake",
"repo": "harmonia",
"type": "github"
}
},
"heliwatch": { "heliwatch": {
"inputs": { "inputs": {
"fenix": [ "fenix": [
@ -623,6 +640,7 @@
"eris": "eris", "eris": "eris",
"fenix": "fenix", "fenix": "fenix",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"harmonia": "harmonia",
"heliwatch": "heliwatch", "heliwatch": "heliwatch",
"hydra": "hydra", "hydra": "hydra",
"hydra-ca": "hydra-ca", "hydra-ca": "hydra-ca",

15
flake.nix
View File

@ -43,6 +43,12 @@
inputs.nixpkgs.follows = "nixos"; inputs.nixpkgs.follows = "nixos";
}; };
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
harmonia = {
# TODO: pending https://github.com/helsinki-systems/harmonia/pull/39
# url = "github:helsinki-systems/harmonia";
url = "github:astro/harmonia/flake";
flake = false;
};
heliwatch = { heliwatch = {
url = "git+https://gitea.c3d2.de/astro/heliwatch.git"; url = "git+https://gitea.c3d2.de/astro/heliwatch.git";
inputs = { inputs = {
@ -166,7 +172,7 @@
}; };
}; };
outputs = inputs@{ self, eris, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, oparl-scraper, riscv64, scrapers, secrets, sshlogd, sops-nix, spacemsg, syndicate, ticker, tigger, yammat, zentralwerk, ... }: outputs = inputs@{ self, eris, fenix, harmonia, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, oparl-scraper, riscv64, scrapers, secrets, sshlogd, sops-nix, spacemsg, syndicate, ticker, tigger, yammat, zentralwerk, ... }:
let let
inherit (nixos) lib; inherit (nixos) lib;
forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]; forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
@ -312,7 +318,7 @@
let let
host = getHostAddr name; host = getHostAddr name;
target = ''root@"${host}"''; target = ''root@"${host}"'';
rebuildArg = "--flake ${self}#${name} --option extra-substituters https://hydra.hq.c3d2.de"; rebuildArg = "--flake ${self}#${name} --option extra-substituters https://nix-serve.hq.c3d2.de";
hostConfig = self.nixosConfigurations."${name}".config; hostConfig = self.nixosConfigurations."${name}".config;
profile = hostConfig.system.build.toplevel; profile = hostConfig.system.build.toplevel;
# let /var/lib/microvm/*/flake point to the flake-update branch so that # let /var/lib/microvm/*/flake point to the flake-update branch so that
@ -344,7 +350,7 @@
ssh ${target} -- bash -e <<EOF ssh ${target} -- bash -e <<EOF
[[ \$(cat /etc/hostname) == ${name} ]] [[ \$(cat /etc/hostname) == ${name} ]]
echo Copying data from Hydra to ${name} echo Copying data from Hydra to ${name}
nix copy --from https://hydra.hq.c3d2.de \ nix copy --from https://nix-serve.hq.c3d2.de \
$TOPLEVEL $TOPLEVEL
echo Activation on ${name}: "$@" echo Activation on ${name}: "$@"
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
@ -436,7 +442,7 @@
echo Sharing with $h echo Sharing with $h
ssh root@$h.cluster.zentralwerk.org -- \ ssh root@$h.cluster.zentralwerk.org -- \
bash -e <<EOF & bash -e <<EOF &
nix copy --from https://hydra.hq.c3d2.de $JOB nix copy --from https://nix-serve.hq.c3d2.de $JOB
mkdir -p /glusterfs/fast/microvms/${name} mkdir -p /glusterfs/fast/microvms/${name}
chown microvm:kvm /glusterfs/fast/microvms/${name} chown microvm:kvm /glusterfs/fast/microvms/${name}
chmod 0775 /glusterfs/fast/microvms/${name} chmod 0775 /glusterfs/fast/microvms/${name}
@ -695,6 +701,7 @@
hydra = nixosSystem' { hydra = nixosSystem' {
modules = [ modules = [
inputs.hydra.nixosModules.hydra inputs.hydra.nixosModules.hydra
(harmonia + "/module.nix")
./hosts/hydra ./hosts/hydra
{ {
_module.args = { _module.args = {

23
hosts/hydra/hydra.nix
View File

@ -1,4 +1,9 @@
{ self, hostRegistry, hydra-ca, config, lib, pkgs, ... }: { self, hostRegistry, hydra-ca, config, lib, pkgs, ... }:
let
cachePort = 5000;
in
{ {
containers = { containers = {
hydra-ca = { hydra-ca = {
@ -101,6 +106,18 @@
''; '';
}; };
# A rust nix binary cache
harmonia = {
enable = true;
settings = {
bind = "127.0.0.1:${toString cachePort}";
workers = "20";
max_connection_rate = 1024;
priority = 30;
};
};
nginx = nginx =
let let
hydraVhost = { hydraVhost = {
@ -119,7 +136,11 @@
locations."/".proxyPass = "http://192.168.100.2:3001"; locations."/".proxyPass = "http://192.168.100.2:3001";
}; };
"hydra.serv.zentralwerk.org" = hydraVhost; "hydra.serv.zentralwerk.org" = hydraVhost;
"nix-serve.hq.c3d2.de" = hydraVhost; # TODO: remove "nix-serve.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${toString cachePort}";
};
}; };
}; };
resolved.enable = false; resolved.enable = false;

4
modules/autoupdate.nix
View File

@ -38,7 +38,7 @@
if [ "$OLD" != "$NEW" ]; then if [ "$OLD" != "$NEW" ]; then
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config" echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
# this should fetch the new system from the binary cache # this should fetch the new system from the binary cache
nix copy --from https://hydra.hq.c3d2.de "$NEW" nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
echo "Switch to the new system..." echo "Switch to the new system..."
nix-env -p /nix/var/nix/profiles/system --set $NEW nix-env -p /nix/var/nix/profiles/system --set $NEW
@ -92,7 +92,7 @@
if [ "$OLD" != "$NEW" ]; then if [ "$OLD" != "$NEW" ]; then
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config" echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
# this should fetch the new system from the binary cache # this should fetch the new system from the binary cache
nix copy --from https://hydra.hq.c3d2.de "$NEW" nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
echo "Switch to the new system..." echo "Switch to the new system..."
nix-env -p /nix/var/nix/profiles/system --set $NEW nix-env -p /nix/var/nix/profiles/system --set $NEW
"$NEW/bin/switch-to-configuration" switch "$NEW/bin/switch-to-configuration" switch

2
modules/microvm-host.nix
View File

@ -85,7 +85,7 @@
cd /var/lib/microvms/$NAME cd /var/lib/microvms/$NAME
if [ "$(cat flake)" = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update" ]; then if [ "$(cat flake)" = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update" ]; then
NEW=$(curl -sLH "Accept: application/json" https://hydra.hq.c3d2.de/job/c3d2/nix-config/$NAME/latest | ${pkgs.jq}/bin/jq -r .buildoutputs.out.path) NEW=$(curl -sLH "Accept: application/json" https://hydra.hq.c3d2.de/job/c3d2/nix-config/$NAME/latest | ${pkgs.jq}/bin/jq -r .buildoutputs.out.path)
nix copy --from https://hydra.hq.c3d2.de $NEW nix copy --from https://nix-serve.hq.c3d2.de $NEW
if [ -e booted ]; then if [ -e booted ]; then
nix store diff-closures $(readlink booted) $NEW nix store diff-closures $(readlink booted) $NEW