fuuko: Add hydra

This commit is contained in:
Simon Bruder 2021-03-06 16:25:45 +01:00
parent d72ce259cc
commit dc1698ffaa
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
2 changed files with 53 additions and 0 deletions

View file

@ -12,6 +12,7 @@
./services/gitea.nix ./services/gitea.nix
./services/grafana.nix ./services/grafana.nix
./services/hedgedoc.nix ./services/hedgedoc.nix
./services/hydra.nix
./services/matrix ./services/matrix
./services/media-backup.nix ./services/media-backup.nix
./services/media.nix ./services/media.nix

View file

@ -0,0 +1,52 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.hydra;
in
{
services.hydra = {
enable = true;
listenHost = "127.0.0.1";
port = 3003;
hydraURL = "https://hydra.sbruder.de";
notificationSender = "hydra@sbruder.de";
buildMachinesFiles = [
(pkgs.writeText "hydra-build-machines" ''
# hostname system sshKey maxJobs speedFactor mandatory+supportedFeatures mandatoryFeatures
localhost x86_64-linux - 4 1 kvm,nixos-test
'')
];
useSubstitutes = true;
minimumDiskFreeEvaluator = 10;
minimumDiskFree = 10;
extraConfig = ''
store_uri = file:///data/cache/nix-binary-cache?secret-key=${config.sops.secrets.binary-cache-secret-key.path}
upload_logs_to_binary_cache = true
'';
};
sops.secrets.binary-cache-secret-key.owner = "hydra-queue-runner";
systemd.services.hydra-queue-runner.serviceConfig = {
SupplementaryGroups = lib.singleton "keys";
Nice = 10;
IOSchedulingPriority = 5;
};
# Hydra uses restricted eval, which by default does not work with flakes that
# use git+https inputs
nix.extraOptions = ''
allowed-uris = https://git.sbruder.de/
'';
services.nginx.virtualHosts."hydra.sbruder.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${cfg.listenHost}:${toString cfg.port}";
};
};
}