mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-25 09:36:14 +01:00
Add the NixNG container for Hydra
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
parent
10feb2f598
commit
e60deab017
|
@ -60,6 +60,7 @@
|
|||
nixng/containers/email/postfix
|
||||
nixng/containers/ds3os
|
||||
nixng/containers/gitea
|
||||
nixng/containers/hydra
|
||||
nixng/containers/syncthing
|
||||
|
||||
overlays/udp-over-tcp.nix
|
||||
|
|
13
nixng/containers/hydra/default.nix
Normal file
13
nixng/containers/hydra/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ inputs, lib, ... }:
|
||||
let
|
||||
callPackage = lib.callPackagesWith {
|
||||
inherit (inputs.nixng.nglib)
|
||||
makeSystem;
|
||||
inherit (inputs)
|
||||
nixpkgs;
|
||||
};
|
||||
in
|
||||
{
|
||||
flake.nixngConfigurations.hydraPostgreSQL = callPackage ./postgresql.nix {};
|
||||
flake.nixngConfigurations.hydra = callPackage ./hydra.nix {};
|
||||
}
|
118
nixng/containers/hydra/hydra.nix
Normal file
118
nixng/containers/hydra/hydra.nix
Normal file
|
@ -0,0 +1,118 @@
|
|||
{ makeSystem
|
||||
, nixpkgs
|
||||
}:
|
||||
makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "nixng-hydra";
|
||||
inherit nixpkgs;
|
||||
config = { pkgs, config, lib, nglib, ... }:
|
||||
{
|
||||
config = {
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = {};
|
||||
};
|
||||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
loadNixDb = true;
|
||||
persistNix = "/nix-persist";
|
||||
config = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
sandbox = true;
|
||||
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
|
||||
substituters = [ "https://cache.nixos.org/" ];
|
||||
ignored-acls = [ "system.nfs4_acl" ];
|
||||
allowed-uris = [
|
||||
"https://gitea.redalder.org"
|
||||
"https://github.com"
|
||||
"https://gitlab.com"
|
||||
"https://git.sr.ht"
|
||||
"https://raw.githubusercontent.com"
|
||||
"https://media.forgecdn.net"
|
||||
];
|
||||
|
||||
builders-use-substitutes = true;
|
||||
builders = "@/etc/nix/machines";
|
||||
};
|
||||
};
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "https://hydra.redalder.org";
|
||||
notificationSender = "hydra@redalder.org";
|
||||
useSubstitutes = true;
|
||||
adjustNiceness = true;
|
||||
|
||||
minimumDiskFree = 200;
|
||||
minimumDiskFreeEvaluator = 100;
|
||||
|
||||
dbiFile = "/local/dbi";
|
||||
};
|
||||
services.socklog = {
|
||||
enable = true;
|
||||
unix = "/dev/log";
|
||||
};
|
||||
|
||||
init.services.pgpass = {
|
||||
script = pkgs.writeShellScript "pgpass" ''
|
||||
ln -nsf /secrets/pgpass /var/lib/hydra/pgpass
|
||||
ln -nsf /secrets/pgpass-www /var/lib/hydra/pgpass-www
|
||||
ln -nsf /secrets/pgpass-queue-runner /var/lib/hydra/pgpass-queue-runner
|
||||
|
||||
chown hydra:hydra /secrets/pgpass
|
||||
chown hydra-www:hydra /secrets/pgpass-www
|
||||
chown hydra-queue-runner:hydra /secrets/pgpass-queue-runner
|
||||
sv down pgpass
|
||||
'';
|
||||
enabled = true;
|
||||
};
|
||||
|
||||
init.services.nix-daemon.environment.PATH = with pkgs; lib.makeBinPath [
|
||||
utillinux
|
||||
runit
|
||||
busybox
|
||||
openssh
|
||||
gzip
|
||||
];
|
||||
|
||||
system.activation =
|
||||
let
|
||||
machines = pkgs.writeText "machines" ''
|
||||
eu.nixbuild.net x86_64-linux - 100 5 benchmark,big-parallel
|
||||
'';
|
||||
nix-machines = nglib.dag.dagEntryAnywhere ''
|
||||
export PATH=${pkgs.busybox}/bin
|
||||
|
||||
mkdir -p /etc/nix
|
||||
ln -s ${machines} /etc/nix/machines
|
||||
'';
|
||||
|
||||
ssh_config = pkgs.writeText "ssh_config" ''
|
||||
Host eu.nixbuild.net
|
||||
PubkeyAcceptedKeyTypes ssh-ed25519
|
||||
IdentityFile /ssh-key
|
||||
'';
|
||||
ssh_known_hosts = pkgs.writeText "ssh_known_hosts" ''
|
||||
eu.nixbuild.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM
|
||||
'';
|
||||
ssh = nglib.dag.dagEntryAnywhere ''
|
||||
export PATH=${pkgs.busybox}/bin
|
||||
|
||||
mkdir -p /etc/ssh
|
||||
ln -s ${ssh_config} /etc/ssh/ssh_config
|
||||
ln -s ${ssh_known_hosts} /etc/ssh/ssh_known_hosts
|
||||
'';
|
||||
|
||||
ssh-key = nglib.dag.dagEntryAfter ["users"] ''
|
||||
export PATH=${pkgs.busybox}/bin
|
||||
|
||||
cp /secrets/ssh-key /ssh-key
|
||||
chmod 600 /ssh-key
|
||||
chown hydra-queue-runner:root /ssh-key
|
||||
'';
|
||||
in
|
||||
{
|
||||
inherit ssh-key ssh nix-machines;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
41
nixng/containers/hydra/postgresql.nix
Normal file
41
nixng/containers/hydra/postgresql.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ makeSystem
|
||||
, nixpkgs
|
||||
}:
|
||||
let
|
||||
inherit (nixpkgs.lib)
|
||||
singleton;
|
||||
in
|
||||
makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "nixng-hydra-postgresql";
|
||||
inherit nixpkgs;
|
||||
config = { pkgs, config, ... }:
|
||||
{
|
||||
config = {
|
||||
dumb-init = {
|
||||
enable = true;
|
||||
type.services = {};
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_12;
|
||||
|
||||
initialScript = "/secrets/init.sql";
|
||||
enableTCPIP = true;
|
||||
|
||||
authentication = "host all all all md5";
|
||||
|
||||
ensureDatabases = [ "hydra" ];
|
||||
ensureExtensions = {
|
||||
"pg_trgm" = [ "hydra" ];
|
||||
};
|
||||
ensureUsers = singleton {
|
||||
name = "hydra";
|
||||
ensurePermissions = {
|
||||
"DATABASE \"hydra\"" = "ALL PRIVILEGES";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue