nglib: let inherit (nglib "x86_64-linux") makeSystem; in { postgresql = makeSystem { system = "x86_64-linux"; name = "nixng-hydra-postgresql"; config = { pkgs, config, ... }: { config = { dumb-init = { enable = true; type.services = {}; }; services.postgresql = { enable = true; package = pkgs.postgresql_12; initialScript = "/secrets/init.sql"; enableTCPIP = true; authentication = "host all all all md5"; ensureDatabases = [ "hydra" ]; ensureExtensions = { "pg_trgm" = [ "hydra" ]; }; ensureUsers = [ { name = "hydra"; ensurePermissions = { "DATABASE \"hydra\"" = "ALL PRIVILEGES"; }; } ]; }; }; }; }; hydra = makeSystem { system = "x86_64-linux"; name = "nixng-hydra"; config = { pkgs, config, ... }: { config = { dumb-init = { enable = true; type.services = {}; }; nix = { package = pkgs.nixFlakes.override { src = pkgs.fetchFromGitHub { owner = "MagicRB"; repo = "nix"; rev = "a02c34500960b8bc18fe1bdc1431ea252573a5cf"; sha256 = "sha256-6VbjvNIDxPdjA+FcY2Kh1vSh8RJ7ubezqprTy81lq9U="; }; }; loadNixDb = true; overlayNix = "/nix-persist"; config = { experimental-features = [ "nix-command" "flakes" ]; sandbox = true; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; substituters = [ "https://cache.nixos.org/" ]; ignored-acls = [ "system.nfs4_acl" ]; }; }; services.hydra = { enable = true; hydraURL = "https://hydra.redalder.org"; notificationSender = "hydra@redalder.org"; useSubstitutes = true; dbiFile = "/local/dbi"; }; services.socklog = { enable = true; unix = "/dev/log"; }; init.services.pgpass = { script = pkgs.writeShellScript "pgpass" '' ln -nsf /secrets/pgpass /var/lib/hydra/pgpass ln -nsf /secrets/pgpass-www /var/lib/hydra/pgpass-www ln -nsf /secrets/pgpass-queue-runner /var/lib/hydra/pgpass-queue-runner chown hydra:hydra /secrets/pgpass chown hydra-www:hydra /secrets/pgpass-www chown hydra-queue-runner:hydra /secrets/pgpass-queue-runner sv down pgpass ''; enabled = true; }; }; }; }; }