nixos-config/machines/fuuko/services/hydra.nix

{ config, lib, pkgs, ... }:
let
  cfg = config.services.hydra;
in
{
  services.hydra = {
    enable = true;
    listenHost = "127.0.0.1";
    port = 3003;
    hydraURL = "https://hydra.sbruder.de";
    notificationSender = "hydra@sbruder.de";
    buildMachinesFiles = [
      (pkgs.writeText "hydra-build-machines" ''
        # hostname system sshKey maxJobs speedFactor mandatory+supportedFeatures mandatoryFeatures
        localhost x86_64-linux - 4 1 kvm,nixos-test
      '')
    ];
    useSubstitutes = true;

    minimumDiskFreeEvaluator = 10;
    minimumDiskFree = 10;

    extraConfig = ''
      store_uri = file:///data/cache/nix-binary-cache?secret-key=${config.sops.secrets.binary-cache-secret-key.path}

      upload_logs_to_binary_cache = true
    '';
  };

  sops.secrets.binary-cache-secret-key.owner = "hydra-queue-runner";
  systemd.services.hydra-queue-runner.serviceConfig = {
    SupplementaryGroups = lib.singleton "keys";

    Nice = 10;
    IOSchedulingPriority = 5;
  };

  # Hydra uses restricted eval, which by default does not work with flakes that
  # use git+https inputs
  nix.extraOptions = ''
    allowed-uris = https://git.sbruder.de/
  '';

  services.nginx.virtualHosts."hydra.sbruder.de" = {
    enableACME = true;
    forceSSL = true;

    locations."/" = {
      proxyPass = "http://${cfg.listenHost}:${toString cfg.port}";
    };
  };
}
fuuko: Add hydra 2021-03-06 16:25:45 +01:00			`{ config, lib, pkgs, ... }:`
			`let`
			`cfg = config.services.hydra;`
			`in`
			`{`
			`services.hydra = {`
			`enable = true;`
			`listenHost = "127.0.0.1";`
			`port = 3003;`
			`hydraURL = "https://hydra.sbruder.de";`
			`notificationSender = "hydra@sbruder.de";`
			`buildMachinesFiles = [`
			`(pkgs.writeText "hydra-build-machines" ''`
			`# hostname system sshKey maxJobs speedFactor mandatory+supportedFeatures mandatoryFeatures`
			`localhost x86_64-linux - 4 1 kvm,nixos-test`
			`'')`
			`];`
			`useSubstitutes = true;`

			`minimumDiskFreeEvaluator = 10;`
			`minimumDiskFree = 10;`

			`extraConfig = ''`
			`store_uri = file:///data/cache/nix-binary-cache?secret-key=${config.sops.secrets.binary-cache-secret-key.path}`

			`upload_logs_to_binary_cache = true`
			`'';`
			`};`

			`sops.secrets.binary-cache-secret-key.owner = "hydra-queue-runner";`
			`systemd.services.hydra-queue-runner.serviceConfig = {`
			`SupplementaryGroups = lib.singleton "keys";`

			`Nice = 10;`
			`IOSchedulingPriority = 5;`
			`};`

			`# Hydra uses restricted eval, which by default does not work with flakes that`
			`# use git+https inputs`
			`nix.extraOptions = ''`
			`allowed-uris = https://git.sbruder.de/`
			`'';`

			`services.nginx.virtualHosts."hydra.sbruder.de" = {`
			`enableACME = true;`
			`forceSSL = true;`

			`locations."/" = {`
			`proxyPass = "http://${cfg.listenHost}:${toString cfg.port}";`
			`};`
			`};`
			`}`