mirror of
https://git.sr.ht/~magic_rb/cluster
synced 2024-11-29 11:36:16 +01:00
99 lines
2.8 KiB
Nix
99 lines
2.8 KiB
Nix
|
nglib:
|
||
|
let
|
||
|
inherit (nglib "x86_64-linux") makeSystem;
|
||
|
in
|
||
|
{
|
||
|
postgresql = makeSystem {
|
||
|
system = "x86_64-linux";
|
||
|
name = "nixng-hydra-postgresql";
|
||
|
config = { pkgs, config, ... }:
|
||
|
{
|
||
|
config = {
|
||
|
dumb-init = {
|
||
|
enable = true;
|
||
|
type.services = {};
|
||
|
};
|
||
|
services.postgresql = {
|
||
|
enable = true;
|
||
|
package = pkgs.postgresql_12;
|
||
|
|
||
|
initialScript = "/secrets/init.sql";
|
||
|
enableTCPIP = true;
|
||
|
|
||
|
authentication = "host all all all md5";
|
||
|
|
||
|
ensureDatabases = [ "hydra" ];
|
||
|
ensureExtensions = {
|
||
|
"pg_trgm" = [ "hydra" ];
|
||
|
};
|
||
|
ensureUsers = [
|
||
|
{ name = "hydra"; ensurePermissions = {
|
||
|
"DATABASE \"hydra\"" = "ALL PRIVILEGES";
|
||
|
};
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
hydra = makeSystem {
|
||
|
system = "x86_64-linux";
|
||
|
name = "nixng-hydra";
|
||
|
config = { pkgs, config, ... }:
|
||
|
{
|
||
|
config = {
|
||
|
dumb-init = {
|
||
|
enable = true;
|
||
|
type.services = {};
|
||
|
};
|
||
|
nix = {
|
||
|
package = pkgs.nixFlakes.override {
|
||
|
src = pkgs.fetchFromGitHub {
|
||
|
owner = "MagicRB";
|
||
|
repo = "nix";
|
||
|
rev = "a02c34500960b8bc18fe1bdc1431ea252573a5cf";
|
||
|
sha256 = "sha256-6VbjvNIDxPdjA+FcY2Kh1vSh8RJ7ubezqprTy81lq9U=";
|
||
|
};
|
||
|
};
|
||
|
loadNixDb = true;
|
||
|
overlayNix = "/nix-persist";
|
||
|
config = {
|
||
|
experimental-features = [ "nix-command" "flakes" ];
|
||
|
sandbox = true;
|
||
|
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
|
||
|
substituters = [ "https://cache.nixos.org/" ];
|
||
|
ignored-acls = [ "system.nfs4_acl" ];
|
||
|
};
|
||
|
};
|
||
|
services.hydra = {
|
||
|
enable = true;
|
||
|
hydraURL = "https://hydra.redalder.org";
|
||
|
notificationSender = "hydra@redalder.org";
|
||
|
useSubstitutes = true;
|
||
|
|
||
|
dbiFile = "/local/dbi";
|
||
|
};
|
||
|
services.socklog = {
|
||
|
enable = true;
|
||
|
unix = "/dev/log";
|
||
|
};
|
||
|
|
||
|
init.services.pgpass = {
|
||
|
script = pkgs.writeShellScript "pgpass" ''
|
||
|
ln -nsf /secrets/pgpass /var/lib/hydra/pgpass
|
||
|
ln -nsf /secrets/pgpass-www /var/lib/hydra/pgpass-www
|
||
|
ln -nsf /secrets/pgpass-queue-runner /var/lib/hydra/pgpass-queue-runner
|
||
|
|
||
|
chown hydra:hydra /secrets/pgpass
|
||
|
chown hydra-www:hydra /secrets/pgpass-www
|
||
|
chown hydra-queue-runner:hydra /secrets/pgpass-queue-runner
|
||
|
sv down pgpass
|
||
|
'';
|
||
|
enabled = true;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|