cluster/containers/hydra.nix

{ nglib, nixpkgs }:
{
  postgresql = nglib.makeSystem {
    system = "x86_64-linux";
    name = "nixng-hydra-postgresql";
    inherit nixpkgs;
    config = { pkgs, config, ... }:
      {
        config = {
          dumb-init = {
            enable = true;
            type.services = {};
          };
          services.postgresql = {
            enable = true;
            package = pkgs.postgresql_12;

            initialScript = "/secrets/init.sql";
            enableTCPIP = true;

            authentication = "host  all all all          md5";

            ensureDatabases = [ "hydra" ];
            ensureExtensions = {
              "pg_trgm" = [ "hydra" ];
            };
            ensureUsers = [
              { name = "hydra"; ensurePermissions = {
                  "DATABASE \"hydra\"" = "ALL PRIVILEGES";
                };
              }
            ];
          };
        };
      };
  };

  hydra = nglib.makeSystem {
    system = "x86_64-linux";
    name = "nixng-hydra";
    inherit nixpkgs;
    config = { pkgs, config, lib, nglib, ... }:
      {
        config = {
          dumb-init = {
            enable = true;
            type.services = {};
          };
          nix = {
            package = pkgs.nixUnstable;
            loadNixDb = true;
            persistNix = "/nix-persist";
            config = {
              experimental-features = [ "nix-command" "flakes" ];
              sandbox = true;
              trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
              substituters = [ "https://cache.nixos.org/" ];
              ignored-acls = [ "system.nfs4_acl" ];
              allowed-uris =
                [ "https://gitea.redalder.org"
                  "https://github.com"
                  "https://raw.githubusercontent.com"
                  "https://media.forgecdn.net"
                ];

              builders-use-substitutes = true;
              builders = "@/etc/nix/machines";
            };
          };
          services.hydra = {
            enable = true;
            hydraURL = "https://hydra.redalder.org";
            notificationSender = "hydra@redalder.org";
            useSubstitutes = true;
            adjustNiceness = true;

            minimumDiskFree = 200;
            minimumDiskFreeEvaluator = 100;

            dbiFile = "/local/dbi";
          };
          services.socklog = {
            enable = true;
            unix = "/dev/log";
          };

          init.services.pgpass = {
            script = pkgs.writeShellScript "pgpass" ''
              ln -nsf /secrets/pgpass /var/lib/hydra/pgpass
              ln -nsf /secrets/pgpass-www /var/lib/hydra/pgpass-www
              ln -nsf /secrets/pgpass-queue-runner /var/lib/hydra/pgpass-queue-runner

              chown hydra:hydra /secrets/pgpass
              chown hydra-www:hydra /secrets/pgpass-www
              chown hydra-queue-runner:hydra /secrets/pgpass-queue-runner
              sv down pgpass
            '';
            enabled = true;
          };

          init.services.nix-daemon.environment.PATH = with pkgs;
            lib.makeBinPath [ utillinux runit busybox openssh gzip ];

          system.activation =
            { nix-machines =
                let
                  machines = pkgs.writeText "machines"
                    ''
                      eu.nixbuild.net x86_64-linux - 100 5 benchmark,big-parallel
                    '';
                in
                  nglib.dag.dagEntryAnywhere
                    ''
                      export PATH=${pkgs.busybox}/bin

                      mkdir -p /etc/nix
                      ln -s ${machines} /etc/nix/machines
                    '';
              ssh =
                let
                  ssh_config = pkgs.writeText "ssh_config"
                    ''
                      Host eu.nixbuild.net
                        PubkeyAcceptedKeyTypes ssh-ed25519
                        IdentityFile /ssh-key
                    '';
                  ssh_known_hosts = pkgs.writeText "ssh_known_hosts"
                    ''
                      eu.nixbuild.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM
                    '';
                in
                  nglib.dag.dagEntryAnywhere
                    ''
                      export PATH=${pkgs.busybox}/bin

                      mkdir -p /etc/ssh
                      ln -s ${ssh_config} /etc/ssh/ssh_config
                      ln -s ${ssh_known_hosts} /etc/ssh/ssh_known_hosts
                    '';
              ssh-key =
                  nglib.dag.dagEntryAfter ["users"]
                    ''
                      export PATH=${pkgs.busybox}/bin

                      cp /secrets/ssh-key /ssh-key
                      chmod 600 /ssh-key
                      chown hydra-queue-runner:root /ssh-key
                    '';
            };
        };
      };
  };
}
Upgrade NixNG and add Minecraft module Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-12-12 22:31:33 +01:00			`{ nglib, nixpkgs }:`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`{`
Upgrade NixNG and add Minecraft module Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-12-12 22:31:33 +01:00			`postgresql = nglib.makeSystem {`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`system = "x86_64-linux";`
			`name = "nixng-hydra-postgresql";`
Upgrade NixNG and add Minecraft module Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-12-12 22:31:33 +01:00			`inherit nixpkgs;`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`config = { pkgs, config, ... }:`
			`{`
			`config = {`
			`dumb-init = {`
			`enable = true;`
			`type.services = {};`
			`};`
			`services.postgresql = {`
			`enable = true;`
			`package = pkgs.postgresql_12;`

			`initialScript = "/secrets/init.sql";`
			`enableTCPIP = true;`

			`authentication = "host all all all md5";`

			`ensureDatabases = [ "hydra" ];`
			`ensureExtensions = {`
			`"pg_trgm" = [ "hydra" ];`
			`};`
			`ensureUsers = [`
			`{ name = "hydra"; ensurePermissions = {`
			`"DATABASE \"hydra\"" = "ALL PRIVILEGES";`
			`};`
			`}`
			`];`
			`};`
			`};`
			`};`
			`};`

Upgrade NixNG and add Minecraft module Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-12-12 22:31:33 +01:00			`hydra = nglib.makeSystem {`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`system = "x86_64-linux";`
			`name = "nixng-hydra";`
Update Nix in Hydre Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-12-12 23:51:06 +01:00			`inherit nixpkgs;`
Partial remote builders on Hydra Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-10-18 00:12:01 +02:00			`config = { pkgs, config, lib, nglib, ... }:`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`{`
			`config = {`
			`dumb-init = {`
			`enable = true;`
			`type.services = {};`
			`};`
			`nix = {`
Maku use of Terraform for deployment and related cleanup Signed-off-by: main <magic_rb@redalder.org> 2022-06-01 08:41:51 +02:00			`package = pkgs.nixUnstable;`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`loadNixDb = true;`
Partial remote builders on Hydra Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-10-18 00:12:01 +02:00			`persistNix = "/nix-persist";`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`config = {`
			`experimental-features = [ "nix-command" "flakes" ];`
			`sandbox = true;`
			`trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];`
			`substituters = [ "https://cache.nixos.org/" ];`
			`ignored-acls = [ "system.nfs4_acl" ];`
Hydra nixbuild.net changes Signed-off-by: Magic_RB <magic_rb@redalder.org> 2022-01-18 00:24:06 +01:00			`allowed-uris =`
			`[ "https://gitea.redalder.org"`
			`"https://github.com"`
			`"https://raw.githubusercontent.com"`
			`"https://media.forgecdn.net"`
			`];`
Partial remote builders on Hydra Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-10-18 00:12:01 +02:00
			`builders-use-substitutes = true;`
			`builders = "@/etc/nix/machines";`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`};`
			`};`
			`services.hydra = {`
			`enable = true;`
			`hydraURL = "https://hydra.redalder.org";`
			`notificationSender = "hydra@redalder.org";`
			`useSubstitutes = true;`
Adjust niceness for Hydra Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-08-16 01:47:01 +02:00			`adjustNiceness = true;`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00
Set Hydra space limits to ints and not strings Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-08-15 23:02:52 +02:00			`minimumDiskFree = 200;`
			`minimumDiskFreeEvaluator = 100;`
Set space limits on Hydra Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-08-15 22:25:49 +02:00
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`dbiFile = "/local/dbi";`
			`};`
			`services.socklog = {`
			`enable = true;`
			`unix = "/dev/log";`
			`};`

			`init.services.pgpass = {`
			`script = pkgs.writeShellScript "pgpass" ''`
			`ln -nsf /secrets/pgpass /var/lib/hydra/pgpass`
			`ln -nsf /secrets/pgpass-www /var/lib/hydra/pgpass-www`
			`ln -nsf /secrets/pgpass-queue-runner /var/lib/hydra/pgpass-queue-runner`

			`chown hydra:hydra /secrets/pgpass`
			`chown hydra-www:hydra /secrets/pgpass-www`
			`chown hydra-queue-runner:hydra /secrets/pgpass-queue-runner`
			`sv down pgpass`
			`'';`
			`enabled = true;`
			`};`
Partial remote builders on Hydra Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-10-18 00:12:01 +02:00
			`init.services.nix-daemon.environment.PATH = with pkgs;`
			`lib.makeBinPath [ utillinux runit busybox openssh gzip ];`

			`system.activation =`
			`{ nix-machines =`
			`let`
			`machines = pkgs.writeText "machines"`
			`''`
Upgrade NixNG and add Minecraft module Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-12-12 22:31:33 +01:00			`eu.nixbuild.net x86_64-linux - 100 5 benchmark,big-parallel`
Partial remote builders on Hydra Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-10-18 00:12:01 +02:00			`'';`
			`in`
			`nglib.dag.dagEntryAnywhere`
			`''`
			`export PATH=${pkgs.busybox}/bin`

			`mkdir -p /etc/nix`
			`ln -s ${machines} /etc/nix/machines`
			`'';`
			`ssh =`
			`let`
			`ssh_config = pkgs.writeText "ssh_config"`
			`''`
			`Host eu.nixbuild.net`
			`PubkeyAcceptedKeyTypes ssh-ed25519`
			`IdentityFile /ssh-key`
			`'';`
			`ssh_known_hosts = pkgs.writeText "ssh_known_hosts"`
			`''`
			`eu.nixbuild.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM`
			`'';`
			`in`
			`nglib.dag.dagEntryAnywhere`
			`''`
			`export PATH=${pkgs.busybox}/bin`

			`mkdir -p /etc/ssh`
			`ln -s ${ssh_config} /etc/ssh/ssh_config`
			`ln -s ${ssh_known_hosts} /etc/ssh/ssh_known_hosts`
			`'';`
Upgrade NixNG and add Minecraft module Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-12-12 22:31:33 +01:00			`ssh-key =`
			`nglib.dag.dagEntryAfter ["users"]`
			`''`
			`export PATH=${pkgs.busybox}/bin`

			`cp /secrets/ssh-key /ssh-key`
			`chmod 600 /ssh-key`
			`chown hydra-queue-runner:root /ssh-key`
			`'';`
Partial remote builders on Hydra Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-10-18 00:12:01 +02:00			`};`
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`};`
			`};`
			`};`
			`}`