Merge pull request #20 from nix-community/hydra-20.03

Hydra + 20.03 upgrade
2020-04-17 22:26:28 +00:00 · 2020-04-17 22:26:28 +00:00 · 1dd8adcd62
commit 1dd8adcd62
parent 56d058b2dd 459d67eb6d
11 changed files with 60 additions and 31 deletions
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@ -7,9 +7,8 @@ jobs:
    steps:
    - uses: actions/checkout@v2
    - uses: cachix/install-nix-action@v8
-    - uses: cachix/cachix-action@v5
+    - uses: numtide/cachix-action@only-cache
      with:
        name: nix-community
        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
-        # Only needed for private caches
+    - run: nix-build
        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
--- a/build01/buildkite.nix
+++ b/build01/buildkite.nix
@ -1,17 +1,9 @@
 { pkgs, ... }:
 {
-  services.buildkite-agent = {
+  services.buildkite-agents.ci = {
    enable = true;
    tokenPath = "/run/keys/buildkite-token";
-    openssh.privateKeyPath = builtins.toPath "/run/keys/buildkite-agent-key";
+    privateSshKeyPath = builtins.toPath "/run/keys/buildkite-agent-key";
    openssh.publicKeyPath = builtins.toPath "/run/keys/buildkite-agent-key.pub";
    runtimePackages = [
      pkgs.gnutar
      pkgs.bash
      pkgs.nix
      pkgs.gzip
    ];
  };
 }
--- a/build01/configuration.nix
+++ b/build01/configuration.nix
@ -11,6 +11,7 @@ in
    ./buildkite.nix
    ./gitlab.nix
    ./hydra.nix
    ./hydra-declarative-projects.nix
    ./cache.nix
    ./nixpkgs-update.nix
@ -50,6 +51,9 @@ in
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.supportedFilesystems = [ "zfs" ];
-  system.stateVersion = "19.09";
+  security.acme.email = "trash@nix-community.org";
  security.acme.acceptTerms = true;
  system.stateVersion = "20.03";
 }
--- a/build01/hydra-declarative-projects.nix
+++ b/build01/hydra-declarative-projects.nix
@ -0,0 +1,13 @@
 { lib, pkgs, config, ... }:
 {
  services.hydra.declarativeProjects = {
    emacs-overlay = {
      displayName = "Emacs Overlay";
      inputValue = "https://github.com/nix-community/emacs-overlay";
      specFile = "hydra/spec.json";
      description = "Bleeding edge emacs overlay";
      homepage = "https://github.com/nix-community/emacs-overlay";
    };
  };
 }
--- a/build01/hydra.nix
+++ b/build01/hydra.nix
@ -7,7 +7,7 @@ let
  hydraPort = 3000;
  hydraAdmin = "admin";
-  hydraAdminPasswordFile = "/var/keys/hydra-admin-password";
+  hydraAdminPasswordFile = "/run/keys/hydra-admin-password";
  createDeclarativeProjectScript = pkgs.stdenv.mkDerivation {
    name = "create-declarative-project";
@ -84,7 +84,7 @@ in {
    services.nginx = {
      enable = true;
      virtualHosts = {
-        "hydra.nix-community.com" = {
+        "hydra.nix-community.org" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
@ -138,7 +138,7 @@ in {
      environment = {
        inherit (cfg.systemd.services.hydra-init.environment) HYDRA_DBI;
      };
-      path = with pkgs; [ hydra netcat ];
+      path = with pkgs; [ hydra-unstable netcat ];
      script = ''
        set -e
        export HYDRA_ADMIN_PASSWORD=$(cat ${cfg.services.hydra.adminPasswordFile})
--- a/default.nix
+++ b/default.nix
@ -8,7 +8,7 @@ let
      inherit configuration system;
    };
 in
-  pkgs.nix-community-infra // rec {
+pkgs.nix-community-infra // rec {
-    build01 = importNixOS ./build01/configuration.nix "x86_64-linux";
+  build01 = importNixOS ./build01/configuration.nix "x86_64-linux";
-    build01-system = build01.system;
+  build01-system = build01.system;
-  }
+}
--- a/deployment.nix
+++ b/deployment.nix
@ -1,7 +1,5 @@
 let
-
+  secrets = import ./secrets.nix;
  secrets = import ./secrets;
 in
 {
@ -18,19 +16,19 @@ in
        deployment.keys.buildkite-token = {
          text = secrets.buildkite-token;
-          user = "buildkite-agent";
+          user = "buildkite-agent-ci";
          permissions = "0600";
        };
        deployment.keys.buildkite-agent-key = {
          text = secrets.buildkite-agent-key;
-          user = "buildkite-agent";
+          user = "buildkite-agent-ci";
          permissions = "0600";
        };
        deployment.keys."buildkite-agent-key.pub" = {
          text = secrets."buildkite-agent-key.pub";
-          user = "buildkite-agent";
+          user = "buildkite-agent-ci";
          permissions = "0600";
        };
@ -81,7 +79,7 @@ in
        deployment.keys.github-nixpkgs-swh-key = {
          text = secrets.github-nixpkgs-swh-key;
-          user = "buildkite-agent";
+          user = "buildkite-agent-ci";
          permissions = "0400";
        };
--- a/nix/sources.json
+++ b/nix/sources.json
@ -5,10 +5,10 @@
        "homepage": "https://github.com/NixOS/nixpkgs",
        "owner": "NixOS",
        "repo": "nixpkgs-channels",
-        "rev": "aa561c6fb4f48974639a9e2b76fdd3e15b2abfd4",
+        "rev": "b61999e4ad60c351b4da63ae3ff43aae3c0bbdfb",
-        "sha256": "15p0lbf227l26mvvpqi62nry3h0b249hig9fgpnsl6a3rlp6bj2v",
+        "sha256": "0cggpdks4qscyirqwfprgdl91mlhjlw24wkg0riapk5f2g2llbpq",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs-channels/archive/aa561c6fb4f48974639a9e2b76fdd3e15b2abfd4.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs-channels/archive/b61999e4ad60c351b4da63ae3ff43aae3c0bbdfb.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixpkgs-update": {
--- a/secrets.nix
+++ b/secrets.nix
@ -0,0 +1,23 @@
 with builtins;
 let
  # Copied from <nixpkgs/lib>
  removeSuffix = suffix: str:
    let
      sufLen = stringLength suffix;
      sLen = stringLength str;
    in
    if
      sufLen <= sLen && suffix == substring (sLen - sufLen) sufLen str
    then
      substring 0 (sLen - sufLen) str
    else
      str;
  # Copied from <nixpkgs/lib>
  fileContents = file: removeSuffix "\n" (builtins.readFile file);
  readSecret = name: fileContents (./secrets + "/${name}");
 in
 mapAttrs
  (name: type: if type != "directory" then readSecret name else null)
  (readDir ./secrets)
--- a/secrets/buildkite-token
+++ b/secrets/buildkite-token
--- a/secrets/default.nix
+++ b/secrets/default.nix