cluster/containers/hydra.nix

99 lines
2.8 KiB
Nix
Raw Normal View History

nglib:
let
inherit (nglib "x86_64-linux") makeSystem;
in
{
postgresql = makeSystem {
system = "x86_64-linux";
name = "nixng-hydra-postgresql";
config = { pkgs, config, ... }:
{
config = {
dumb-init = {
enable = true;
type.services = {};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_12;
initialScript = "/secrets/init.sql";
enableTCPIP = true;
authentication = "host all all all md5";
ensureDatabases = [ "hydra" ];
ensureExtensions = {
"pg_trgm" = [ "hydra" ];
};
ensureUsers = [
{ name = "hydra"; ensurePermissions = {
"DATABASE \"hydra\"" = "ALL PRIVILEGES";
};
}
];
};
};
};
};
hydra = makeSystem {
system = "x86_64-linux";
name = "nixng-hydra";
config = { pkgs, config, ... }:
{
config = {
dumb-init = {
enable = true;
type.services = {};
};
nix = {
package = pkgs.nixFlakes.override {
src = pkgs.fetchFromGitHub {
owner = "MagicRB";
repo = "nix";
rev = "a02c34500960b8bc18fe1bdc1431ea252573a5cf";
sha256 = "sha256-6VbjvNIDxPdjA+FcY2Kh1vSh8RJ7ubezqprTy81lq9U=";
};
};
loadNixDb = true;
overlayNix = "/nix-persist";
config = {
experimental-features = [ "nix-command" "flakes" ];
sandbox = true;
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
substituters = [ "https://cache.nixos.org/" ];
ignored-acls = [ "system.nfs4_acl" ];
};
};
services.hydra = {
enable = true;
hydraURL = "https://hydra.redalder.org";
notificationSender = "hydra@redalder.org";
useSubstitutes = true;
dbiFile = "/local/dbi";
};
services.socklog = {
enable = true;
unix = "/dev/log";
};
init.services.pgpass = {
script = pkgs.writeShellScript "pgpass" ''
ln -nsf /secrets/pgpass /var/lib/hydra/pgpass
ln -nsf /secrets/pgpass-www /var/lib/hydra/pgpass-www
ln -nsf /secrets/pgpass-queue-runner /var/lib/hydra/pgpass-queue-runner
chown hydra:hydra /secrets/pgpass
chown hydra-www:hydra /secrets/pgpass-www
chown hydra-queue-runner:hydra /secrets/pgpass-queue-runner
sv down pgpass
'';
enabled = true;
};
};
};
};
}