leon/nix-config
leon/nix-config
1
0
Fork 0
forked from c3d2/nix-config
Code Pull Requests Activity

Nuke nix-serv and use hydra direct

Browse Source
This commit is contained in:
Sandro - 2022-06-23 20:22:23 +02:00
parent 3c64d1a72c
commit 7d7c78bdca
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
7 changed files with 63 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/c3d2.nix
View File

@ -25,7 +25,6 @@ in {
./stats.nix
./audio-server
./ceph-storage.nix
./cache.nix
./logging.nix
];
@ -152,6 +151,12 @@ in {
nix = {
autoOptimiseStore = true;
binaryCachePublicKeys = lib.mkIf (config.networking.hostName != "hydra") [
(builtins.readFile ../hosts/hydra/cache-pub.key)
];
binaryCaches = lib.mkIf (config.networking.hostName != "hydra") [
"https://hydra.hq.c3d2.de"
];
gc = {
automatic = true;
dates = "06:00";

11
config/cache.nix
View File

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
nix = lib.mkIf (config.networking.hostName != "hydra") {
binaryCaches = [
"https://nix-serve.hq.c3d2.de"
];
binaryCachePublicKeys = [
(builtins.readFile ../hosts/hydra/cache-pub.key)
];
};
}

1
flake.nix
View File

@ -353,7 +353,6 @@
self.nixosModules.c3d2
./config/audio-server
./config/c3d2.nix
./config/cache.nix
./config/ceph-storage.nix
./config/stats.nix
./modules/pi-sensors.nix

33
hosts/hydra/cache.nix
View File

@ -1,33 +0,0 @@
{ config, pkgs, ... }:
{
sops.secrets."nix-serve/secretKey".mode = "0444";
# Nix binary cache
services.nix-serve = {
enable = true;
# secretKeyFile = config.sops.secrets."nix-serve/secretKey".path;
};
# nix-serve requires a $HOME.
# also, systemd's LoadCredential mechanism doesn't work here.
systemd.services.nix-serve.serviceConfig.Environment = "HOME=%S NIX_SECRET_KEY_FILE=${config.sops.secrets."nix-serve/secretKey".path}";
# Nix binary cache thru reverse proxy for HTTPS
services.nginx.virtualHosts."nix-serve.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:${toString config.services.nix-serve.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
# workaround so that nix-serve builds with nix overriden by
# hydra.nixosModule
nixpkgs.config.packageOverrides = pkgs: {
nix-serve = pkgs.nix-serve.override {
nix = config.nix.package;
};
};
}

1
hosts/hydra/default.nix
View File

@ -5,7 +5,6 @@
./hardware-configuration.nix
./network.nix
./hydra.nix
./cache.nix
./updater.nix
../../config/c3d2.nix
];

95
hosts/hydra/hydra.nix
View File

@ -5,20 +5,21 @@
allowed-uris = http:// https:// ssh://
'';
trustedUsers = [ "hydra" "root" ];
buildMachines = [ {
buildMachines = [{
hostName = "localhost";
system = lib.concatStringsSep "," ([
pkgs.system "i686-linux"
pkgs.system
"i686-linux"
] ++ config.boot.binfmt.emulatedSystems);
supportedFeatures = [ "big-parallel" "benchmark" "kvm" "nixos-test" ];
inherit (config.nix) maxJobs;
# } {
# hostName = "client@dacbert.hq.c3d2.de";
# system = lib.concatStringsSep "," [
# "aarch64-linux" "armv6l-linux" "armv7l-linux"
# ];
# supportedFeatures = [ "kvm" "benchmark" "nixos-test" ];
# maxJobs = 1;
# } {
# hostName = "client@dacbert.hq.c3d2.de";
# system = lib.concatStringsSep "," [
# "aarch64-linux" "armv6l-linux" "armv7l-linux"
# ];
# supportedFeatures = [ "kvm" "benchmark" "nixos-test" ];
# maxJobs = 1;
}];
daemonCPUSchedPolicy = "idle";
@ -26,21 +27,53 @@
daemonIOSchedPriority = 7;
};
services.hydra-dev = {
enable = true;
hydraURL = "https://hydra.hq.c3d2.de";
logo = ./c3d2.svg;
minimumDiskFree = 1;
minimumDiskFreeEvaluator = 1;
notificationSender = "hydra@spam.works";
useSubstitutes = true;
extraConfig = ''
max_output_size = 4294967296
evaluator_workers = 4
evaluator_max_memory_size = 2048
'';
services = {
hydra-dev = {
enable = true;
hydraURL = "https://hydra.hq.c3d2.de";
logo = ./c3d2.svg;
minimumDiskFree = 1;
minimumDiskFreeEvaluator = 1;
notificationSender = "hydra@spam.works";
useSubstitutes = true;
extraConfig =
let
key = config.sops.secrets."nix-serve/secretKey".path;
in
''
binary_cache_secret_key_file = ${key}
evaluator_workers = 4
evaluator_max_memory_size = 2048
max_output_size = 4294967296
store_uri = auto?secret-key=${key}&write-nar-listing=1&ls-compression=zstd&log-compression=zstd
upload_logs_to_binary_cache = true
'';
};
nginx =
let
hydraVhost = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://localhost:${toString config.services.hydra.port}";
};
in
{
enable = true;
virtualHosts = {
"hydra.hq.c3d2.de" = hydraVhost // {
default = true;
};
"hydra.serv.zentralwerk.org" = hydraVhost;
# TODO: remove
"nix-serve.hq.c3d2.de" = hydraVhost;
};
};
};
sops.secrets."nix-serve/secretKey".mode = "0444";
systemd.services = {
hydra-evaluator.serviceConfig = {
CPUWeight = 2;
@ -56,22 +89,4 @@
MemorySwapMax = "16G";
};
};
services.nginx =
let
hydraVhost = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://localhost:${toString config.services.hydra.port}";
};
in {
enable = true;
virtualHosts = {
"hydra.hq.c3d2.de" = hydraVhost // {
default = true;
};
"hydra.serv.zentralwerk.org" = hydraVhost;
};
};
}

4
modules/autoupdate.nix
View File

@ -38,7 +38,7 @@
if [ "$OLD" != "$NEW" ]; then
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
# this should fetch the new system from the binary cache
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
nix copy --from https://hydra.hq.c3d2.de "$NEW"
if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
echo "Switch to the new system..."
"$NEW/bin/switch-to-configuration" switch
@ -89,7 +89,7 @@
if [ "$OLD" != "$NEW" ]; then
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
# this should fetch the new system from the binary cache
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
nix copy --from https://hydra.hq.c3d2.de "$NEW"
echo "Switch to the new system..."
"$NEW/bin/switch-to-configuration" switch
else