forked from c3d2/nix-config
Nuke nix-serv and use hydra direct
This commit is contained in:
parent
3c64d1a72c
commit
7d7c78bdca
|
@ -25,7 +25,6 @@ in {
|
|||
./stats.nix
|
||||
./audio-server
|
||||
./ceph-storage.nix
|
||||
./cache.nix
|
||||
./logging.nix
|
||||
];
|
||||
|
||||
|
@ -152,6 +151,12 @@ in {
|
|||
|
||||
nix = {
|
||||
autoOptimiseStore = true;
|
||||
binaryCachePublicKeys = lib.mkIf (config.networking.hostName != "hydra") [
|
||||
(builtins.readFile ../hosts/hydra/cache-pub.key)
|
||||
];
|
||||
binaryCaches = lib.mkIf (config.networking.hostName != "hydra") [
|
||||
"https://hydra.hq.c3d2.de"
|
||||
];
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "06:00";
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
nix = lib.mkIf (config.networking.hostName != "hydra") {
|
||||
binaryCaches = [
|
||||
"https://nix-serve.hq.c3d2.de"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
(builtins.readFile ../hosts/hydra/cache-pub.key)
|
||||
];
|
||||
};
|
||||
}
|
|
@ -353,7 +353,6 @@
|
|||
self.nixosModules.c3d2
|
||||
./config/audio-server
|
||||
./config/c3d2.nix
|
||||
./config/cache.nix
|
||||
./config/ceph-storage.nix
|
||||
./config/stats.nix
|
||||
./modules/pi-sensors.nix
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
sops.secrets."nix-serve/secretKey".mode = "0444";
|
||||
# Nix binary cache
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
# secretKeyFile = config.sops.secrets."nix-serve/secretKey".path;
|
||||
};
|
||||
# nix-serve requires a $HOME.
|
||||
# also, systemd's LoadCredential mechanism doesn't work here.
|
||||
systemd.services.nix-serve.serviceConfig.Environment = "HOME=%S NIX_SECRET_KEY_FILE=${config.sops.secrets."nix-serve/secretKey".path}";
|
||||
|
||||
# Nix binary cache thru reverse proxy for HTTPS
|
||||
services.nginx.virtualHosts."nix-serve.hq.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://127.0.0.1:${toString config.services.nix-serve.port};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
|
||||
# workaround so that nix-serve builds with nix overriden by
|
||||
# hydra.nixosModule
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
nix-serve = pkgs.nix-serve.override {
|
||||
nix = config.nix.package;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -5,7 +5,6 @@
|
|||
./hardware-configuration.nix
|
||||
./network.nix
|
||||
./hydra.nix
|
||||
./cache.nix
|
||||
./updater.nix
|
||||
../../config/c3d2.nix
|
||||
];
|
||||
|
|
|
@ -5,20 +5,21 @@
|
|||
allowed-uris = http:// https:// ssh://
|
||||
'';
|
||||
trustedUsers = [ "hydra" "root" ];
|
||||
buildMachines = [ {
|
||||
buildMachines = [{
|
||||
hostName = "localhost";
|
||||
system = lib.concatStringsSep "," ([
|
||||
pkgs.system "i686-linux"
|
||||
pkgs.system
|
||||
"i686-linux"
|
||||
] ++ config.boot.binfmt.emulatedSystems);
|
||||
supportedFeatures = [ "big-parallel" "benchmark" "kvm" "nixos-test" ];
|
||||
inherit (config.nix) maxJobs;
|
||||
# } {
|
||||
# hostName = "client@dacbert.hq.c3d2.de";
|
||||
# system = lib.concatStringsSep "," [
|
||||
# "aarch64-linux" "armv6l-linux" "armv7l-linux"
|
||||
# ];
|
||||
# supportedFeatures = [ "kvm" "benchmark" "nixos-test" ];
|
||||
# maxJobs = 1;
|
||||
# } {
|
||||
# hostName = "client@dacbert.hq.c3d2.de";
|
||||
# system = lib.concatStringsSep "," [
|
||||
# "aarch64-linux" "armv6l-linux" "armv7l-linux"
|
||||
# ];
|
||||
# supportedFeatures = [ "kvm" "benchmark" "nixos-test" ];
|
||||
# maxJobs = 1;
|
||||
}];
|
||||
|
||||
daemonCPUSchedPolicy = "idle";
|
||||
|
@ -26,21 +27,53 @@
|
|||
daemonIOSchedPriority = 7;
|
||||
};
|
||||
|
||||
services.hydra-dev = {
|
||||
enable = true;
|
||||
hydraURL = "https://hydra.hq.c3d2.de";
|
||||
logo = ./c3d2.svg;
|
||||
minimumDiskFree = 1;
|
||||
minimumDiskFreeEvaluator = 1;
|
||||
notificationSender = "hydra@spam.works";
|
||||
useSubstitutes = true;
|
||||
extraConfig = ''
|
||||
max_output_size = 4294967296
|
||||
evaluator_workers = 4
|
||||
evaluator_max_memory_size = 2048
|
||||
'';
|
||||
services = {
|
||||
hydra-dev = {
|
||||
enable = true;
|
||||
hydraURL = "https://hydra.hq.c3d2.de";
|
||||
logo = ./c3d2.svg;
|
||||
minimumDiskFree = 1;
|
||||
minimumDiskFreeEvaluator = 1;
|
||||
notificationSender = "hydra@spam.works";
|
||||
useSubstitutes = true;
|
||||
extraConfig =
|
||||
let
|
||||
key = config.sops.secrets."nix-serve/secretKey".path;
|
||||
in
|
||||
''
|
||||
binary_cache_secret_key_file = ${key}
|
||||
evaluator_workers = 4
|
||||
evaluator_max_memory_size = 2048
|
||||
max_output_size = 4294967296
|
||||
store_uri = auto?secret-key=${key}&write-nar-listing=1&ls-compression=zstd&log-compression=zstd
|
||||
upload_logs_to_binary_cache = true
|
||||
'';
|
||||
};
|
||||
|
||||
nginx =
|
||||
let
|
||||
hydraVhost = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass =
|
||||
"http://localhost:${toString config.services.hydra.port}";
|
||||
};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"hydra.hq.c3d2.de" = hydraVhost // {
|
||||
default = true;
|
||||
};
|
||||
"hydra.serv.zentralwerk.org" = hydraVhost;
|
||||
# TODO: remove
|
||||
"nix-serve.hq.c3d2.de" = hydraVhost;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets."nix-serve/secretKey".mode = "0444";
|
||||
|
||||
systemd.services = {
|
||||
hydra-evaluator.serviceConfig = {
|
||||
CPUWeight = 2;
|
||||
|
@ -56,22 +89,4 @@
|
|||
MemorySwapMax = "16G";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx =
|
||||
let
|
||||
hydraVhost = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass =
|
||||
"http://localhost:${toString config.services.hydra.port}";
|
||||
};
|
||||
in {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"hydra.hq.c3d2.de" = hydraVhost // {
|
||||
default = true;
|
||||
};
|
||||
"hydra.serv.zentralwerk.org" = hydraVhost;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
if [ "$OLD" != "$NEW" ]; then
|
||||
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
|
||||
# this should fetch the new system from the binary cache
|
||||
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
|
||||
nix copy --from https://hydra.hq.c3d2.de "$NEW"
|
||||
if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
|
||||
echo "Switch to the new system..."
|
||||
"$NEW/bin/switch-to-configuration" switch
|
||||
|
@ -89,7 +89,7 @@
|
|||
if [ "$OLD" != "$NEW" ]; then
|
||||
echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
|
||||
# this should fetch the new system from the binary cache
|
||||
nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
|
||||
nix copy --from https://hydra.hq.c3d2.de "$NEW"
|
||||
echo "Switch to the new system..."
|
||||
"$NEW/bin/switch-to-configuration" switch
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue
Block a user