From 6c84fc4ebfd7c81490d8bb91b4fda21c887555c2 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Wed, 25 Mar 2020 19:52:13 +0100 Subject: [PATCH] server7: switch to flake, re-enable hydra --- flake.lock | 27 +++ flake.nix | 13 ++ hosts/server7/containers/outer-defaults.nix | 11 +- hosts/server7/containers/storage/default.nix | 2 +- .../{configuration.nix => default.nix} | 4 +- hosts/server7/hardware-configuration.nix | 2 +- hosts/server7/hydra.nix | 165 +----------------- hosts/server7/nix-serve.nix | 4 +- lib/lxc/default.nix | 7 +- 9 files changed, 64 insertions(+), 171 deletions(-) create mode 100644 flake.lock create mode 100644 flake.nix rename hosts/server7/{configuration.nix => default.nix} (97%) diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..18c029ef --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "info": { + "lastModified": 1586508340, + "narHash": "sha256-d5jSxQw5h2N72iLnMP1ri5atw5oTsjLvgO4cTe1C2IM=" + }, + "locked": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "807ca93fadd5197c2260490de0c76e500562dc05", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 5 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..b5aa89eb --- /dev/null +++ b/flake.nix @@ -0,0 +1,13 @@ +{ + description = "C3D2 NixOS configurations"; + + edition = 201909; + + outputs = { self, nixpkgs }: { + nixosConfigurations.server7 = nixpkgs.lib.nixosSystem { + modules = + [ ./hosts/server7 ]; + system = "x86_64-linux"; + }; + }; +} diff --git a/hosts/server7/containers/outer-defaults.nix b/hosts/server7/containers/outer-defaults.nix index c5a4a9a5..9b849ea1 100644 --- a/hosts/server7/containers/outer-defaults.nix +++ b/hosts/server7/containers/outer-defaults.nix @@ -8,11 +8,12 @@ in { privateNetwork = true; hostBridge = "br0"; - localAddress6 = with builtins; let - hash = hashString "sha256" name; - hextet0 = substring 0 4 hash; - hextet1 = substring 4 4 hash; - in "${yggaddr.prefix}:${hextet0}:${hextet1}:c3d2/64"; + localAddress6 = with builtins; + let + hash = hashString "sha256" name; + hextet0 = substring 0 4 hash; + hextet1 = substring 4 4 hash; + in "${yggaddr.prefix}:${hextet0}:${hextet1}:c3d2/64"; # Generate a deterministic IPv6 address for the container. # This address is accessible within HQ and Yggdrasil but not from ARPANET. } diff --git a/hosts/server7/containers/storage/default.nix b/hosts/server7/containers/storage/default.nix index 67a0a52b..be8631c9 100644 --- a/hosts/server7/containers/storage/default.nix +++ b/hosts/server7/containers/storage/default.nix @@ -45,7 +45,7 @@ name: fancyindex on; # autoindex on; dav_access all:r; - ''; + ''; }; }; }; diff --git a/hosts/server7/configuration.nix b/hosts/server7/default.nix similarity index 97% rename from hosts/server7/configuration.nix rename to hosts/server7/default.nix index ede227e6..1ef1a4e4 100644 --- a/hosts/server7/configuration.nix +++ b/hosts/server7/default.nix @@ -3,7 +3,7 @@ let yggaddr = import ./yggaddr.nix; in { imports = [ - + # ../../lib ../../lib/default-gateway.nix ./borgbackup.nix @@ -40,6 +40,7 @@ in { ]; }; + services.nginx = { enable = true; recommendedGzipSettings = true; @@ -54,6 +55,7 @@ in { boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2; services.yggdrasil = { + enable = true; configFile = "/var/lib/yggdrasil/keys"; config.Peers = [ "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha diff --git a/hosts/server7/hardware-configuration.nix b/hosts/server7/hardware-configuration.nix index 24a47fa8..6fcb239c 100644 --- a/hosts/server7/hardware-configuration.nix +++ b/hosts/server7/hardware-configuration.nix @@ -4,7 +4,7 @@ { config, lib, pkgs, ... }: { - imports = [ ]; + # imports = [ ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" ]; diff --git a/hosts/server7/hydra.nix b/hosts/server7/hydra.nix index 5d57ed3d..53481e63 100644 --- a/hosts/server7/hydra.nix +++ b/hosts/server7/hydra.nix @@ -1,173 +1,18 @@ -let - hydraFlakes = pkgs: - with pkgs; - let - perlDeps = buildEnv { - name = "hydra-perl-deps"; - paths = with perlPackages; [ - ModulePluggable - CatalystActionREST - CatalystAuthenticationStoreDBIxClass - CatalystDevel - CatalystDispatchTypeRegex - CatalystPluginAccessLog - CatalystPluginAuthorizationRoles - CatalystPluginCaptcha - CatalystPluginSessionStateCookie - CatalystPluginSessionStoreFastMmap - CatalystPluginStackTrace - CatalystPluginUnicodeEncoding - CatalystTraitForRequestProxyBase - CatalystViewDownload - CatalystViewJSON - CatalystViewTT - CatalystXScriptServerStarman - CatalystXRoleApplicator - CryptRandPasswd - DBDPg - DBDSQLite - DataDump - DateTime - DigestSHA1 - EmailMIME - EmailSender - FileSlurp - IOCompress - IPCRun - JSON - JSONAny - JSONXS - LWP - LWPProtocolHttps - NetAmazonS3 - NetPrometheus - NetStatsd - PadWalker - Readonly - SQLSplitStatement - SetScalar - Starman - SysHostnameLong - TermSizeAny - TestMore - TextDiff - TextTable - XMLSimple - pkgs.nixFlakes - pkgs.nixFlakes.perl-bindings - git - boehmgc - ]; - }; +{ config, pkgs, ... }: - in stdenv.mkDerivation { - - name = "hydra-flake"; - - src = pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "hydra"; - rev = "47797576838974c8209536b67bb45e953a50900f"; - sha256 = "1vqib99d7wgnl3c6ccx0xx2q88qmdkpydkb6gd0pik9wg2nn3jng"; - }; - - buildInputs = [ - makeWrapper - autoconf - automake - libtool - unzip - nukeReferences - pkgconfig - sqlite - libpqxx - gitAndTools.topGit - mercurial - darcs - subversion - bazaar - openssl - bzip2 - libxslt - guile # optional, for Guile + Guix support - perlDeps - perl - pkgs.nixFlakes - postgresql95 # for running the tests - boost - (nlohmann_json.override { multipleHeaders = true; }) - ]; - - hydraPath = lib.makeBinPath ([ - sqlite - subversion - openssh - pkgs.nixFlakes - coreutils - findutils - pixz - gzip - bzip2 - lzma - gnutar - unzip - git - gitAndTools.topGit - mercurial - darcs - gnused - bazaar - ] ++ lib.optionals stdenv.isLinux [ rpm dpkg cdrkit ]); - - configureFlags = [ "--with-docbook-xsl=${docbook_xsl}/xml/xsl/docbook" ]; - - shellHook = '' - PATH=$(pwd)/src/hydra-evaluator:$(pwd)/src/script:$(pwd)/src/hydra-eval-jobs:$(pwd)/src/hydra-queue-runner:$PATH - PERL5LIB=$(pwd)/src/lib:$PERL5LIB - ''; - - preConfigure = "autoreconf -vfi"; - - NIX_LDFLAGS = [ "-lpthread" ]; - - enableParallelBuilding = true; - - preCheck = '' - patchShebangs . - export LOGNAME=''${LOGNAME:-foo} - ''; - - postInstall = '' - mkdir -p $out/nix-support - - for i in $out/bin/*; do - read -n 4 chars < $i - if [[ $chars =~ ELF ]]; then continue; fi - wrapProgram $i \ - --prefix PERL5LIB ':' $out/libexec/hydra/lib:$PERL5LIB \ - --prefix PATH ':' $out/bin:$hydraPath \ - --set HYDRA_RELEASE 0.1 \ - --set HYDRA_HOME $out/libexec/hydra \ - --set NIX_RELEASE ${pkgs.nixFlakes.name or "unknown"} - done - ''; - - dontStrip = true; - - meta.description = "Build of Hydra on ${system}"; - passthru.perlDeps = perlDeps; - }; -in { config, pkgs, ... }: { +{ services.hydra = { enable = true; hydraURL = "https://server7.hq.c3d2.de"; logo = ./hydra.svg; notificationSender = "hydra@spam.works"; - package = hydraFlakes pkgs; + package = pkgs.hydra-unstable; listenHost = "127.0.0.1"; }; + nix.trustedUsers = [ "hydra" ]; + nix.buildMachines = [{ hostName = "localhost"; system = "x86_64-linux"; diff --git a/hosts/server7/nix-serve.nix b/hosts/server7/nix-serve.nix index a3456808..58c6d80a 100644 --- a/hosts/server7/nix-serve.nix +++ b/hosts/server7/nix-serve.nix @@ -15,7 +15,9 @@ addSSL = true; enableACME = true; locations."/".proxyPass = - "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + "http://${config.services.nix-serve.bindAddress}:${ + toString config.services.nix-serve.port + }"; }; }; }; diff --git a/lib/lxc/default.nix b/lib/lxc/default.nix index 37cf50bd..185058e6 100644 --- a/lib/lxc/default.nix +++ b/lib/lxc/default.nix @@ -3,8 +3,11 @@ with lib; let - nixcloud-webservices = builtins.fetchGit { - url = "https://github.com/nixcloud/nixcloud-webservices.git"; + nixcloud-webservices = pkgs.fetchFromGitHub { + owner = "nixcloud"; + repo = "nixcloud-webservices"; + rev = "3a0767f0536fac811065eb87e6342f27eac085aa"; + sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8="; }; nixcloud = ( import "${nixcloud-webservices}/pkgs" { inherit pkgs; }